diff options
Diffstat (limited to 'docs/htmldocs/using_samba/ch05.html')
| -rw-r--r-- | docs/htmldocs/using_samba/ch05.html | 1779 |
1 files changed, 1779 insertions, 0 deletions
diff --git a/docs/htmldocs/using_samba/ch05.html b/docs/htmldocs/using_samba/ch05.html new file mode 100644 index 0000000000..07a65cd08a --- /dev/null +++ b/docs/htmldocs/using_samba/ch05.html @@ -0,0 +1,1779 @@ +<html> +<body bgcolor="#ffffff"> + +<img src="samba2_xs.gif" border="0" alt=" " height="100" width="76" +hspace="10" align="left" /> + +<h1 class="head0">Chapter 5. Unix Clients</h1> + +<p><a name="INDEX-1"/>In <a href="ch03.html">Chapter 3</a> we showed you how to configure Windows systems +to access shared resources on both Windows and Samba servers. This +has probably opened up a whole new world of computing for +you—one in which you have to run to a Windows system every time +you want to copy a file between Unix and Windows! In this chapter, we +will show you the "other +side"—how to access SMB shares from your +favorite Unix system.</p> + +<p>You can access SMB resources from Unix in three ways, depending on +your version of Unix. A program included with the Samba distribution +called <em class="emphasis">smbclient</em><a name="INDEX-2"/> can be used to connect with a share on +the network in a manner similar to using <em class="emphasis">ftp</em> +when transferring files to or from an FTP site.</p> + +<p>If your system is running Linux, you can use the +<a name="INDEX-3"/>smbfs +filesystem to mount SMB shares right onto your Linux filesystem, just +as you would mount a disk partition or NFS filesystem. The SMB shares +can then be accessed and manipulated by all programs running on the +Linux system: command shells, desktop GUI interfaces, and application +software.</p> + +<p>On some BSD-based systems, including Mac OS X, a pair of utilities +named <em class="emphasis">smbutil</em> <a name="INDEX-4"/>and <em class="emphasis">mount_smbfs</em> +<a name="INDEX-5"/>can be used to query SMB servers and +mount shares.</p> + +<p>For other Unix variants, +<em class="emphasis">smbsh</em><a name="INDEX-6"/> can be run to enable common shell +commands such as <em class="emphasis">cd</em>, <em class="emphasis">ls</em>, +<em class="emphasis">mv, wc</em>, and <em class="emphasis">grep</em> to access +and manipulate files and directories on SMB shares. This effectively +extends the reach of the Unix shell and utilities beyond the Unix +filesystem and into the SMB network.</p> + +<p>All the Unix clients can access shares offered by either Windows +systems or Samba servers. We have already shown you how to set up a +share on a Samba server and could use that as an example to work +with. But it's much more fun to use the Unix clients +with shares served by Windows systems. So before we start covering +the Unix clients in detail, we will take a quick detour and show you +how to set up file shares on both Windows 95/98/Me and Windows +NT/2000/XP systems.</p> + + +<div class="sect1"><a name="samba2-CHP-5-SECT-1"/> + +<h2 class="head1">Sharing Files on Windows 95/98/Me</h2> + +<p>When <a name="INDEX-7"/><a name="INDEX-8"/>sharing files on Windows 95/98/Me, you +can authenticate users in two different ways. +<a name="INDEX-9"/><a name="INDEX-10"/>Share-level security is the default +and is easy to use. However, it is not as secure and can require +users to type in passwords when connecting to shares. User-level +security offers a better security model and can be used if you have +either a Samba or Windows NT/2000 server on your network performing +user authentication.</p> + +<p>To configure the type of access control for your system, open the +Control Panel, double-click the Network icon, then click the Access +Control tab. You should see the dialog box shown in <a href="ch05.html#samba2-CHP-5-FIG-1">Figure 5-1</a>.</p> + +<div class="figure"><a name="samba2-CHP-5-FIG-1"/><img src="figs/sam2_0501.gif"/></div><h4 class="head4">Figure 5-1. The Access Control tab of the Windows 98 Network Control Panel window</h4> + +<p>Click the "Share-level access +control" or "User-level access +control" radio button, depending on which you want +to use. When using user-level access control, you will also need to +fill in the name of your workgroup or Windows NT domain. Reboot as +requested.</p> + +<p>To share a folder, right-click the folder's icon and +select Sharing . . . . This will open the Sharing tab of the +folder's Properties dialog box. Click the +"Shared As:" radio button, and fill +in a name for the share (which defaults to the +folder's name) and a description, which will be +visible to client users. If you don't want the share +to be visible in the Network Neighborhood view of other Windows +clients, pick a name for the share that ends in a dollar sign +(<tt class="literal">$</tt>).</p> + +<p><a href="ch05.html#samba2-CHP-5-FIG-2">Figure 5-2</a> shows what the Sharing tab of the +folder's Properties dialog box will look like when +using share-level security. The security settings are very simple. +You can select a radio button for read-only access or full +(read/write) access, or have the user's permissions +(either read-only or read/write) depend on which password they use. +In accordance with which you select, you will be asked to assign +either or both of the read-only and full-access passwords for the +share.</p> + +<div class="figure"><a name="samba2-CHP-5-FIG-2"/><img src="figs/sam2_0502.gif"/></div><h4 class="head4">Figure 5-2. The Sharing tab of the folder's Properties dialog, with share-level security</h4> + +<p>If your system is configured with user-level security, the Sharing +tab of the folder's Properties dialog box will look +like <a href="ch05.html#samba2-CHP-5-FIG-3">Figure 5-3</a>. As you can see, +we've created a share named +"DATA", and used the Add . . . +button to create permissions that allow read-only access for all +domain users and read/write (full access) for <tt class="literal">jay</tt>.</p> + +<div class="figure"><a name="samba2-CHP-5-FIG-3"/><img src="figs/sam2_0503.gif"/></div><h4 class="head4">Figure 5-3. The Sharing tab of the folder Properties dialog, with user-level security</h4> + +<p>When you are done specifying your settings for the share, click on +the OK button, and the share will become available to users on +network clients. Unless you chose a share name ending in a dollar +sign, you can see it in the Network Neighborhood or My Network Places +of Windows clients on the network. You can also now use the Unix +clients described in this chapter to connect to the share.</p> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-5-SECT-2"/> + +<h2 class="head1">Sharing Files on Windows NT/2000/XP</h2> + +<p>To create a file share on <a name="INDEX-11"/><a name="INDEX-12"/><a name="INDEX-13"/><a name="INDEX-14"/>Windows NT/2000/XP, you first must +log in to the system as any member of the Administrators, Power +Users, or Server Operators groups. Right-click the icon of a folder +you wish to share, and click Sharing . . . in the pop-up menu. The +Sharing tab of the folder's Properties dialog box +will appear, as shown in <a href="ch05.html#samba2-CHP-5-FIG-4">Figure 5-4</a>. Click the +"Share this folder" radio button.</p> + +<div class="figure"><a name="samba2-CHP-5-FIG-4"/><img src="figs/sam2_0504.gif"/></div><h4 class="head4">Figure 5-4. The Sharing tab of the folder's Properties dialog on Windows 2000</h4> + +<p>Share name: will default to the name of the folder, and you can +change it if you want. One reason you might want to use a different +name for the share is to make the share not appear in browse lists +(as displayed by the Network Neighborhood, for example). This can be +done by using a share name ending in a dollar sign +(<tt class="literal">$</tt>). You can also add a description of the share +in the Comment: text area. The description will appear to users of +network clients and can help them understand the contents of the +share.</p> + +<p><a name="INDEX-15"/><a name="INDEX-16"/><a name="INDEX-17"/><a name="INDEX-18"/><a name="INDEX-19"/>By clicking the Permissions button, +you can set permissions for the share on a user-by-user basis. This +is equivalent to the user-level security of Windows 95/98/Me file +sharing. On Windows NT/2000/XP, Microsoft recommends that share +permissions be set to allow full access by everyone, with the +permissions controlled on a file-by-file basis using filesystem +access control lists +(<a name="INDEX-20"/>ACLs). The actual permissions given +to network clients are a combination of the share permissions and +file access permissions. To edit the ACL for the folder, click the +Security tab. For more information on ACLs, see <a href="ch08.html#samba2-CHP-8-SECT-3">Section 8.3</a> in <a href="ch08.html">Chapter 8</a>.</p> + +<p>If you want, you can limit the number of users who can concurrently +connect to the share using the "User +limit:" radio button. The New Share button allows +you to create multiple file shares for the same folder, each having +its own name, comment, user limit, and other parameters.