Thanks for posting the good comments, Steve. The name of the config file is /etc/symlink.translations, and it's used to map "rooted" symlinks (i.e. they start with "/"). This is all covered in the documentation.
We are developing a solution to this that allows you to securely follow links that leave a share. We'll let folks know when that becomes available. Or watch for bug 15808 to be fixed :-)
Mark Muhlestein -- mmm@netapp.com
-----Original Message----- From: Steve Losen [mailto:scl@sasha.acc.virginia.edu] Sent: Tuesday, January 09, 2001 8:33 AM To: Coder, James (STP) Cc: toasters@mathworks.com Subject: Re: following unix soft links
The filer does indeed understand and follow symlinks. Just be sure the symlink "makes sense" from the filer's perspective.
Note that under NFS, the filer simply sends the value of the symlink to the client and the client actually follows it. So under NFS the filer acts just like any other NFS server with regard to symlinks.
Under CIFS, however, the client does not know what a symlink is, so the filer itself must follow it. So the symlink must "make sense" to the filer.
Check out these options in the man pages and Sys. Admin. Guide
options cifs.home_dir options cifs.symlinks.enable options cifs.symlinks.cycleguard
There is also a file you can create (forgot the name) that the filer uses to translate symlinks so that they make sense to the filer.
To prevent users from circumventing security using symlink tricks, the filer will not follow all symlinks. But it should follow any symlink that refers back to the same share, provided the user has permissions to follow it. And the symlink must make sense to the filer, so relative symlinks are better than absolute ones, eg, foo -> ../bar/baz
Obviously, any symlink that triggers an automount is not going to work unless the data is on the same filer and you can come up with a translation that works.
The cifs.home_dir option is very handy if you have a lot of users. It allows you to automatically create a share for each user's home directory. That way a user can attach to \FILER\loginid and get straight into their home directory. All the home directories must have the same name as the loginid and must be directly beneath the cifs.home_dir directory. You can get around this restriction by using a directory of symlinks instead. The symlinks can cross volumes, but not filers. For example, set up the option like this:
options cifs.home_dir /vol/vol0/shares
Assume user bill's home directory is in /vol/vol0/h1/b/bi/bill
Set up this symlink on the filer:
/vol/vol0/shares/bill -> /vol/vol0/h1/b/bi/bill
Now bill can simply attach to \FILER\bill to get into his home directory.
I recently moved users from a Solaris home server to our
760 (6.0.1.r1).
filer. The users had created soft links (ln -s) to
directories (either
within their home directory or to other points via the automounter). Previously the Unix home shares were shared via samba and
Unix users in the
Windows environment could follow a soft link to the directory.
With the data moved to the NetApp, this is no longer
available when using
CIFS. I opened a case with NetApp and basically the answer
was - that's
right - the filer won't follow the link to a directory.
I have toyed with the idea of using samba on a box and
letting the user
point to it, thus letting samba provide the share service.
Have not tried
this, but was wondering if anyone has? Does anyone know of
a work-around
for this?
Thx in advance for any replies.
JCC
James C. Coder UNIX Administrator Guidant Corporation Phone: 651-582-4797 Email: james.coder@guidant.com mailto:james.coder@guidant.com
Steve Losen scl@virginia.edu phone: 804-924-0640
University of Virginia ITC Unix Support
-
Muhlestein, Mark