Commit | Line | Data |
---|---|---|
f139291c MCC |
1 | ===== |
2 | Usage | |
3 | ===== | |
4 | ||
ec11653b SF |
5 | This module supports the SMB3 family of advanced network protocols (as well |
6 | as older dialects, originally called "CIFS" or SMB1). | |
7 | ||
8 | The CIFS VFS module for Linux supports many advanced network filesystem | |
9 | features such as hierarchical DFS like namespace, hardlinks, locking and more. | |
f139291c MCC |
10 | It was designed to comply with the SNIA CIFS Technical Reference (which |
11 | supersedes the 1992 X/Open SMB Standard) as well as to perform best practice | |
12 | practical interoperability with Windows 2000, Windows XP, Samba and equivalent | |
675c4679 | 13 | servers. This code was developed in participation with the Protocol Freedom |
ec11653b SF |
14 | Information Foundation. CIFS and now SMB3 has now become a defacto |
15 | standard for interoperating between Macs and Windows and major NAS appliances. | |
675c4679 SF |
16 | |
17 | Please see | |
f139291c | 18 | MS-SMB2 (for detailed SMB2/SMB3/SMB3.1.1 protocol specification) |
02030eb7 | 19 | or https://samba.org/samba/PFIF/ |
675c4679 SF |
20 | for more details. |
21 | ||
1da177e4 LT |
22 | |
23 | For questions or bug reports please contact: | |
f139291c | 24 | |
f30e4148 | 25 | smfrench@gmail.com |
1da177e4 | 26 | |
ec11653b SF |
27 | See the project page at: https://wiki.samba.org/index.php/LinuxCIFS_utils |
28 | ||
f139291c | 29 | Build instructions |
1da177e4 | 30 | ================== |
f139291c | 31 | |
ec11653b | 32 | For Linux: |
f139291c | 33 | |
cba22b1c | 34 | 1) Download the kernel (e.g. from https://www.kernel.org) |
f139291c MCC |
35 | and change directory into the top of the kernel directory tree |
36 | (e.g. /usr/src/linux-2.5.73) | |
1da177e4 LT |
37 | 2) make menuconfig (or make xconfig) |
38 | 3) select cifs from within the network filesystem choices | |
39 | 4) save and exit | |
40 | 5) make | |
41 | ||
42 | ||
f139291c | 43 | Installation instructions |
1da177e4 | 44 | ========================= |
f139291c | 45 | |
1da177e4 | 46 | If you have built the CIFS vfs as module (successfully) simply |
f139291c | 47 | type ``make modules_install`` (or if you prefer, manually copy the file to |
f30e4148 | 48 | the modules directory e.g. /lib/modules/2.4.10-4GB/kernel/fs/cifs/cifs.ko). |
1da177e4 LT |
49 | |
50 | If you have built the CIFS vfs into the kernel itself, follow the instructions | |
51 | for your distribution on how to install a new kernel (usually you | |
f139291c | 52 | would simply type ``make install``). |
1da177e4 | 53 | |
f30e4148 SF |
54 | If you do not have the utility mount.cifs (in the Samba 4.x source tree and on |
55 | the CIFS VFS web site) copy it to the same directory in which mount helpers | |
56 | reside (usually /sbin). Although the helper software is not | |
f139291c | 57 | required, mount.cifs is recommended. Most distros include a ``cifs-utils`` |
ec11653b SF |
58 | package that includes this utility so it is recommended to install this. |
59 | ||
1da177e4 LT |
60 | Note that running the Winbind pam/nss module (logon service) on all of your |
61 | Linux clients is useful in mapping Uids and Gids consistently across the | |
62 | domain to the proper network user. The mount.cifs mount helper can be | |
ec11653b | 63 | found at cifs-utils.git on git.samba.org |
1da177e4 LT |
64 | |
65 | If cifs is built as a module, then the size and number of network buffers | |
66 | and maximum number of simultaneous requests to one server can be configured. | |
f139291c MCC |
67 | Changing these from their defaults is not recommended. By executing modinfo:: |
68 | ||
1da177e4 | 69 | modinfo kernel/fs/cifs/cifs.ko |
f139291c | 70 | |
1da177e4 LT |
71 | on kernel/fs/cifs/cifs.ko the list of configuration changes that can be made |
72 | at module initialization time (by running insmod cifs.ko) can be seen. | |
73 | ||
ec11653b SF |
74 | Recommendations |
75 | =============== | |
f139291c | 76 | |