</p> + +<p>When you are done, click the OK button, and the folder will be +accessible from clients on the network.</p> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-5-SECT-3"/> + +<h2 class="head1">smbclient</h2> + +<p>The Samba Team supplies <em class="emphasis">smbclient</em><a name="INDEX-21"/> as a basic part of the Samba suite. At +first, it might seem to be a primitive interface to the SMB network, +but <em class="emphasis">smbclient</em> is actually a versatile tool. It +can be used for browsing shares on servers, testing configurations, +debugging, accessing shared printers, backing up shared data, and +automating administrative tasks in shell scripts. And unlike +<tt class="literal">smbfs</tt><a name="INDEX-22"/><a name="INDEX-23"/><a name="INDEX-24"/> and <em class="emphasis">smbsh</em>, +<em class="emphasis">smbclient</em> works on all Unix variants that +support Samba.</p> + +<p>In this chapter we'll focus mostly on running +<em class="emphasis">smbclient</em> as an interactive shell, using its +<em class="emphasis">ftp</em>-like commands to access shared directories +on the network. Using <em class="emphasis">smbclient</em> to access +printers and perform backups will be covered in <a href="ch10.html">Chapter 10</a>.</p> + +<p>A complete reference to <em class="emphasis">smbclient</em> is found in +<a href="appc.html">Appendix C</a>.</p> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-3.1"/> + +<h3 class="head2">Listing Services</h3> + +<p><a name="INDEX-25"/>The <em class="emphasis">-L</em> option +can be used with <em class="emphasis">smbclient</em> to list the resources +on a single computer. Assuming the Samba server is configured to take +the role of the master browser, we can obtain a list of the computers +in the domain or workgroup like this:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L toltec</b></tt> +added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0 +Password: +Domain=[METRAN] OS=[Unix] Server=[Samba 2.2.5] + + Sharename Type Comment + --------- ---- ------- + test Disk For testing only, please + IPC$ IPC IPC Service (Samba 2.2.5) + ADMIN$ Disk IPC Service (Samba 2.2.5) + + Server Comment + --------- ------- + MAYA Windows 98 + MIXTEC Samba 2.2.5 + TOLTEC Samba 2.2.5 + ZAPOTEC + + Workgroup Master + --------- ------- + METRAN TOLTEC</pre></blockquote> + +<p>In the column labeled "Server", +<tt class="literal">maya</tt>, <tt class="literal">mixtec</tt>, and +<tt class="literal">zapotec</tt> are shown along with toltec, the Samba +server. The services on <tt class="literal">toltec</tt> are listed under +"Sharename". The IPC$ and ADMIN$ +shares are standard Windows services that are used for network +communication and administrative purposes, and +<em class="filename">test</em> is the directory we added as a share in +<a href="ch02.html">Chapter 2</a>.</p> + +<p>Now that we know the names of computers in the domain, we can list +services on any of those computers. For example, here is how we would +list the services offered by <tt class="literal">maya</tt>, a Windows 98 +workstation:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient -L maya</b></tt> +added interface ip=172.16.1.1 bcast=172.16.1.255 nmask=255.255.255.0 +Password: + + + Sharename Type Comment + --------- ---- ------- + PRINTER$ Disk + HP Printer HP 932C on Maya + D Disk D: on Maya + E Disk E: on Maya + + ADMIN$ Disk + IPC$ IPC Remote Inter Process Communication + + Server Comment + --------- ------- + + Workgroup Master + --------- -------</pre></blockquote> + +<p>A shared printer is attached to <tt class="literal">maya</tt>, so we see +the PRINTER$ administrative service, along with the HP share for the +printer itself. Also on <tt class="literal">maya</tt> are the D and E +shares, which allow access across the network to +<tt class="literal">maya</tt>'s D: and E: drives. It is +normal for the Server and Workgroup sections to be empty when listing +services on a Windows client.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-3.2"/> + +<h3 class="head2">Authenticating with smbclient</h3> + +<p><a name="INDEX-26"/>As with any other SMB client, +<em class="emphasis">smbclient</em> needs to supply a username and +password if it is authenticating in a domain environment or if it is +contacting a Samba server that is set up with user-level security. In +a workgroup environment, it will at least need a password to use when +connecting with a password-protected resource.</p> + +<p>By default, <em class="emphasis">smbclient</em> uses the username of the +user who runs it and then prompts for a password. If you are using +<em class="emphasis">smbclient</em> a lot, you might tire of entering your +password every time.</p> + +<p><em class="emphasis">smbclient</em> supports some alternate methods of +entering a username and password. The password can be entered on the +command line, like this:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e jayspassword</b></tt></pre></blockquote> + +<p>Or both the username and password can be supplied by using the +<em class="emphasis">-U</em> option, including the username and password +separated by a percent (<tt class="literal">%</tt>) character:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -U kelly%kellyspassword</b></tt></pre></blockquote> + +<p>This method is useful if you are logged in to the system under an +account that is not Samba-enabled or you are testing your +configuration to see how it treats another user. With either method, +you can avoid having to enter the username and/or password each time +you run <em class="emphasis">smbclient</em> by creating an alias for the +command or creating a shell function or shell script. For example, +with the <em class="emphasis">bash</em> shell, it is possible to define a +function like this:</p> + +<blockquote><pre class="code">smbcl( ) +{ + smbclient $* -U jay%jayspassword +}</pre></blockquote> + +<p>Adding the definition to the shell's startup script +(which would be <em class="filename">~/.bash_profile</em> for +<em class="emphasis">bash</em>) would result in the definition affecting +all subsequent shell invocations.</p> + +<p>Another method that can be used to supply both the username and +password is to set the USER and <a name="INDEX-27"/><a name="INDEX-28"/>PASSWD environment variables. Either +set the USER environment variable using the +<em class="replaceable">username</em>%<em class="replaceable">password</em> +format, or set the USER environment variable to the username, and set +PASSWD to the user's password.</p> + +<p>It is also possible to create a credentials file containing the +username on the first line and the password on the second line, like +this:</p> + +<blockquote><pre class="code">username = jay +password = jayspassword</pre></blockquote> + +<p>Then, <em class="emphasis">smbclient</em> is run using the +<em class="emphasis">-A</em> option to specify the name of the file:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -A ~/.smbpw</b></tt></pre></blockquote> + +<a name="samba2-CHP-5-NOTE-120"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> +<p>Of the methods we described in this section, the only one that is +really secure is the default method of allowing +<em class="emphasis">smbclient</em><a name="INDEX-29"/> to +prompt for the password and typing in the password without echoing.</p> + +<p>If security is a concern, you definitely should avoid providing your +password on the command line because it is very easy for +"shoulder surfers" to obtain, as +well as anyone who looks through your shell's +command history.</p> + +<p>If you keep your Samba password in a credentials file, shell startup +file, or shell script, make sure the file's +permissions prohibit other users from reading or writing it. (Use an +octal permissions mode of 0600.) Security experts never keep +passwords in files owned by nonroot users or accessible by anyone +other than the superuser. As part of their security policy, some +organizations do not permit passwords to be stored in files, so you +might want to check first before using this method.</p> + +<p>The authentication method that uses the USER and PASSWD environment +variables isn't any more secure. Environment +variables are usually set either on the command line or in one or +more of the shell's startup files, so this method +suffers from the same weaknesses we've just +discussed. In addition, any program run by the user has access to the +shell's environment variables, making a Trojan horse +attack on the PASSWD variable really easy!