I recently moved users from a Solaris home server to our 760 (6.0.1.r1). filer. The users had created soft links (ln -s) to directories (either within their home directory or to other points via the automounter). Previously the Unix home shares were shared via samba and Unix users in the Windows environment could follow a soft link to the directory.
With the data moved to the NetApp, this is no longer available when using CIFS. I opened a case with NetApp and basically the answer was - that's right - the filer won't follow the link to a directory.
I have toyed with the idea of using samba on a box and letting the user point to it, thus letting samba provide the share service. Have not tried this, but was wondering if anyone has? Does anyone know of a work-around for this?
Thx in advance for any replies.
JCC
James C. Coder UNIX Administrator Guidant Corporation Phone: 651-582-4797 Email: james.coder@guidant.com mailto:james.coder@guidant.com
The filer does indeed understand and follow symlinks. Just be sure the symlink "makes sense" from the filer's perspective.
Note that under NFS, the filer simply sends the value of the symlink to the client and the client actually follows it. So under NFS the filer acts just like any other NFS server with regard to symlinks.
Under CIFS, however, the client does not know what a symlink is, so the filer itself must follow it. So the symlink must "make sense" to the filer.
Check out these options in the man pages and Sys. Admin. Guide
options cifs.home_dir options cifs.symlinks.enable options cifs.symlinks.cycleguard
There is also a file you can create (forgot the name) that the filer uses to translate symlinks so that they make sense to the filer.
To prevent users from circumventing security using symlink tricks, the filer will not follow all symlinks. But it should follow any symlink that refers back to the same share, provided the user has permissions to follow it. And the symlink must make sense to the filer, so relative symlinks are better than absolute ones, eg, foo -> ../bar/baz
Obviously, any symlink that triggers an automount is not going to work unless the data is on the same filer and you can come up with a translation that works.
The cifs.home_dir option is very handy if you have a lot of users. It allows you to automatically create a share for each user's home directory. That way a user can attach to \FILER\loginid and get straight into their home directory. All the home directories must have the same name as the loginid and must be directly beneath the cifs.home_dir directory. You can get around this restriction by using a directory of symlinks instead. The symlinks can cross volumes, but not filers. For example, set up the option like this:
options cifs.home_dir /vol/vol0/shares
Assume user bill's home directory is in /vol/vol0/h1/b/bi/bill
Set up this symlink on the filer:
/vol/vol0/shares/bill -> /vol/vol0/h1/b/bi/bill
Now bill can simply attach to \FILER\bill to get into his home directory.
I recently moved users from a Solaris home server to our 760 (6.0.1.r1). filer. The users had created soft links (ln -s) to directories (either within their home directory or to other points via the automounter). Previously the Unix home shares were shared via samba and Unix users in the Windows environment could follow a soft link to the directory.
With the data moved to the NetApp, this is no longer available when using CIFS. I opened a case with NetApp and basically the answer was - that's right - the filer won't follow the link to a directory.
I have toyed with the idea of using samba on a box and letting the user point to it, thus letting samba provide the share service. Have not tried this, but was wondering if anyone has? Does anyone know of a work-around for this?
Thx in advance for any replies.
JCC
James C. Coder UNIX Administrator Guidant Corporation Phone: 651-582-4797 Email: james.coder@guidant.com mailto:james.coder@guidant.com
Steve Losen scl@virginia.edu phone: 804-924-0640
University of Virginia ITC Unix Support
steve:
are there implications for creating a symlink for all users if you have a lot [>2000]?
"You can get around this restriction by using a directory of symlinks instead. The symlinks can cross volumes, but not filers. For example, set up the option like this:
options cifs.home_dir /vol/vol0/shares
Assume user bill's home directory is in /vol/vol0/h1/b/bi/bill
Set up this symlink on the filer:
/vol/vol0/shares/bill -> /vol/vol0/h1/b/bi/bill
Now bill can simply attach to \FILER\bill to get into his home directory."
