Creating a CIFS Homedir Share

Homedir shares are a type of CIFS shares. In Homedir share mode, a namespace is shared to a specific user as an exclusive directory. The user can only access the exclusive directory named after its user name.

Procedure

  1. Choose Resources > Resources > Share > CIFS Share.
  2. Select a desired account from the Account drop-down list in the upper left corner.
  3. Click Create Homedir.

    The Create CIFS Homedir Share page is displayed on the right.

  4. Set basic parameters for the CIFS Homedir share.

    Table 1 describes related parameters.
    Table 1 Basic CIFS Homedir share parameters

    Parameter

    Description

    Share Name

    Name used by a user for accessing shared resources.

    NOTE:

    If you want to use the autohome Homedir share, set the share name to autohome.

    [Value range]

    • The name must be unique.
    • The share name cannot contain characters " / \ [ ] : | < > + ; , ? * = #, start or end with a space, or be reserved name ipc$, ~, or print$.
      NOTE:
      • ipc$ is a resource that shares named pipes. A named pipe is one of the mechanisms of inter-process communication.
      • ~ is a symbol reserved for the autohome share.
      • print$ is a shared printer.
    • The name contains 1 to 80 characters.

    [Example]

    share_for_user1

    Relative Path

    Relative path of the user directory. When a user accesses a Homedir share, the actual directory that the user accesses consists of the share path (consisting of the namespace and dtree) configured in the mapping rule and the relative path configured here. If there is no relative path in the share path and the Auto Create Path function is enabled in the mapping rule, the system automatically creates a relative path. Otherwise, manually create a relative path in the share path to ensure that the directory exists when the share is accessed.

    [Value range]

    • The first character in the relative path must be a slash (/).
    • The relative path cannot contain special characters \:*?"<>| and consecutive slashes (/).
    • The relative path can contain common characters and special character strings such as %d and %w. %d indicates the domain name, and %w indicates the user name. If the relative path contains special character string %d/%w, the domain name and user name of the user are automatically matched. In this way, each user has independent space, and the namespace is shared to users as a private directory.

      For example, if the relative path is /home_%d/%w, the relative Homedir directory of user usera in domain china is /home_china/usera/. Assume that the name of the Homedir share created by the user is Homedirtest, and the user name is usera and the share path is /fstest/dtreetest in the mapping rule. When user usera accesses the Homedir share, the actual path that user usera accesses is /fstest/dtreetest/home_china/usera.

    • The relative path contains 1 to 255 characters.

    [Example]

    /home_%d/%w

  5. Click Advanced and set advanced properties of the CIFS Homedir share.

    Table 2 describes related parameters.

    Table 2 Advanced parameters of the CIFS Homedir share

    Parameter

    Description

    Description
    Description of the CIFS Homedir share.
    NOTE:

    The description can be left blank or contain up to 255 characters.

    Create Default ACL

    Determine whether to add a default ACL. This function creates a default ACL (full control rights to everyone; applied to the current directory, its subdirectories, and files in them) for a shared CIFS root directory if the directory has no ACL. You can change the default ACL in follow-up operations. To retain the UNIX mode bits, disable this function.

    Notify

    After this function is enabled, a client's modification operations on a directory, such as adding a directory, adding a file, modifying the directory, and modifying a file, can be detected by other clients that are accessing this directory or the parent directory of this directory. Results of the modification operations are displayed after the page is automatically refreshed.

    Continuously Available

    This option is used to enable or disable the SMB Failover feature.

    NOTE:

    The SMB Failover feature takes effect only after you enable the Oplock configuration item and run command change service cifs smb_global_ca_enable= yes on the CLI to enable the SMB service continuity function for tenants.

    SMB3 Encryption

    Determine whether to enable SMB3 encryption. After this function is enabled, the system encrypts the share to ensure data security, but performance deteriorates.

    NOTICE:
    • Enabling this function affects SMB3 service performance. Check whether this function needs to be enabled.
    • After SMB3 encryption is enabled, only SMB3 clients can access shares by default.

    Unencrypted Client Access

    After this function is enabled, clients that do not have encryption capabilities can access the share.

    NOTICE:
    • After this function is enabled, clients of earlier versions (for example, Windows 7) are allowed to access shares where SMB3 encryption is enabled in plaintext. Check whether this function needs to be enabled.
    • This function takes effect only after the SMB3 encryption function is enabled.

    Oplock

    Opportunistic locking (oplock) is a mechanism used to improve client access efficiency and locally buffer files before they are sent to shared storage. This function is not recommended in the following scenarios:

    • Scenarios that have high requirements for data integrity. If oplock is enabled in such scenarios, the local cache of the client may be lost due to network interruption or client faults. If the upper-layer service software does not have a mechanism to ensure data integrity, recovery, or retry, data loss may occur.
    • Scenarios where multiple clients access the same file. If oplock is enabled in such scenarios, system performance will be adversely affected.
    NOTE:

    Oplock for a share takes effect only when both oplock for the account and oplock for the share are enabled.