</p> +</blockquote> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-3.3"/> + +<h3 class="head2">An Interactive smbclient Session</h3> + +<p><a name="INDEX-30"/>A common use for +<em class="emphasis">smbclient</em> is to use it as an +<em class="emphasis">ftp</em>-like shell to access SMB resources on the +network. To begin a session, <em class="emphasis">smbclient</em> must be +provided with the UNC of a resource (which you can find using the +<em class="emphasis">-L</em> option) on the command line, like this:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e</b></tt> +added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0 +Password: +smb: \></pre></blockquote> + +<p>Forward slashes are accepted by <em class="emphasis">smbclient</em> for +the share's UNC, which makes entering the UNC on the +command line easier. Backslashes can also be used, but they must be +quoted or escaped, and it is somewhat more difficult to type +'<tt class="literal">\\maya\e</tt>' or <tt class="literal">\\\\maya\\e</tt>. +After connecting to the share, <em class="emphasis">smbclient</em> +displays the <tt class="literal">smb: \></tt> prompt, waiting for a +command to be entered. Commands are similar to those with which you +might be familiar in <em class="emphasis">ftp</em> and are also somewhat +similar to Unix shell commands. To get a list of +<em class="emphasis">smbclient</em><a name="INDEX-31"/> commands, use the +<em class="emphasis">help</em> command:</p> + +<blockquote><pre class="code">smb: \> <tt class="userinput"><b>help</b></tt> +ls dir du lcd cd +pwd get mget put mput +rename more mask del open +rm mkdir md rmdir rd +prompt recurse translate lowercase print +printmode queue cancel quit q +exit newer archive tar blocksize +tarmode setmode help ? history +!</pre></blockquote> + +<p>Some commands in the previous list are synonyms for other commands. +For example, the <em class="emphasis">?</em> command is a synonym for +<em class="emphasis">help</em>. You can give this command the name of +another command as an argument to get a concise reminder of what the +command does and how to use it:</p> + +<blockquote><pre class="code">smb: \> <tt class="userinput"><b>? ls</b></tt> +HELP ls: + <mask> list the contents of the current directory</pre></blockquote> + +<p>The term <tt class="literal"><mask></tt> refers to a file-matching +pattern as commonly found in Unix shells and utilities. For example:</p> + +<blockquote><pre class="code">smb: \> <tt class="userinput"><b>ls *doc</b></tt> + ms-ProfPol-wp.doc A 131 Tue Dec 18 09:12:34 2002 + smbclient.doc A 33969 Mon Dec 10 20:22:24 2002 + smbmount.doc A 7759 Mon Dec 10 20:20:00 2002 + + 48590 blocks of size 524288. 40443 blocks available</pre></blockquote> + +<p>lists all files ending in "doc" in +the current directory on the remote system. In the listing, the +leftmost column shows the filename. Moving left to right, we see the +file's MS-DOS attributes, then its size, and the +time it was last modified.</p> + +<p>As with any other Unix utility, <em class="emphasis">smbclient</em> has a +working directory on the local host. It also has another current +directory on the remote SMB share. With +<em class="citetitle">smbclient</em>, the <em class="emphasis">cd</em> command +is used to move around on the remote system:</p> + +<blockquote><pre class="code">smb: \> <tt class="userinput"><b>cd trans </b></tt> +smb: \trans\></pre></blockquote> + +<p>Notice how the prompt changes to reflect the new current working +directory. To change your current directory on the local system, use +the <em class="emphasis">lcd</em> command:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>lcd /u/snd</b></tt> +the local directory is now /u/snd</pre></blockquote> + +<p>Most of <em class="emphasis">smbclient</em>'s commands +are for performing operations on remote files and directories. There +is no command for listing the contents of the local directory. +However, <em class="emphasis">smbclient</em> allows a shell escape. Any +command preceded by an exclamation point (<tt class="literal">!</tt>) is +interpreted as a shell command and is run in a subshell on the local +system. For example:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>! ls -l</b></tt> +total 16 +drwxrwxr-x 2 jay jay 4096 Jan 10 14:46 dr220-fet +drwxrwxr-x 2 jay jay 4096 Sep 22 12:16 dr220-tube +-rw-rw-r-- 1 jay jay 131 Jan 10 02:22 readme.txt +drwxrwxr-x 7 jay jay 4096 Jan 10 02:19 xl1</pre></blockquote> + +<p>lists the contents of <em class="filename">/u/snd</em>. By using +<em class="emphasis">smbclient</em>'s commands to operate +on the remote system—and shell-escaped commands to operate on +the local system—it is possible to manipulate data on both +systems without having to exit <em class="emphasis">smbclient</em> or open +another shell window.</p> + +<p><a name="INDEX-32"/><a name="INDEX-33"/>File transfer is performed using +the <em class="emphasis">get</em> and +<em class="emphasis">put</em><a name="INDEX-34"/><a name="INDEX-35"/> commands. The <em class="emphasis">get</em> +command transfers a single file from the remote to the local system, +and the <em class="emphasis">put</em> command copies a file from the local +to the remote system. For example, the following command copies the +file <em class="filename">readme.txt</em> to the SMB share:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>put readme.txt</b></tt> +putting file readme.txt as \trans\readme.txt (127.9 kb/s) (average 10.7 kb/s)</pre></blockquote> + +<a name="samba2-CHP-5-NOTE-121"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> +<p>Unlike <em class="emphasis">ftp</em>, <em class="emphasis">smbclient</em> does +not have <em class="emphasis">ascii</em> and <em class="emphasis">binary</em> +commands to set the type of the file that is being transferred. +Before transferring a text file from a Unix system to a Windows or +Macintosh system, you might want to use the GNU +<em class="emphasis">unix2dos</em><a name="INDEX-36"/> command to reformat newlines in the +file to work with the carriage return linefeed (CRLF) standard:</p> + + +<blockquote><pre class="code">$ <tt class="userinput"><b>unix2dos text_file >text_file.txt</b></tt></pre></blockquote> + + +<p>and then transfer the CRLF-formatted version. After transferring a +text file from a Windows or Macintosh system to Unix, you can use the +GNU <em class="emphasis">dos2unix</em><a name="INDEX-37"/> command to perform the inverse +operation:</p> + + +<blockquote><pre class="code">$ <tt class="userinput"><b>dos2unix text_file.txt >text_file</b></tt></pre></blockquote> +</blockquote> + +<p>To transfer more than one file with a single command, you can use the +<em class="emphasis">mget</em><a name="INDEX-38"/><a name="INDEX-39"/> and <em class="emphasis">mput</em> commands, +which accept a list of filenames in the command line. The list can be +provided by typing in the filenames on the command line separated by +spaces, or the group of files can be specified with a pattern as one +would use in Unix shell commands. The command:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget plain/*</b></tt></pre></blockquote> + +<p>copies all the files in the directory <em class="filename">plain</em> on +the SMB share to the current directory on the local system. By +default, <em class="emphasis">smbclient</em> prompts for each file, asking +if you want to copy it:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget plain/*</b></tt> +Get file tomm.wav? n +Get file toml.wav? n +Get file tomh.wav? n +Get file snare.wav? n +Get file rim.wav? n +Get file handclap.wav? n +Get file bassdrum.wav? n</pre></blockquote> + +<p>If you are sure you want to copy all the files, you can turn off +prompting with the <em class="emphasis">prompt</em> command, like this:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>prompt</b></tt> +prompting is now off</pre></blockquote> + +<p>By default, if you specify the name of a directory, +<em class="emphasis">smbclient</em> will not copy the contents of the +directory. To transfer the entire contents of directories listed in +the <em class="emphasis">mput</em> or <em class="emphasis">mget</em> command, +you must first use the <em class="emphasis">recurse</em> command:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>recurse</b></tt> +directory recursion is now on</pre></blockquote> + +<p>After setting things up with the +<em class="emphasis">prompt</em><a name="INDEX-40"/><a name="INDEX-41"/> and <em class="emphasis">recurse</em> +commands, we can copy a directory like this:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>mget acc</b></tt> +getting file tomm.wav of size 55494 as tomm.wav (2580.6 kb/s) (average 2087.3 kb/s) +getting file toml.wav of size 57220 as toml.wav (2660.9 kb/s) (average 2167.6 kb/s) +getting file tomh.wav of size 55936 as tomh.wav (2601.2 kb/s) (average 2220.8 kb/s) +getting file snare.wav of size 22132 as snare.wav (1200.7 kb/s) (average 2123.7 kb/s) +getting file rim.wav of size 8314 as rim.wav (1623.8 kb/s) (average 2110.8 kb/s) +getting file handclap.wav of size 14180 as handclap.wav (1978.2 kb/s) (average 2106.2 +kb/s) +getting file bassdrum.wav of size 6950 as bassdrum.wav (2262.3 kb/s) (average 2108.5 +kb/s)</pre></blockquote> + +<p><a name="INDEX-42"/>Directory recursion applies to all +commands, so if an <em class="emphasis">ls</em> command is used while +directory recursion is on, all files in the directory tree are +listed. To turn directory recursion off again, simply re-enter the +command. At the same time, you might also wish to toggle prompting +back to its initial state:</p> + +<blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>recurse</b></tt> +directory recursion is now off +smb: \trans\> <tt class="userinput"><b>prompt</b></tt> +prompting is now on</pre></blockquote> + +<p>There are other <em class="emphasis">smbclient</em> commands that you +might find useful. The <em class="emphasis">mkdir</em> command can be used +to create a directory; <em class="emphasis">rmdir</em> removes a +directory; <em class="emphasis">rm</em> deletes a file; and +<em class="emphasis">rename</em> changes a file's name. +These behave very similarly to their Unix shell counterparts. <a href="appc.html">Appendix C</a> contains a complete reference to +<em class="emphasis">smbclient</em> and its command set.