ec11653b SF |
77 | To improve security the SMB2.1 dialect or later (usually will get SMB3) is now |
78 | the new default. To use old dialects (e.g. to mount Windows XP) use "vers=1.0" | |
79 | on mount (or vers=2.0 for Windows Vista). Note that the CIFS (vers=1.0) is | |
80 | much older and less secure than the default dialect SMB3 which includes | |
81 | many advanced security features such as downgrade attack detection | |
82 | and encrypted shares and stronger signing and authentication algorithms. | |
83 | There are additional mount options that may be helpful for SMB3 to get | |
84 | improved POSIX behavior (NB: can use vers=3.0 to force only SMB3, never 2.1): | |
f139291c MCC |
85 | |
86 | ``mfsymlinks`` and ``cifsacl`` and ``idsfromsid`` | |
ec11653b | 87 | |
1da177e4 LT |
88 | Allowing User Mounts |
89 | ==================== | |
f139291c | 90 | |
1da177e4 LT |
91 | To permit users to mount and unmount over directories they own is possible |
92 | with the cifs vfs. A way to enable such mounting is to mark the mount.cifs | |
f139291c | 93 | utility as suid (e.g. ``chmod +s /sbin/mount.cifs``). To enable users to |
1da177e4 | 94 | umount shares they mount requires |
f139291c | 95 | |
1da177e4 LT |
96 | 1) mount.cifs version 1.4 or later |
97 | 2) an entry for the share in /etc/fstab indicating that a user may | |
f139291c MCC |
98 | unmount it e.g.:: |
99 | ||
100 | //server/usersharename /mnt/username cifs user 0 0 | |
1da177e4 | 101 | |
f139291c MCC |
102 | Note that when the mount.cifs utility is run suid (allowing user mounts), |
103 | in order to reduce risks, the ``nosuid`` mount flag is passed in on mount to | |
1da177e4 LT |
104 | disallow execution of an suid program mounted on the remote target. |
105 | When mount is executed as root, nosuid is not passed in by default, | |
106 | and execution of suid programs on the remote target would be enabled | |
f139291c MCC |
107 | by default. This can be changed, as with nfs and other filesystems, |
108 | by simply specifying ``nosuid`` among the mount options. For user mounts | |
109 | though to be able to pass the suid flag to mount requires rebuilding | |
ec11653b | 110 | mount.cifs with the following flag: CIFS_ALLOW_USR_SUID |
1da177e4 LT |
111 | |
112 | There is a corresponding manual page for cifs mounting in the Samba 3.0 and | |
f139291c | 113 | later source tree in docs/manpages/mount.cifs.8 |
1da177e4 | 114 | |
099a58f6 SF |
115 | Allowing User Unmounts |
116 | ====================== | |
f139291c | 117 | |
099a58f6 | 118 | To permit users to ummount directories that they have user mounted (see above), |
f139291c | 119 | the utility umount.cifs may be used. It may be invoked directly, or if |
0cb766ae | 120 | umount.cifs is placed in /sbin, umount can invoke the cifs umount helper |
099a58f6 | 121 | (at least for most versions of the umount utility) for umount of cifs |
0cb766ae SF |
122 | mounts, unless umount is invoked with -i (which will avoid invoking a umount |
123 | helper). As with mount.cifs, to enable user unmounts umount.cifs must be marked | |
f139291c | 124 | as suid (e.g. ``chmod +s /sbin/umount.cifs``) or equivalent (some distributions |
0cb766ae SF |
125 | allow adding entries to a file to the /etc/permissions file to achieve the |
126 | equivalent suid effect). For this utility to succeed the target path | |
127 | must be a cifs mount, and the uid of the current user must match the uid | |
128 | of the user who mounted the resource. | |
099a58f6 | 129 | |
f139291c | 130 | Also note that the customary way of allowing user mounts and unmounts is |
099a58f6 SF |
131 | (instead of using mount.cifs and unmount.cifs as suid) to add a line |
132 | to the file /etc/fstab for each //server/share you wish to mount, but | |
133 | this can become unwieldy when potential mount targets include many | |
134 | or unpredictable UNC names. | |
135 | ||
f139291c | 136 | Samba Considerations |
f30e4148 | 137 | ==================== |
f139291c | 138 | |