    Lease

    Lease allows a client to lock a file using a lease key, and the file locking can be canceled by the server.

    NOTE:
    • Only clients of SMB 2.1 and later versions support lease.
    • Run the change service cifs enable_leasev2=yes command to enable lease. Lease for a share takes effect only when both lease for the account and lease for the share are enabled.

    ABE

    Access-based enumeration. Enabling this function hides files and folders that users do not have permissions to access.

    NOTE:

    SMB2 and SMB3 support the ABE function, but SMB1 does not.

    Show Previous Version

    After the function of displaying previous versions is enabled, a client can display previous versions and supports version rollback.

  6. Set the permission of the user or user group for accessing the CIFS Homedir share.

    1. In the Permission area, click Add.

      The Add User or User Group page is displayed.

    2. Select the type of the users or user groups.

      The value can be Everyone, Local Windows authentication user, Local Windows authentication user group, AD domain user, or AD domain user group.

      • If you select Local Windows authentication user or Local Windows authentication user group, select the users or user groups to be added from the list.
      • If you select AD domain user or AD domain user group, enter the names of the users or user groups in Name.
        • A domain user name is in the format of Domain name\Domain user name and a domain user group name is in the format of Domain name\Domain user group name.
        • A total of 1 to 256 characters are allowed.
        • Multiple names are separated by carriage returns.
        • If you do not have the CIFS share administrator permission, you need to change the permission of the root directory in a namespace or dtree used by a share to 777 before you can create files or directories in the root directory in the namespace or dtree. The CLI command for modifying the permission on the root directory in a namespace is as follows:
          change namespace general name=Namespace name unix_permissions=777
          The CLI command for modifying the permission on the root directory in a dtree is as follows: 
          change dtree general dtree_name=Dtree name file_system_id=Namespace ID unix_permissions=777
    3. In Permission Level, select the permission to be granted for the users or user groups.

      Table 3 describes related permissions.

      Table 3 CIFS Homedir share permissions

      Permission

      Forbidden

      Read-Only

      Read/Write

      Full Control

      Viewing files and subdirectories

      Xa

      b

      Viewing file contents

      X

      Running executable files

      X

      Adding files or subdirectories

      X

      -c

      Modifying file contents

      X

      -

      Deleting files and subdirectories

      X

      -

      Renaming

      X

      -

      Changing ACL permissions of files or directories

      X

      -

      -

      a: Users do not have the permission.

      b: Users have the permission.

      c: The specified permission is not involved.
    4. Click OK.

      The system adds the selected users or user groups to the Permission list.

  7. Add a mapping rule.

    1. Click Add.

      The Add Mapping Rule page is displayed on the right.

    2. In Username, specify the user name of the CIFS Homedir mapping rule.
      • The user name contains 1 to 255 characters.
      • The user name can be a common or domain user name. A domain user name uses a backslash (\) to connect the domain name and user name. Only one backslash (\) is allowed, for example, china\user001. The domain name can only be a NetBIOS name.
      • The user name can contain only one wildcard (*), and the wildcard must be at the end of the user name. For example, china\* indicates all users in the china domain.
      • The user name can neither contain special characters "/[]<>+:;,?=|, and spaces, nor start with a backflash (\) and end with a period (.) or backflash (\). Wildcard (*) can only be at the end of the user name. Only one backflash (\) and wildcard (*) can be used.
    3. In the Namespace drop-down list, select a namespace for which you want to create a mapping rule.

      If Security Style of the namespace is UNIX, ensure that the user has the permission to access the relative path of the Homedir share when creating a mapping rule. Otherwise, the user cannot access the Homedir share.

    4. From the Dtree drop-down list, select a dtree for which you want to create a mapping rule.
    5. In Priority, set the priority of the mapping rule.
      • The value of Priority ranges from 1 to 1024. A smaller value indicates a higher priority.
      • Mapping rules are sorted by priority. A smaller value indicates a higher priority. Rules with the same priority are sorted based on the creation sequence. Users match priorities based on the mapping rules.
    6. Determine whether to enable Auto Create Path. After this function is enabled, if there is no relative path under the CIFS Homedir share, the system creates a relative path automatically.
      • When Auto Create Path is disabled, if there is no user path, the current mapping rule fails to be matched, and the system continues to match the next mapping rule.
      • If Security Style of the namespace is UNIX, the UNIX permission of the namespace root directory is 755 by default. To modify the UNIX permission, run the change

        namespace general name=Namespace name unix_permissions=777 command, so that the automatic path creation function takes effect. Otherwise, users matching this rule cannot access the Homedir share.

    7. Click OK.

      The system adds the configured mapping rule to the Mapping Rule list.

  8. Click OK.
Parent topic: Configuring and Managing CIFS Shares