</p> + +<p>To exit <em class="emphasis">smbclient</em>, use the +<em class="emphasis">exit</em> or <em class="emphasis">quit</em> command:</p> + +<a name="INDEX-43"/><blockquote><pre class="code">smb: \trans\> <tt class="userinput"><b>quit </b></tt></pre></blockquote> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-3.4"/> + +<h3 class="head2">Programming with smbclient</h3> + +<p><a name="INDEX-44"/>The <em class="emphasis">-c</em> option +<em class="emphasis">of smbclient</em> allows a list of commands to be +passed on the command line. To copy the file +<em class="filename">\\maya\e\trans\readme.txt</em> to +<em class="filename">/u/snd/readme.txt</em>, we might use the command:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbclient //maya/e -c "lcd /u/snd; cd trans; get readme.txt" -A ~/.smbpw</b></tt></pre></blockquote> + +<p>Everything that <em class="emphasis">smbclient</em> needs to know to +perform the operation has been specified in the command. There is no +interactive session, so a command such as this can be placed inside a +shell script or a program in some other programming language.</p> + +<p>By using <em class="emphasis">smbclient</em> in this manner, it is +possible to create customized commands using shell functions, scripts +or aliases. For example, suppose we wanted a command to print a short +listing of files in a shared directory, showing just the names of the +files. Using a <em class="emphasis">bash</em> function, we could define a +command <em class="emphasis">smbls</em> as follows:</p> + +<blockquote><pre class="code">smbls( ) +{ + share=`echo $1 | cut -d '/' -f '1-4'` + dir=`echo $1 | cut -d '/' -f '5-'` + smbclient $share -c "cd $dir; ls" -A ~/.smbpw | \ + grep "^ " | cut -d ' ' -f 3 - | sort +}</pre></blockquote> + +<p>After defining this function, we can use <em class="emphasis">smbls</em> +like this:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbls //maya/e</b></tt> +CD-images +lectures +ms-ProfPol-wp.doc +profile-map +readme.txt +RECYCLED +smbclient.doc +smbmount.doc +smbsh.txt +trans +$ <tt class="userinput"><b>smbls //maya/e/lectures</b></tt> +. +.. +lecture1.mp3 +lecture2.mp3 +lecture3.mp3 +lecture4.mp3 +lecture5.mp3 +lecture6.mp3 +lecture7.mp3 +lecture8.mp3 +lecture9.mp3</pre></blockquote> + +<p>Another use for <em class="emphasis">smbclient</em> in scripts is +performing administrative tasks. Suppose a group of users on Windows +clients are sharing a set of files as part of a project on which they +are working. Instead of expecting them to coordinate making daily +backups, we could write a script that copies the share to the Samba +server and run the script nightly as a cron job. The directory on the +Samba server could be shared as well, allowing any of the users to +retrieve a backup file on their own, without having to bother an +administrator.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-3.5"/> + +<h3 class="head2">Backups with smbclient</h3> + +<p>A major use of <em class="emphasis">smbclient</em><a name="INDEX-45"/><a name="INDEX-46"/> is to create and restore backups of +SMB file shares. The backup files <em class="emphasis">smbclient</em> +writes are in tar format, making them easy to work with and portable +among all Unix versions. Using <em class="emphasis">smbclient</em> on a +Unix server to run network backups can result in a more centralized +and easily managed solution for providing data integrity because both +SMB shares and NFS filesystems can be backed up on the same system.</p> + +<p>You can use <em class="emphasis">smbclient</em> to perform backups in two +ways. When backing up an entire share, the simplest method is to use +the <em class="emphasis">-Tc</em> option on the command line:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -Tc >maya-e.tar</b></tt></pre></blockquote> + +<p>This will create a tar archive of the <em class="filename">\\maya\e</em> +share in the file <em class="filename">maya-e.tar</em>. By using the +<em class="emphasis">-D</em> option, it is possible to back up a directory +in the share, rather than the whole share:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -D trans -Tc >maya-e.tar</b></tt></pre></blockquote> + +<p>This causes <em class="emphasis">smbclient</em> to change its working +directory to the <em class="filename">trans</em> directory of the +<em class="filename">\\maya\e</em> share before starting the backup. It is +also possible to use +<em class="emphasis">smbclient</em>'s +<em class="emphasis">tar</em> command in interactive mode, like this:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e </b></tt> +added interface ip=172.16.1.3 bcast=172.16.1.255 nmask=255.255.255.0 +Password: +smb: \> <tt class="userinput"><b>cd trans</b></tt> +smb: \trans\> <tt class="userinput"><b>tarmode full hidden system quiet</b></tt> +smb: \trans\> <tt class="userinput"><b>tar c maya-e-trans.tar</b></tt></pre></blockquote> + +<p>With the previous code, only the <em class="emphasis">trans</em> +subdirectory in the <em class="emphasis">\\maya\e</em> share will be +backed up, using the settings specified in the +<em class="emphasis">tarmode</em> command. To have this type of backup run +automatically from a script, use the <em class="emphasis">-c</em> option:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/e -A samba-domain-pw -c "cd trans; tarmode full hidden \</b></tt> +<tt class="userinput"><b> system quiet; tar >maya-e-trans.tar"</b></tt></pre></blockquote> + +<p>Using either the <em class="emphasis">-T</em> command-line option or +<em class="emphasis">smbclient</em>'s +<em class="emphasis">tar</em> command, additional options can be supplied. +It is necessary to specify either the <em class="emphasis">c</em> option +to create a backup archive or the <em class="emphasis">x</em> option to +extract (restore) one.<a name="FNPTR-1"/><a href="#FOOTNOTE-1">[1]</a> </p> + +<p>The other options can be appended to the option string +and are explained in the section on <em class="emphasis">smbclient</em> in +<a href="appc.html">Appendix C</a>. They allow you to create incremental +backups, specify which files to include or exclude from the backup, +and specify a few other miscellaneous settings. For example, suppose +we wish to create an incremental backup of a share and reset the +archive bit on the files to set things up for the next incremental +backup. Instead of using the interactive commands:</p> + +<blockquote><pre class="code">smb: \> <tt class="userinput"><b>tarmode inc reset quiet</b></tt> +smb: \> <tt class="userinput"><b>tar c backup.tar</b></tt></pre></blockquote> + +<p>we could either use the interactive command:</p> + +<blockquote><pre class="code">smb: \> <tt class="userinput"><b>tar cgaq backup.tar</b></tt></pre></blockquote> + +<p>or specify the <em class="emphasis">-Tcgaq</em> option on the +<em class="emphasis">smbclient</em> command line.</p> + +<p>Your best strategy for using <em class="emphasis">smbclient</em> for +network backups depends on your local configuration. If you have only +a few Windows systems sharing a small amount of data, you might +create a script containing <em class="emphasis">smbclient -Tc</em> +commands to back up each share to a separate tar file, placing the +files in a directory that is included with regular backups of the +Unix system. If you have huge SMB shares on your network, you might +prefer to write the backup directly to a tape drive. You can do this +with <em class="emphasis">smbclient</em> just as you would with a Unix +<em class="emphasis">tar</em> command:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbclient //maya/d -A samba-domain-pw -Tc >/dev/tape</b></tt></pre></blockquote> + +<p>After you have become more familiar with +<em class="emphasis">smbclient</em> and have an automated backup system in +place, you might find that using Samba has dramatically decreased +your anxiety regarding the integrity of your +network's data. The authors of this book are +experienced Unix system administrators, and we highly recommend +having a backup strategy that has been carefully planned, +implemented, and most importantly, <em class="emphasis">tested and known to work +as it is supposed to</em>.</p> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-5-SECT-4"/> + +<h2 class="head1">smbfs</h2> + +<p>On Linux, the <a name="INDEX-47"/>smbfs filesystem can be used to mount +SMB shares onto the Linux filesystem in a manner similar to mounting +disk partitions on NFS filesystems. The result is so transparent that +users on the Linux system might never be aware that they are +accessing files through a Windows or Samba server. Files and +directories appear as any other files or directories on the local +Linux system, although there are a few differences in behavior +relating to ownership and permissions.