f30e4148 SF |
139 | Most current servers support SMB2.1 and SMB3 which are more secure, |
140 | but there are useful protocol extensions for the older less secure CIFS | |
141 | dialect, so to get the maximum benefit if mounting using the older dialect | |
142 | (CIFS/SMB1), we recommend using a server that supports the SNIA CIFS | |
143 | Unix Extensions standard (e.g. almost any version of Samba ie version | |
144 | 2.2.5 or later) but the CIFS vfs works fine with a wide variety of CIFS servers. | |
f139291c MCC |
145 | Note that uid, gid and file permissions will display default values if you do |
146 | not have a server that supports the Unix extensions for CIFS (such as Samba | |
147 | 2.2.5 or later). To enable the Unix CIFS Extensions in the Samba server, add | |
148 | the line:: | |
1da177e4 LT |
149 | |
150 | unix extensions = yes | |
f139291c MCC |
151 | |
152 | to your smb.conf file on the server. Note that the following smb.conf settings | |
153 | are also useful (on the Samba server) when the majority of clients are Unix or | |
154 | Linux:: | |
1da177e4 LT |
155 | |
156 | case sensitive = yes | |
f139291c | 157 | delete readonly = yes |
1da177e4 LT |
158 | ea support = yes |
159 | ||
160 | Note that server ea support is required for supporting xattrs from the Linux | |
f139291c | 161 | cifs client, and that EA support is present in later versions of Samba (e.g. |
1da177e4 LT |
162 | 3.0.6 and later (also EA support works in all versions of Windows, at least to |
163 | shares on NTFS filesystems). Extended Attribute (xattr) support is an optional | |
164 | feature of most Linux filesystems which may require enabling via | |
165 | make menuconfig. Client support for extended attributes (user xattr) can be | |
f139291c | 166 | disabled on a per-mount basis by specifying ``nouser_xattr`` on mount. |
1da177e4 LT |
167 | |
168 | The CIFS client can get and set POSIX ACLs (getfacl, setfacl) to Samba servers | |
f139291c | 169 | version 3.10 and later. Setting POSIX ACLs requires enabling both XATTR and |
1da177e4 LT |
170 | then POSIX support in the CIFS configuration options when building the cifs |
171 | module. POSIX ACL support can be disabled on a per mount basic by specifying | |
f139291c MCC |
172 | ``noacl`` on mount. |
173 | ||
174 | Some administrators may want to change Samba's smb.conf ``map archive`` and | |
175 | ``create mask`` parameters from the default. Unless the create mask is changed | |
1da177e4 LT |
176 | newly created files can end up with an unnecessarily restrictive default mode, |
177 | which may not be what you want, although if the CIFS Unix extensions are | |
178 | enabled on the server and client, subsequent setattr calls (e.g. chmod) can | |
f139291c MCC |
179 | fix the mode. Note that creating special devices (mknod) remotely |
180 | may require specifying a mkdev function to Samba if you are not using | |
1da177e4 | 181 | Samba 3.0.6 or later. For more information on these see the manual pages |
f139291c MCC |
182 | (``man smb.conf``) on the Samba server system. Note that the cifs vfs, |
183 | unlike the smbfs vfs, does not read the smb.conf on the client system | |
184 | (the few optional settings are passed in on mount via -o parameters instead). | |
1da177e4 | 185 | Note that Samba 2.2.7 or later includes a fix that allows the CIFS VFS to delete |
f139291c | 186 | open files (required for strict POSIX compliance). Windows Servers already |
1da177e4 LT |
187 | supported this feature. Samba server does not allow symlinks that refer to files |
188 | outside of the share, so in Samba versions prior to 3.0.6, most symlinks to | |
f139291c MCC |
189 | files with absolute paths (ie beginning with slash) such as:: |
190 | ||
1da177e4 | 191 | ln -s /mnt/foo bar |
f139291c MCC |
192 | |
193 | would be forbidden. Samba 3.0.6 server or later includes the ability to create | |
194 | such symlinks safely by converting unsafe symlinks (ie symlinks to server | |
1da177e4 LT |