Steve Losen wrote:
The filer does indeed understand and follow symlinks. Just be sure the symlink "makes sense" from the filer's perspective.
Note that under NFS, the filer simply sends the value of the symlink to the client and the client actually follows it. So under NFS the filer acts just like any other NFS server with regard to symlinks.
Under CIFS, however, the client does not know what a symlink is, so the filer itself must follow it. So the symlink must "make sense" to the filer.
Check out these options in the man pages and Sys. Admin. Guide
options cifs.home_dir options cifs.symlinks.enable options cifs.symlinks.cycleguard
There is also a file you can create (forgot the name) that the filer uses to translate symlinks so that they make sense to the filer.
To prevent users from circumventing security using symlink tricks, the filer will not follow all symlinks. But it should follow any symlink that refers back to the same share, provided the user has permissions to follow it. And the symlink must make sense to the filer, so relative symlinks are better than absolute ones, eg, foo -> ../bar/baz
Obviously, any symlink that triggers an automount is not going to work unless the data is on the same filer and you can come up with a translation that works.
The cifs.home_dir option is very handy if you have a lot of users. It allows you to automatically create a share for each user's home directory. That way a user can attach to \FILER\loginid and get straight into their home directory. All the home directories must have the same name as the loginid and must be directly beneath the cifs.home_dir directory. You can get around this restriction by using a directory of symlinks instead. The symlinks can cross volumes, but not filers. For example, set up the option like this:
options cifs.home_dir /vol/vol0/shares
Assume user bill's home directory is in /vol/vol0/h1/b/bi/bill
Set up this symlink on the filer:
/vol/vol0/shares/bill -> /vol/vol0/h1/b/bi/bill
Now bill can simply attach to \FILER\bill to get into his home directory.
I recently moved users from a Solaris home server to our 760 (6.0.1.r1). filer. The users had created soft links (ln -s) to directories (either within their home directory or to other points via the automounter). Previously the Unix home shares were shared via samba and Unix users in the Windows environment could follow a soft link to the directory.
With the data moved to the NetApp, this is no longer available when using CIFS. I opened a case with NetApp and basically the answer was - that's right - the filer won't follow the link to a directory.
I have toyed with the idea of using samba on a box and letting the user point to it, thus letting samba provide the share service. Have not tried this, but was wondering if anyone has? Does anyone know of a work-around for this?
Thx in advance for any replies.
JCC
James C. Coder UNIX Administrator Guidant Corporation Phone: 651-582-4797 Email: james.coder@guidant.com mailto:james.coder@guidant.com
Steve Losen scl@virginia.edu phone: 804-924-0640
University of Virginia ITC Unix Support
steve:
are there implications for creating a symlink for all users if you have a lot [>2000]?
"You can get around this restriction by using a directory of symlinks instead. The symlinks can cross volumes, but not filers. For example, set up the option like this:
options cifs.home_dir /vol/vol0/shares
Assume user bill's home directory is in /vol/vol0/h1/b/bi/bill
Set up this symlink on the filer:
/vol/vol0/shares/bill -> /vol/vol0/h1/b/bi/bill
Now bill can simply attach to \FILER\bill to get into his home directory."
We do this with about 30,000 users. Now you sure as hell don't want to "ls -l" our entire cifs.home_dir directory, but there is no problem at all accessing a specific link, which is what the filer does when a user logs in. A directory with 30,000 entries is inconvenient for listing or browsing, but doesn't cause the filer itself any difficulty.
Steve Losen scl@virginia.edu phone: 804-924-0640
University of Virginia ITC Unix Support
"Coder, James (STP)" wrote:
I have toyed with the idea of using samba on a box and letting the user point to it, thus letting samba provide the share service. Have not tried this, but was wondering if anyone has? Does anyone know of a work-around for this?
That is what my group has been forced to do, because our users depend on their gargantuan link farms. It's inelegant, but it works.
--Brian L. Brush Senior Systems Administrator Paradyne Corporation
-
Brian L. Brush -
Coder, James (STP) -
neil lehrer -
Steve Losen