<a name="FNPTR-2"/><a href="#FOOTNOTE-2">[2]</a></p> + +<p>Although smbfs is based on the Samba code, it is not itself part of +the Samba distribution. Instead, it is included with Linux as a +standard part of the Linux filesystem support.</p> + +<p>The <em class="emphasis">smbmount</em> and +<em class="emphasis">smbmnt</em><a name="INDEX-48"/> programs are part of the Samba +distribution and are needed on the client to mount smbfs filesystems. +Samba must be compiled with the <tt class="literal">--with-smbmount</tt> +configure option to make sure these programs are compiled. They refer +to <em class="filename">smb.conf</em> for information they need regarding +the local system and network configuration, so you will need a +working <em class="filename">smb.conf</em><a name="INDEX-49"/><a name="INDEX-50"/> +file on the system, even if it is not acting as a Samba server. + <a name="INDEX-51"/><a name="INDEX-52"/><a name="INDEX-53"/></p> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-4.1"/> + +<h3 class="head2">Mounting an smbfs Filesystem</h3> + +<p>The <em class="emphasis">smbmount</em><a name="INDEX-54"/> command is used to mount an smbfs +filesystem into the Linux filesystem. The basic usage is:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbmount </b></tt><em class="replaceable">Share-UNC mount-point</em><tt class="userinput"><b> -o </b></tt><em class="replaceable">options</em></pre></blockquote> + +<p>Replace <em class="replaceable">Share-UNC</em> with the UNC for the SMB +share, and <em class="replaceable">mount-point</em> with the full path +to the directory in the Linux filesystem to use as the mount point. +The <em class="replaceable">options</em> argument is used to set the +exact manner in which the share is mounted. Let's +look at an example of a <em class="emphasis">smbmount</em> command:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>smbmount //maya/e /smb/e \</b></tt> +<tt class="userinput"><b> -o "credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775"</b></tt></pre></blockquote> + +<p>Here we are mounting share <em class="filename">\\maya\e</em> from a +Windows 98 system on the mount point <em class="filename">/smb/e</em> on +the Linux system.</p> + +<a name="samba2-CHP-5-NOTE-122"/><blockquote class="note"><h4 class="objtitle">NOTE</h4> +<p>If your Linux kernel doesn't include smbfs support, +you will get the error message:</p> + +<blockquote><pre class="code">ERROR: smbfs filesystem not supported by the kernel</pre></blockquote> + + +<p>In this case, you must configure and compile a new kernel to include +support for smbfs. When smbfs is installed, and an SMB share is +mounted, you can run the command:</p> + + +<blockquote><pre class="code">$ <tt class="userinput"><b>cat /proc/filesystems</b></tt></pre></blockquote> + +<p>and see a line that looks like:</p> + +<blockquote><pre class="code">nodev smbfs</pre></blockquote> + + +<p>in the command's output.</p> +</blockquote> + +<p>The mount point must exist before <em class="emphasis">smbmount</em> is +run and can be created using the <em class="emphasis">mkdir</em> command:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>mkdir /smb/e</b></tt></pre></blockquote> + +<p>The argument to the <em class="emphasis">-o</em> option might look a +little complex. It is a comma-separated list of +<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em> +pairs. The <tt class="literal">credentials</tt> key is set to the name of +the credentials file, which is used to give +<em class="emphasis">smbmount</em> a valid username and password with +which to authenticate while connecting to the share. The format is +identical to that used by <em class="emphasis">smbclient</em> (as +explained in the previous section), so you can use the same +credentials file for both clients. If you want, you can use the +<em class="replaceable">key</em>=<em class="replaceable">value</em> pair +<tt class="literal">username</tt>=<em class="replaceable">name</em>%<em class="replaceable">password</em> +to specify the username and password directly in the +<em class="emphasis">smbmount</em> command, although this is considerably +less secure.</p> + +<a name="samba2-CHP-5-NOTE-123"/><blockquote class="note"><h4 class="objtitle">TIP</h4> +<p>The <em class="emphasis">smbmount</em> command accepts the same +authentication methods as <em class="emphasis">smbclient</em>. The +comments in the section on <em class="emphasis">smbclient</em> regarding +supplying passwords on the command line—and keeping passwords +in files and environment variables—also apply here.</p> +</blockquote> + +<p>The rest of the options tell <em class="emphasis">smbmount</em> how to +translate between the SMB filesystem and the Unix filesystem, which +differ in their handling of ownership and permissions. The +<em class="emphasis">uid</em> and <em class="emphasis">gid</em> options specify +the owner and group to be assigned to all directories and files in +the mounted share.</p> + +<p>The <em class="emphasis">fmask</em><a name="INDEX-55"/> and +<em class="emphasis">dmask</em><a name="INDEX-56"/> options specify +<a name="INDEX-57"/>bitmasks for +permissions of files and directories, respectively. These bitmasks +are logically ANDed with whatever permissions are granted by the +server to create the effective permissions on the client Unix system. +On the server side, the permissions granted depend on the +server's operating system. For a Windows 95/98/Me +server using share-mode security, the MS-DOS read-only attribute can +be set on individual files and directories and combined with the Full +Access or Read Only permissions on the share as a whole. In +user-level security mode, Windows 95/98/Me can have ACL-like +permissions applied to the entire share, as discussed in <a href="ch04.html">Chapter 4</a>. Windows NT/2000/XP support ACLs on individual +files and directories, with Full Control, Change, or Read permissions +that can be applied to the entire share. If the server is a Samba +server, the permissions are whatever is defined by the Samba share +and the local Unix system for the individual files and directories. +In every case, the permissions applied to the share act to further +limit access, beyond what is specified for the individual files and +directories.</p> + +<a name="samba2-CHP-5-NOTE-124"/><blockquote class="note"><h4 class="objtitle">TIP</h4> +<p>You might think that the <em class="emphasis">fmask</em> and +<em class="emphasis">dmask</em> permission masks can be used only to +reduce the effective permissions on files and directories, but this +is not always the case. For example, suppose that a file is being +shared by a Windows 95/98/Me server using share-mode security and +that some number of users have been given the Full Access password +for the share. If the share is mounted with +<em class="emphasis">smbmount</em> using an <em class="emphasis">fmask</em> of +666, read/write permissions are granted on the Unix system not only +for the owner, but for everyone else on the Unix system as well!</p> +</blockquote> + +<p>After mounting the <em class="filename">\\maya\d</em> share to +<em class="filename">/smb/e</em>, here is what the contents of +<em class="filename">/smb/e</em> look like:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>cd /smb/e ; ls -l</b></tt> +total 47 +drwxrwxr-x 1 jay jay 512 Jan 8 20:21 CD-images +drwxrwxr-x 1 jay jay 512 Jan 6 21:50 lectures +-rw-rw-r-- 1 jay jay 131 Dec 18 09:12 ms-ProfPol-wp.doc +-rw-rw-r-- 1 jay jay 59 Dec 18 09:12 profile-map +-rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt +drwxrwxr-x 1 jay jay 512 Feb 4 2002 RECYCLED +-rw-rw-r-- 1 jay jay 33969 Dec 10 20:22 smbclient.doc +-rw-rw-r-- 1 jay jay 7759 Dec 10 20:20 smbmount.doc +-rw-rw-r-- 1 jay jay 1914 Dec 10 20:17 smbsh.txt +drwxrwxr-x 1 jay jay 512 Jan 10 03:54 trans</pre></blockquote> + +<p>For the most part, the files and directories contained in the mounted +smbfs filesystem will work just like any others, except for +limitations imposed by the nature of SMB networking. For example, not +even the superuser can perform the operation:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>chown root lectures</b></tt> +chown: changing ownership of 'lectures': Operation not permitted</pre></blockquote> + +<p>because SMB shares do not intrinsically support the idea of +ownership. Some odd behaviors can result from this. For example, the +command:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>chmod 777 readme.txt</b></tt></pre></blockquote> + +<p>does not produce an error message, although nothing has been changed. +The file <em class="filename">readme.txt</em> still has permissions set to +664:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>ls -l readme.txt</b></tt> +-rw-rw-r-- 1 jay jay 131 Jan 15 05:01 readme.txt</pre></blockquote> + +<p>Aside from little things such as these, the mounted smbfs filesystem +can be used in conjunction with virtually any application, and you +might be pleasantly surprised at how nicely it integrates with your +Linux-based computing environment. You can even create symbolic links +in the Unix filesystem, pointing to files and directories inside SMB +shares. However, unless the server is a Samba server that supports +Unix CIFS extensions, you will not be able to create a symbolic link +inside the mounted smbfs filesystem.