195 | files that are outside of the share) to a samba specific format on the server |
196 | that is ignored by local server applications and non-cifs clients and that will | |
197 | not be traversed by the Samba server). This is opaque to the Linux client | |
198 | application using the cifs vfs. Absolute symlinks will work to Samba 3.0.5 or | |
199 | later, but only for remote clients using the CIFS Unix extensions, and will | |
200 | be invisbile to Windows clients and typically will not affect local | |
f139291c | 201 | applications running on the same server as Samba. |
1da177e4 | 202 | |
f139291c | 203 | Use instructions |
1da177e4 | 204 | ================ |
f139291c MCC |
205 | |
206 | Once the CIFS VFS support is built into the kernel or installed as a module | |
ec11653b | 207 | (cifs.ko), you can use mount syntax like the following to access Samba or |
f139291c | 208 | Mac or Windows servers:: |
1da177e4 | 209 | |
ec11653b | 210 | mount -t cifs //9.53.216.11/e$ /mnt -o username=myname,password=mypassword |
1da177e4 LT |
211 | |
212 | Before -o the option -v may be specified to make the mount.cifs | |
f139291c | 213 | mount helper display the mount steps more verbosely. |
1da177e4 | 214 | After -o the following commonly used cifs vfs specific options |
f139291c | 215 | are supported:: |
1da177e4 | 216 | |
ec11653b SF |
217 | username=<username> |
218 | password=<password> | |
1da177e4 | 219 | domain=<domain name> |
f139291c | 220 | |
1da177e4 LT |
221 | Other cifs mount options are described below. Use of TCP names (in addition to |
222 | ip addresses) is available if the mount helper (mount.cifs) is installed. If | |
223 | you do not trust the server to which are mounted, or if you do not have | |
224 | cifs signing enabled (and the physical network is insecure), consider use | |
f139291c | 225 | of the standard mount options ``noexec`` and ``nosuid`` to reduce the risk of |
1da177e4 LT |
226 | running an altered binary on your local system (downloaded from a hostile server |
227 | or altered by a hostile router). | |
228 | ||
229 | Although mounting using format corresponding to the CIFS URL specification is | |
230 | not possible in mount.cifs yet, it is possible to use an alternate format | |
231 | for the server and sharename (which is somewhat similar to NFS style mount | |
f139291c MCC |
232 | syntax) instead of the more widely used UNC format (i.e. \\server\share):: |
233 | ||
1da177e4 LT |
234 | mount -t cifs tcp_name_of_server:share_name /mnt -o user=myname,pass=mypasswd |
235 | ||
236 | When using the mount helper mount.cifs, passwords may be specified via alternate | |
f139291c | 237 | mechanisms, instead of specifying it after -o using the normal ``pass=`` syntax |
1da177e4 LT |
238 | on the command line: |
239 | 1) By including it in a credential file. Specify credentials=filename as one | |
f139291c MCC |
240 | of the mount options. Credential files contain two lines:: |
241 | ||
242 | username=someuser | |
243 | password=your_password | |
244 | ||
1da177e4 | 245 | 2) By specifying the password in the PASSWD environment variable (similarly |
f139291c | 246 | the user name can be taken from the USER environment variable). |
1da177e4 LT |
247 | 3) By specifying the password in a file by name via PASSWD_FILE |
248 | 4) By specifying the password in a file by file descriptor via PASSWD_FD | |
249 | ||
250 | If no password is provided, mount.cifs will prompt for password entry | |
251 | ||
252 | Restrictions | |
253 | ============ | |
f139291c MCC |
254 | |
255 | Servers must support either "pure-TCP" (port 445 TCP/IP CIFS connections) or RFC | |
256 | 1001/1002 support for "Netbios-Over-TCP/IP." This is not likely to be a | |
cea21805 | 257 | problem as most servers support this. |
1da177e4 LT |
258 | |
259 | Valid filenames differ between Windows and Linux. Windows typically restricts | |
f139291c | 260 | filenames which contain certain reserved characters (e.g.the character : |
1da177e4 LT |
