Creating a CIFS Share

Precautions

You are advised not to enable the CIFS protocol for a namespace in Case-sensitive mode.

The storage system can only process file names carried in client requests in Case-sensitive mode. In addition, the storage system returns case-sensitive file names in its responses that need to carry file names to the client. If the client cannot correctly identify case-sensitive file names, the following circumstances may occur in some special scenarios:

1. Run the ren <src> <dest> command in the cmd window. If a file with the same name as the <src> file exists (for example, in Case-insensitive mode, file_A and file_a in the same directory), the client may display a message indicating that a file with the same name exists or no file can be found.
2. In Explorer, right-click the file file in a folder and choose Delete from the shortcut menu. If a file with the same name (for example, File) exists in the folder, the File file may be wrongly deleted and the file file still remains after the deletion due to the cache eviction policy of the client. In this case, if you access the file file, a message indicating that the file does not exist will be displayed. Then, refresh the page. The File file is restored and the file file disappears.
3. Run the del <dest> command in the cmd window. If a file with the same name as the <dest> file exists (for example, file_A and file_a), the file deleted may not be the <dest> file you intended to delete. For example, the file deleted after you run the del file_A command may be the file_a file.

If the preceding scenarios have no impact on services or the impact is acceptable, before creating a CIFS share, you are advised to choose the Case-sensitive mode, enable the recycle bin function of the namespace, and set a proper retention period to reduce the probability of data loss caused by abnormal client behaviors.

If you cannot evaluate the impact on services, contact technical support engineers.

Procedure

1. Choose Resources > Resources > Namespace.
2. Select a desired account from the Account drop-down list in the upper left corner.
3. Click More on the right of a desired namespace and select Create CIFS Share.

   The Create CIFS Share page is displayed.

4. Set the name of the CIFS share.
   

   • The name must be unique.
   • The share name cannot contain characters " / \ [ ] : | < > + ; , ? * =, start or end with a space, or be reserved name ipc$, autohome, ~, or print$.
   • The name contains 1 to 80 characters.

5. Set advanced properties of the CIFS share. Click Advanced.

   Table 1 describes related parameters.

   Table 1 Advanced parameters of the CIFS share

   Parameter	Description
   Description	Description of the CIFS share. NOTE: The description can be left blank or contain up to 255 characters.
   Create Default ACL	Determine whether to add a default ACL. This function creates a default ACL (full control rights to everyone; applied to the current directory, its subdirectories, and files in them) for a shared CIFS root directory if the directory has no ACL. You can change the default ACL in follow-up operations. To retain the UNIX mode bits, disable this function.
   Notify	After this function is enabled, a client's modification operations on a directory, such as adding a directory, adding a file, modifying the directory, and modifying a file, can be detected by other clients that are accessing this directory or the parent directory of this directory. Results of the modification operations are displayed after the page is automatically refreshed.
   Continuously Available	This option is used to enable or disable the SMB Failover feature. NOTE: The SMB Failover feature takes effect only after you enable the Oplock configuration item and run command change service cifs smb_global_ca_enable= yes on the CLI to enable the SMB service continuity function for tenants.
   SMB3 Encryption	Determine whether to enable SMB3 encryption. After this function is enabled, the system encrypts the share to ensure data security, but performance deteriorates. NOTICE: Enabling this function affects SMB3 service performance. Check whether this function needs to be enabled. After SMB3 encryption is enabled, only SMB3 clients can access shares by default.
   Unencrypted Client Access	After this function is enabled, clients that do not have encryption capabilities can access the share. NOTICE: After this function is enabled, clients of earlier versions (for example, Windows 7) are allowed to access shares where SMB3 encryption is enabled in plaintext. Check whether this function needs to be enabled. This function takes effect only after the SMB3 encryption function is enabled.
   Oplock	Opportunistic locking (oplock) is a mechanism used to improve client access efficiency and locally buffer files before they are sent to shared storage. This function is not recommended in the following scenarios: Scenarios that have high requirements for data integrity. If oplock is enabled in such scenarios, the local cache of the client may be lost due to network interruption or client faults. If the upper-layer service software does not have a mechanism to ensure data integrity, recovery, or retry, data loss may occur. Scenarios where multiple clients access the same file. If oplock is enabled in such scenarios, system performance will be adversely affected. NOTE: Oplock for a share takes effect only when both oplock for the account and oplock for the share are enabled.
   Lease	Lease allows a client to lock a file using a lease key, and the file locking can be canceled by the server. NOTE: Only clients of SMB 2.1 and later versions support lease. Run the change service cifs enable_leasev2=yes command to enable lease. Lease for a share takes effect only when both lease for the account and lease for the share are enabled.
   ABE	Access-based enumeration. Enabling this function hides files and folders that users do not have permissions to access. NOTE: SMB2 and SMB3 support the ABE function, but SMB1 does not.
   Show Previous Version	After the function of displaying previous versions is enabled, a client can display previous versions and supports version rollback.

6. Select user or user groups that can access the CIFS share.
   1. In the Permission area, click Add.

      The Add User or User Group page is displayed.

   2. Select the type of the users or user groups.

      The value can be Everyone, Local Windows authentication user, Local Windows authentication user group, AD domain user, or AD domain user group.

      • If you select Local Windows authentication user or Local Windows authentication user group, select the users or user groups to be added from the list.
      • If you select AD domain user or AD domain user group, enter the names of the users or user groups in Name.
        

        • A domain user name is in the format of Domain name\Domain user name and a domain user group name is in the format of Domain name\Domain user group name.
        • A total of 1 to 256 characters are allowed.
        • Multiple names are separated by carriage returns.
        • If you do not have the CIFS share administrator permission, you need to change the permission of the root directory in a namespace or dtree used by a share to 777 before you can create files or directories in the root directory in the namespace or dtree. The CLI command for modifying the permission on the root directory in a namespace is as follows:

          change namespace general name=Namespace name unix_permissions=777

          The CLI command for modifying the permission on the root directory in a dtree is as follows:

          change dtree general dtree_name=Dtree name file_system_id=Namespace ID unix_permissions=777

   3. In Permission Level, select the permission granted for the users or user groups.

      Table 2 describes related permissions.

      Table 2 CIFS share permissions

      Permission	Forbidden	Read-Only	Read/Write	Full Control
      Viewing files and subdirectories	Xa	√b	√	√
      Viewing file contents	X	√	√	√
      Running executable files	X	√	√	√
      Adding files or subdirectories	X	-c	√	√
      Modifying file contents	X	-	√	√
      Deleting files and subdirectories	X	-	√	√
      Renaming	X	-	√	√
      Changing ACL permissions of files or directories	X	-	-	√
      a: Users do not have the permission. b: Users have the permission. c: The specified permission is not involved.

      

      When a share is created for the audit log namespace, you cannot set the permission to Read/Write and Full control.

   4. Click OK.

      The system adds the selected users or user groups to the Permission list.

7. Click OK.