</p> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-4.2"/> + +<h3 class="head2">Mounting smbfs Filesystems Automatically</h3> + +<p><a name="INDEX-58"/>As with other types of +filesystems, an smbfs filesystem can be mounted automatically during +system bootup by creating an entry for it in +<em class="filename">/etc/fstab</em>. The format for the entry is as +follows:</p> + +<blockquote><pre class="code"><em class="replaceable">Share-UNC mount-point</em> smbfs <em class="replaceable">options</em> 0 0</pre></blockquote> + +<p>Replace <em class="replaceable">Share-UNC</em> with the UNC of the +share (using the forward slash format), and replace +<em class="replaceable">mount-point</em> with the name of the directory +in the Linux filesystem on which the share will be mounted. In place +of <em class="replaceable">options</em>, simply use the string that you +used with the <em class="emphasis">-o</em> flag in the +<em class="emphasis">smbmount</em> command.</p> + +<p>Once you have found the arguments to use with the +<em class="emphasis">smbmount</em> command to mount the share the way you +like it, it is a very simple matter to create the entry for +<em class="filename">/etc/fstab</em>. The <em class="emphasis">smbmount</em> +command we used to mount the share <em class="filename">\\maya\e</em> on +<em class="filename">/smb/e</em> would translate to this +<em class="filename">/etc/fstab</em> entry:</p> + +<blockquote><pre class="code">//maya/e /smb/e smbfs +credentials=/home/jay/.smbpw,uid=jay,gid=jay,fmask=664,dmask=775 0 0 + +<i class="lineannotation">(Please note that this should all go on one line.)</i></pre></blockquote> +<a name="samba2-CHP-5-NOTE-125"/><blockquote class="note"><h4 class="objtitle">WARNING</h4> +<p>If you make a mistake in modifying +<em class="filename">/etc/fstab</em><a name="INDEX-59"/><a name="INDEX-60"/>, your system might not +reboot properly, and you might be forced to boot into single-user +mode to fix the problem. Before you edit +<em class="filename">/etc/fstab</em>, be sure to make a backup copy of it, +and be prepared to recover your system if anything goes wrong.</p> +</blockquote> + +<p>Once the entry has been added, the system will automatically mount +the share when booting. Or, the system administrator can manually +mount or unmount the share with commands such as these:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>mount /smb/e</b></tt> +# <tt class="userinput"><b>umount /smb/e</b></tt></pre></blockquote> + +<a name="samba2-CHP-5-NOTE-126"/><blockquote class="note"><h4 class="objtitle">TIP</h4> +<p>It is possible to use <em class="emphasis">mount</em> and +<em class="emphasis">umount</em> by giving them the UNC for the share +using forward slashes, as in our <em class="filename">/etc/fstab</em> +entry. However, be careful about this. A share might be listed more +than once in <em class="filename">/etc/fstab</em> so that it can be +mounted at more than one place in the Linux filesystem. If you use +the UNC to specify the share you wish to mount or unmount, you might +cause it to be mounted or unmounted at another mount point from the +one you intended.</p> +</blockquote> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-4.3"/> + +<h3 class="head2">Common smbmount Options</h3> + +<p><a href="ch05.html#samba2-CHP-5-TABLE-1">Table 5-1</a> lists +<em class="replaceable">key</em><tt class="literal">=</tt><em class="replaceable">value</em> +pairs that can be used with the <em class="emphasis">-o</em> option of +<em class="emphasis">smbmount</em> or in the options field of the +<em class="filename">/etc/fstab</em> entry for the smbfs filesystem. See +the <em class="emphasis">smbmount</em> manual page for a complete list of +options.</p> + +<a name="samba2-CHP-5-TABLE-1"/><h4 class="head4">Table 5-1. smbmount options</h4><table border="1"> + + + + +<tr> +<th> +<p>Key</p> +</th> +<th> +<p>Value</p> +</th> +<th> +<p>Function</p> +</th> +</tr> + + +<tr> +<td> +<p><tt class="literal">username</tt></p> +</td> +<td> +<p>string</p> +</td> +<td> +<p>Provides the username, and optionally the password and workgroup, for +authentication.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">password</tt></p> +</td> +<td> +<p>string</p> +</td> +<td> +<p>Provides the share or domain password, if it hasn't +been supplied by another means.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">credentials</tt></p> +</td> +<td> +<p>string</p> +</td> +<td> +<p>Name of file containing the username and password.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">uid</tt></p> +</td> +<td> +<p>string or numeric</p> +</td> +<td> +<p>User ID to apply to all files and directories of the mounted share.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">gid</tt></p> +</td> +<td> +<p>string or numeric</p> +</td> +<td> +<p>Group ID to apply to all files and directories of the mounted share.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">fmask</tt></p> +</td> +<td> +<p>numeric</p> +</td> +<td> +<p>Permissions to apply to files. Default is based on current umask.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">dmask</tt></p> +</td> +<td> +<p>numeric</p> +</td> +<td> +<p>Permissions to apply to directories. Default is based on current +umask.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">debug</tt></p> +</td> +<td> +<p>numeric</p> +</td> +<td> +<p>Debug level.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">workgroup</tt></p> +</td> +<td> +<p>string</p> +</td> +<td> +<p>Name of workgroup of remote server.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">guest</tt></p> +</td> +<td> +<p>(none)</p> +</td> +<td> +<p>Suppresses password prompt.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">ro</tt></p> +</td> +<td> +<p>(none)</p> +</td> +<td> +<p>Mount read-only.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">rw</tt></p> +</td> +<td> +<p>(none)</p> +</td> +<td> +<p>Mount read/write. This is the default.</p> +</td> +</tr> +<tr> +<td> +<p><tt class="literal">ttl</tt></p> +</td> +<td> +<p>numeric</p> +</td> +<td> +<p>Amount of time to cache the contents of directories. Defaults to 1000 +ms <a name="INDEX-62"/>.</p> +</td> +</tr> + +</table> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-5-SECT-5"/> + +<h2 class="head1">smbsh</h2> + +<p>The <em class="emphasis">smbsh</em><a name="INDEX-63"/> program is part of the Samba suite and +works on some, but not all, Unix variants.<a name="FNPTR-3"/><a href="#FOOTNOTE-3">[3]</a> Effectively, it adds a wrapper around the +user's command shell, enabling it and common Unix +utilities to work on files and directories in SMB shares, in addition +to files and directories in the local Unix filesystem. From the +user's perspective, the effect is that of a +simulated mount of the SMB shares onto the Unix filesystem.</p> + +<p><em class="emphasis">smbsh</em> works by running the shell and programs +run from it in an environment in which calls to the standard C +library are redirected to the +<em class="emphasis">smbwrapper</em><a name="INDEX-64"/> library, which has support for +operating on SMB shares. This redirection can work only if the +program being run is dynamically linked. Fortunately, modern Unix +versions ship with most common utilities linked dynamically rather +than statically.</p> + +<a name="samba2-CHP-5-NOTE-127"/><blockquote class="note"><h4 class="objtitle">TIP</h4> +<p>To determine whether a program is dynamically or statically linked, +try using the <em class="emphasis">file</em> command.</p> +</blockquote> + +<p>To use <em class="emphasis">smbsh</em>, your Samba installation must be +configured using the configure option +<tt class="literal">--with-smbwrapper</tt>.</p> + +<p>If you have a number of Unix systems with the same host operating +system and architecture and don't want to bother +with a full Samba installation, you can simply move the following +files to the other systems:</p> + +<blockquote><pre class="code">/usr/local/samba/bin/smbsh +/usr/local/samba/bin/smbwrapper.so +/usr/local/samba/lib/smb.conf</pre></blockquote> + +<p>Make sure that <em class="filename">/usr/local/samba/bin</em> is in your +shell's search path. The +<em class="filename">smb.conf</em><a name="INDEX-65"/><a name="INDEX-66"/> file is +needed only for <em class="emphasis">smbsh</em> to determine the workgroup +or domain and does not need to be as elaborate as your Samba +server's configuration file.