261 | which is used to delimit the beginning of a stream name by Windows), while |
262 | Linux allows a slightly wider set of valid characters in filenames. Windows | |
263 | servers can remap such characters when an explicit mapping is specified in | |
f139291c | 264 | the Server's registry. Samba starting with version 3.10 will allow such |
1da177e4 LT |
265 | filenames (ie those which contain valid Linux characters, which normally |
266 | would be forbidden for Windows/CIFS semantics) as long as the server is | |
267 | configured for Unix Extensions (and the client has not disabled | |
ec11653b | 268 | /proc/fs/cifs/LinuxExtensionsEnabled). In addition the mount option |
f139291c | 269 | ``mapposix`` can be used on CIFS (vers=1.0) to force the mapping of |
ec11653b | 270 | illegal Windows/NTFS/SMB characters to a remap range (this mount parm |
f139291c | 271 | is the default for SMB3). This remap (``mapposix``) range is also |
ec11653b | 272 | compatible with Mac (and "Services for Mac" on some older Windows). |
1da177e4 LT |
273 | |
274 | CIFS VFS Mount Options | |
275 | ====================== | |
276 | A partial list of the supported mount options follows: | |
f139291c MCC |
277 | |
278 | username | |
279 | The user name to use when trying to establish | |
1da177e4 | 280 | the CIFS session. |
f139291c MCC |
281 | password |
282 | The user password. If the mount helper is | |
1da177e4 | 283 | installed, the user will be prompted for password |
f6d09982 | 284 | if not supplied. |
f139291c MCC |
285 | ip |
286 | The ip address of the target server | |
287 | unc | |
288 | The target server Universal Network Name (export) to | |
289 | mount. | |
290 | domain | |
291 | Set the SMB/CIFS workgroup name prepended to the | |
1da177e4 | 292 | username during CIFS session establishment |
f139291c MCC |
293 | forceuid |
294 | Set the default uid for inodes to the uid | |
d098564f | 295 | passed in on mount. For mounts to servers |
4523cc30 SF |
296 | which do support the CIFS Unix extensions, such as a |
297 | properly configured Samba server, the server provides | |
d098564f | 298 | the uid, gid and mode so this parameter should not be |
4523cc30 SF |
299 | specified unless the server and clients uid and gid |
300 | numbering differ. If the server and client are in the | |
301 | same domain (e.g. running winbind or nss_ldap) and | |
302 | the server supports the Unix Extensions then the uid | |
303 | and gid can be retrieved from the server (and uid | |
08559657 | 304 | and gid would not have to be specified on the mount. |
4523cc30 SF |
305 | For servers which do not support the CIFS Unix |
306 | extensions, the default uid (and gid) returned on lookup | |
307 | of existing files will be the uid (gid) of the person | |
1da177e4 | 308 | who executed the mount (root, except when mount.cifs |
f139291c | 309 | is configured setuid for user mounts) unless the ``uid=`` |
d098564f | 310 | (gid) mount option is specified. Also note that permission |
1da177e4 LT |
311 | checks (authorization checks) on accesses to a file occur |
312 | at the server, but there are cases in which an administrator | |
313 | may want to restrict at the client as well. For those | |
314 | servers which do not report a uid/gid owner | |
315 | (such as Windows), permissions can also be checked at the | |
f139291c MCC |
316 | client, and a crude form of client side permission checking |
317 | can be enabled by specifying file_mode and dir_mode on | |
d098564f | 318 | the client. (default) |
f139291c MCC |
319 | forcegid |
320 | (similar to above but for the groupid instead of uid) (default) | |
321 | noforceuid | |
322 | Fill in file owner information (uid) by requesting it from | |
d098564f SF |
323 | the server if possible. With this option, the value given in |
324 | the uid= option (on mount) will only be used if the server | |
325 | can not support returning uids on inodes. | |
f139291c MCC |
326 | noforcegid |