</p> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-5.1"/> + +<h3 class="head2">An Interactive Session with smbsh</h3> + +<p><a name="INDEX-67"/>To start <em class="emphasis">smbsh</em>, +simply type in the <em class="emphasis">smbsh</em> command at the shell +prompt. You will be prompted for a username and password with which +to authenticate on the SMB network:</p> + +<blockquote><pre class="code">$ <tt class="userinput"><b>smbsh</b></tt> +Username: davecb +Password: +smbsh$</pre></blockquote> + +<p>While working within the <em class="emphasis">smbsh</em> shell, you have a +virtual <em class="filename">/smb</em> directory. This does not actually +exist in the Unix filesystem and is supported within +<em class="emphasis">smbsh</em> only to help organize the SMB shares in a +structure familiar to Unix users. You can list the contents of the +<em class="filename">/smb</em> virtual directory and get a list of +workgroups in the local network, which are also presented as virtual +directories:</p> + +<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd /smb ; ls</b></tt> +ZOOL PLANK BACIL</pre></blockquote> + +<p>You can change your working directory to one of the workgroup virtual +directories, and listing one of them will show the computers in the +workgroup:</p> + +<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd ZOOL ; ls</b></tt> +ANTILLES DODO MILO SEAL +ARGON HANGGLIDE OSTRICH SPARTA +BALLET INFUSION PLAQUE THEBES +CHABLIS JAZ PRAETORIAN TJ +COBRA KIKO RAYOPCI TRANCE +COUGUR MACHINE-HEADPCI RUMYA VIPERPCI +CRUSTY MATHUMA SCOT</pre></blockquote> + +<p>Likewise, you can change your current directory to, and list the +contents of, a computer virtual directory, and then you can see a +listing of shares offered by that computer:</p> + +<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd scot ; ls</b></tt> +ADMIN$ davecb nc np2s pl +ace dhcp-mrk03 np nps xp +cl ep np2 opcom</pre></blockquote> + +<p>This is the lowest level of +<em class="emphasis">smbsh</em>'s virtual directory +system. Once you <em class="emphasis">cd</em> into a share, you are within +the SMB share on the remote computer:</p> + +<blockquote><pre class="code">smbsh$ <tt class="userinput"><b>cd davecb ; ls</b></tt> +Mail mkanalysis_dirs.idx +SUNWexplo nfs.ps +Sent nsmail +allsun.html projects.txt +bin sumtimex</pre></blockquote> + +<p>Once in a remote share, most of the Unix shell utilities will work, +and you can operate on files and directories much as you would on any +Unix system. You can even create symbolic links in the Unix +filesystem pointing to files and directories in the SMB share. +However, attempts to create symbolic links in the SMB share will fail +unless the share is being served by Samba with support for Unix CIFS +extensions.</p> + + +</div> + + +</div> + + + +<div class="sect1"><a name="samba2-CHP-5-SECT-6"/> + +<h2 class="head1">smbutil and mount_smbfs</h2> + +<p>The <em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em> +programs provide SMB client functionality for FreeBSD, Darwin, and +Mac OS X. Neither of the programs is part of the Samba distribution; +however, we are including them to give you a little additional +support in case you have BSD-related Unix systems on your network.</p> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-6.1"/> + +<h3 class="head2">smbutil</h3> + +<p>The <em class="emphasis">smbutil</em><a name="INDEX-68"/> program provides functionality similar +to some of the Samba suite's command-line utilities. +It can be used to list the shares available on an SMB server or +perform NetBIOS name lookups.</p> + +<p>The first argument given to <em class="emphasis">smbutil</em> is one of a +number of subcommands and is usually followed by arguments specific +to the subcommand. For example, to list the resources offered by a +server, use the <em class="emphasis">view</em> subcommand, and enter your +server password when prompted:</p> + +<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //vamana</b></tt> +Password: +Share Type Comment +------------------------------------------------------------- +public disk +SS2500 printer Stylus Scan 2500 +IPC$ pipe IPC Service (Samba 2.2.5) +ADMIN$ disk IPC Service (Samba 2.2.5) +leonvs disk User Home Directories + +5 shares listed from 5 available</pre></blockquote> + +<p>If you wish to connect to the server with a username that differs +from that on your client, you can specify it on the command line by +preceding the name of the server with the username and using an at +sign (<tt class="literal">@</tt>) as a separator:</p> + +<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs@vamana</b></tt></pre></blockquote> + +<p>You can also include the password after the username, using a colon +(:) as a separator, to avoid being prompted for +it:</p> + +<blockquote><pre class="code">% <tt class="userinput"><b>smbutil view //leonvs:leonspassword@vamana</b></tt></pre></blockquote> + +<p>Typing your password in the open like this is strongly discouraged. +It's a little better if you use an encrypted +password, which you can generate using +<em class="emphasis">smbutil</em>'s +<em class="emphasis">crypt</em> subcommand:</p> + +<blockquote><pre class="code">% <tt class="userinput"><b>smbutil crypt leonspassword</b></tt> +$$1625a5723293f0710e5faffcfc6</pre></blockquote> + +<p>This can then be used in place of a clear-text password. However, the +encryption is not particularly strong and will foil only the most +casual inspection. As noted earlier, the only reasonably secure +method of providing a password is to be prompted for it.</p> + +<p>While starting up, <em class="emphasis">smbutil</em> reads the file +<em class="filename">.nsmbrc</em><a name="INDEX-69"/> in the user's home +directory. Also, the file +<em class="filename">/usr/local/etc/nsmb.conf</em><a name="INDEX-70"/><a name="INDEX-71"/> is read, and directives in that file +override those in users' +<em class="filename">~/.nsmbrc</em> files. This is to allow administrators +to apply mandatory settings to all users. Directives can be placed in +this file using the section and parameter format similar to that of +the Samba configuration file. A list of common configuration +parameters is given in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p> + +<p>For example, to keep your password in your +<em class="filename">~/.nsmbrc</em> file, you can create an entry in the +file such as the following:</p> + +<blockquote><pre class="code">[VAMANA:LEONVS] + password=$$1625a5723293f0710e5faffcfc6</pre></blockquote> + +<p>The section heading in brackets specifies the SMB +server's NetBIOS name and the username to which the +subsequent parameter settings apply. (The hostname and username +should be supplied in uppercase characters.) Section headings can +also consist of just a hostname or can contain a share name as a +third element for specifying parameters applicable to a single share. +Finally, if a <tt class="literal">[default]</tt> section is present, the +settings in it apply to all connections.</p> + +<p>The following example <em class="filename">.nsmbrc</em> shows some of the +other parameters you might use:</p> + +<blockquote><pre class="code">[default] + username=leonvs + # NetBIOS name server + nbns=192.168.1.3 + +[VAMANA] + # server IP address + addr=192.168.1.6 + workgroup=TEST + +[VAMANA:LEONVS] + password=$$1625a5723293f0710e5faffcfc6</pre></blockquote> + +<p>Another thing you can do with <em class="emphasis">smbutil</em> is +<a name="INDEX-72"/><a name="INDEX-73"/><a name="INDEX-74"/>translate between IP addresses or DNS +names and +<a name="INDEX-75"/>NetBIOS +names. For example, the <em class="emphasis">status</em> subcommand takes +an IP address or DNS hostname as an argument and returns the +corresponding SMB server's NetBIOS name and +workgroup:</p> + +<blockquote><pre class="code">% <tt class="userinput"><b>smbutil status 192.168.1.6</b></tt> +Workgroup: TEST +Server: VAMANA</pre></blockquote> + +<p>The <em class="emphasis">lookup</em> subcommand returns the IP address +associated with a given NetBIOS hostname. A NetBIOS name server can +be optionally specified with the <em class="emphasis">-w</em> argument:</p> + +<blockquote><pre class="code">% <tt class="userinput"><b>smbutil lookup -w 192.168.1.3 VAMANA</b></tt> +Got response from 192.168.1.3 +IP address of VAMANA: 192.168.1.6</pre></blockquote> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-6.2"/> + +<h3 class="head2">mount_smbfs</h3> + +<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-76"/> program performs essentially the same +function as <em class="emphasis">smbmount</em> on Linux. It mounts an SMB +share on a directory in the local filesystem. The SMB share can then +be accessed just like any other directory, subject to some behavioral +differences noted earlier in <a href="ch05.html#samba2-CHP-5-SECT-4.1">Section 5.4.1</a>.</p> + +<p>The command synopsis for <em class="emphasis">mount_smbfs</em> is:</p> + +<blockquote><pre class="code">mount_smbfs <em class="replaceable">[options]</em> <em class="replaceable">Share-UNC</em> <em class="replaceable">mount-point</em></pre></blockquote> + +<p>where <em class="replaceable">Share-UNC</em> is of the form:</p> + +<blockquote><pre class="code">//[<em class="replaceable">workgroup</em>;][<em class="replaceable">username</em>[:<em class="replaceable">password</em>]@]<em class="replaceable">server</em>[/<em class="replaceable">share</em>]</pre></blockquote> + +<p>For example:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs '//TEST;leonvs:$$1625a5723293f0710e5faffcfc6@vamana/leonvs' /</b></tt> +\<tt class="userinput"><b>Volumes/leonvs</b></tt></pre></blockquote> + +<p>The ownership and permissions of the mount point determine the +default ownership and permissions for files and directories in the +mounted share. These can be modified with command-line arguments, +like this:</p> + +<blockquote><pre class="code"># <tt class="userinput"><b>mount_smbfs -u leonvs -g admin -f 0750 -d 0755 //leonvs@vamana/leonvs </b></tt> +\<tt class="userinput"><b>/Volumes/leonvs</b></tt></pre></blockquote> + +<p>In this example, the files and directories in the mounted share will +be owned by the user leonvs and the group admin, with files and +directories having permissions 750 and 755, respectively. (As usual, +the permissions are specified in the octal format used by the Unix +<em class="emphasis">chmod</em> command.)</p> + +<p>The <em class="emphasis">mount_smbfs</em><a name="INDEX-77"/><a name="INDEX-78"/> command +also makes use of settings in +<em class="filename">/usr/local/etc/nsmb.conf</em> and +<em class="filename">~/.nsmbrc</em>, as described earlier. A list of +common configuration parameters and command-line options is provided +in <a href="ch05.html#samba2-CHP-5-TABLE-2">Table 5-2</a>.</p> + +<a name="samba2-CHP-5-TABLE-2"/><h4 class="head4">Table 5-2. Common smbutil and mount_smbfs options</h4><table border="1"> + + + + +<tr> +<th> +<p>Command-line option</p> +</th> +<th> +<p>Configuration file parameter</p> +</th> +<th> +<p>Description</p> +</th> +</tr> + + +<tr> +<td> +<p><tt class="literal">-I</tt> <em class="replaceable">hostname</em></p> +</td> +<td> +<p><tt class="literal">addr</tt></p> +</td> +<td> +<p>Avoid NetBIOS name resolution and connect to the server using the +specified DNS hostname or IP address.</p> +</td> +</tr> +<tr> +<td> +<p>-N</p> +</td> +<td> +<p><em class="emphasis">none</em></p> +</td> +<td> +<p>Do not prompt for a password.</p> +</td> +</tr> +<tr> +<td> +<p>-R <em class="replaceable">count</em></p> +</td> +<td> +<p><tt class="literal">retry_count</tt></p> +</td> +<td> +<p>Number of times to retry connection before giving up.</p> +</td> +</tr> +<tr> +<td> +<p>-T <em class="replaceable">seconds</em></p> +</td> +<td> +<p><tt class="literal">timeout</tt></p> +</td> +<td> +<p>Timeout, in seconds, per connection request.</p> +</td> +</tr> +<tr> +<td> +<p>-U <em class="replaceable">username</em></p> +</td> +<td> +<p><tt class="literal">username</tt></p> +</td> +<td> +<p>Username to use for authentication. Defaults to Unix username.</p> +</td> +</tr> +<tr> +<td> +<p>-W <em class="replaceable">workgroup</em></p> +</td> +<td> +<p><tt class="literal">workgroup</tt></p> +</td> +<td> +<p>Name of workgroup of remote server.</p> +</td> +</tr> +<tr> +<td> +<p>-d <em class="replaceable">mode</em></p> +</td> +<td> +<p><em class="emphasis">none</em></p> +</td> +<td> +<p>Permissions to apply to directories in the mounted share. Defaults to +the same as the file permissions, plus an execute (search) bit +whenever the read bit is set.</p> +</td> +</tr> +<tr> +<td> +<p>-f <em class="replaceable">mode</em></p> +</td> +<td> +<p><em class="filename">none</em></p> +</td> +<td> +<p>Permissions to apply to files in the mounted share. Defaults to the +same as the permissions set on the directory used as the mount point.</p> +</td> +</tr> +<tr> +<td> +<p>-g <em class="replaceable">group</em></p> +</td> +<td> +<p><em class="emphasis">none</em></p> +</td> +<td> +<p>Name or numeric GID to apply to all files and directories in the +mounted share. Defaults to the group of the directory used as the +mount point.</p> +</td> +</tr> +<tr> +<td> +<p>-n <em class="replaceable">long</em></p> +</td> +<td> +<p><em class="emphasis">none</em></p> +</td> +<td> +<p>Disable support for long filenames. Restrict filenames to 8.3 naming +standard.</p> +</td> +</tr> +<tr> +<td> +<p>-u <em class="replaceable">username</em></p> +</td> +<td> +<p><em class="emphasis">none</em></p> +</td> +<td> +<p>Username or numeric UID to apply as the owner of all files and +directories in the mounted share. Defaults to the owner of the +directory used as the mount point.</p> +</td> +</tr> +<tr> +<td> +<p>-w <em class="replaceable">hostname</em></p> +</td> +<td> +<p><tt class="literal">nbns</tt></p> +</td> +<td> +<p>Hostname or IP address of the NetBIOS name server.</p> +</td> +</tr> +<tr> +<td> +<p><em class="emphasis">none</em></p> +</td> +<td> +<p><tt class="literal">password</tt></p> +</td> +<td> +<p>Password to use for authentication.</p> +</td> +</tr> + +</table> + + +</div> + + +<div class="sect2"><a name="samba2-CHP-5-SECT-6.3"/> + +<h3 class="head2">Mac OS X</h3> + +<p><a name="INDEX-79"/>In addition to +<em class="emphasis">smbutil</em> and <em class="emphasis">mount_smbfs</em>, OS +X includes a graphical interface to the functionality they provide. +To use this interface, open the Go menu and select the Connect to +Server . . . menu item. Instead of using a UNC, specify the share in +the form of a Uniform Resource Identifier (URI) with a prefix of +<tt class="literal">smb://</tt> entered in the Address field, as shown in +<a href="ch05.html#samba2-CHP-5-FIG-5">Figure 5-5</a>.</p> + +<div class="figure"><a name="samba2-CHP-5-FIG-5"/><img src="figs/sam2_0505.gif"/></div><h4 class="head4">Figure 5-5. OS X Connect to Server dialog</h4> + +<p>You can specify a server, share, workgroup, username, and password +(optionally encrypted with <em class="emphasis">smbutil crypt</em>) in the +URI, in the same format as the UNC argument to +<em class="emphasis">mount_smbfs</em>. If you don't +specify a share name in the URI, you will be shown a window that lets +you choose from a list of shares available to mount. See <a href="ch05.html#samba2-CHP-5-FIG-6">Figure 5-6</a>.</p> + +<div class="figure"><a name="samba2-CHP-5-FIG-6"/><img src="figs/sam2_0506.gif"/></div><h4 class="head4">Figure 5-6. Selecting a share to mount</h4> + +<p>Only guest-accessible shares will show up in the list until +you've authenticated. After pressing the +Authenticate button, you'll be prompted for a +workgroup, username, and password, as shown in <a href="ch05.html#samba2-CHP-5-FIG-7">Figure 5-7</a>. You'll also see this dialog +if you provide a share name in the URI, but not a username and +password.<a name="FNPTR-4"/><a href="#FOOTNOTE-4">[4]</a></p> + +<div class="figure"><a name="samba2-CHP-5-FIG-7"/><img src="figs/sam2_0507.gif"/></div><h4 class="head4">Figure 5-7. Client authentication</h4> + +<p>As usual for Mac OS X, shares are mounted under +<em class="filename">/Volumes</em>, but show up in the root of the Finder +hierarchy.</p> + +<p>If you have a WINS server on your network, you can provide the +server's IP address in the Directory Access +application, or by using the <tt class="literal">wins</tt> +<tt class="literal">server</tt> parameter in +<em class="filename">/etc/smb.conf</em>.</p> + +<p>If you don't know the name of a server to which you +wish to connect, you can look for it in the browse list, using the +graphical frontend to the <em class="emphasis">nmblookup</em> command +provided with Samba. Click the downward-pointing arrow in the Connect +to Server . . . dialog box to show a hierarchical, column-based view +of available workgroups and servers, similar to that shown in <a href="ch05.html#samba2-CHP-5-FIG-8">Figure 5-8</a>. If your client is also acting as an SMB file +server, it won't show up in its own browse +list.<a name="INDEX-80"/></p> + +<div class="figure"><a name="samba2-CHP-5-FIG-8"/><a name="INDEX-81"/><img src="figs/sam2_0508.gif"/></div><h4 class="head4">Figure 5-8. Browsing the network</h4> + + +</div> + + +</div> + +<hr/><h4 class="head4">Footnotes</h4><blockquote><a name="FOOTNOTE-1"/> <p><a href="#FNPTR-1">[1]</a> An alternative to extracting +the tar archive directly to the SMB share is to use the Unix +system's <em class="emphasis">tar</em> command to extract +it to a directory on the Unix server, then copy the desired file(s) +to a shared directory. This allows a greater amount of control over +the restoration process, as when correcting for an accidental file +deletion or reverting a set of files to a previous condition.</p> +<a name="FOOTNOTE-2"/> <p><a href="#FNPTR-2">[2]</a> Samba Versions +2.2.4 and later have support for Unix CIFS extensions developed by +Hewlett-Packard, which add full support for Unix ownership, group, +and permissions in smbfs filesystems when shared between two Samba +systems. You will also need a recent version of smbfs in your Linux +kernel.</p> <a name="FOOTNOTE-3"/> <p><a href="#FNPTR-3">[3]</a> At the +time of this writing, <em class="emphasis">smbsh</em> does not work on +HP/UX or Linux. However, Linux support might return in the +future.</p> <a name="FOOTNOTE-4"/> <p><a href="#FNPTR-4">[4]</a> If you've previously +stored your authentication information in a Keychain, you will +instead be prompted for your Keychain password.</p> </blockquote><hr/><h4 class="head4"><a href="toc.html">TOC</a></h4></body></html> |