327 | (similar to above but for the group owner, gid, instead of uid) | |
328 | uid | |
329 | Set the default uid for inodes, and indicate to the | |
d098564f | 330 | cifs kernel driver which local user mounted. If the server |
f0472d0e SF |
331 | supports the unix extensions the default uid is |
332 | not used to fill in the owner fields of inodes (files) | |
f139291c MCC |
333 | unless the ``forceuid`` parameter is specified. |
334 | gid | |
335 | Set the default gid for inodes (similar to above). | |
336 | file_mode | |
337 | If CIFS Unix extensions are not supported by the server | |
1da177e4 | 338 | this overrides the default mode for file inodes. |
f139291c MCC |
339 | fsc |
340 | Enable local disk caching using FS-Cache (off by default). This | |
341 | option could be useful to improve performance on a slow link, | |
3694b91a SJ |
342 | heavily loaded server and/or network where reading from the |
343 | disk is faster than reading from the server (over the network). | |
344 | This could also impact scalability positively as the | |
345 | number of calls to the server are reduced. However, local | |
346 | caching is not suitable for all workloads for e.g. read-once | |
347 | type workloads. So, you need to consider carefully your | |
348 | workload/scenario before using this option. Currently, local | |
349 | disk caching is functional for CIFS files opened as read-only. | |
f139291c MCC |
350 | dir_mode |
351 | If CIFS Unix extensions are not supported by the server | |
1da177e4 | 352 | this overrides the default mode for directory inodes. |
f139291c MCC |
353 | port |
354 | attempt to contact the server on this tcp port, before | |
1da177e4 | 355 | trying the usual ports (port 445, then 139). |
f139291c MCC |
356 | iocharset |
357 | Codepage used to convert local path names to and from | |
1da177e4 LT |
358 | Unicode. Unicode is used by default for network path |
359 | names if the server supports it. If iocharset is | |
360 | not specified then the nls_default specified | |
361 | during the local client kernel build will be used. | |
362 | If server does not support Unicode, this parameter is | |
363 | unused. | |
f139291c MCC |
364 | rsize |
365 | default read size (usually 16K). The client currently | |
75865f8c SF |
366 | can not use rsize larger than CIFSMaxBufSize. CIFSMaxBufSize |
367 | defaults to 16K and may be changed (from 8K to the maximum | |
368 | kmalloc size allowed by your kernel) at module install time | |
369 | for cifs.ko. Setting CIFSMaxBufSize to a very large value | |
370 | will cause cifs to use more memory and may reduce performance | |
371 | in some cases. To use rsize greater than 127K (the original | |
372 | cifs protocol maximum) also requires that the server support | |
373 | a new Unix Capability flag (for very large read) which some | |
374 | newer servers (e.g. Samba 3.0.26 or later) do. rsize can be | |
375 | set from a minimum of 2048 to a maximum of 130048 (127K or | |
376 | CIFSMaxBufSize, whichever is smaller) | |
f139291c MCC |
377 | wsize |
378 | default write size (default 57344) | |
75865f8c SF |
379 | maximum wsize currently allowed by CIFS is 57344 (fourteen |
380 | 4096 byte pages) | |
f139291c MCC |
381 | actimeo=n |
382 | attribute cache timeout in seconds (default 1 second). | |
6d20e840 SJ |
383 | After this timeout, the cifs client requests fresh attribute |
384 | information from the server. This option allows to tune the | |
385 | attribute cache timeout to suit the workload needs. Shorter | |
386 | timeouts mean better the cache coherency, but increased number | |
387 | of calls to the server. Longer timeouts mean reduced number | |
388 | of calls to the server at the expense of less stricter cache | |
389 | coherency checks (i.e. incorrect attribute cache for a short | |
390 | period of time). | |
f139291c MCC |
391 | rw |
392 | mount the network share read-write (note that the | |
1da177e4 | 393 | server may still consider the share read-only) |
f139291c MCC |
394 | ro |
395 | mount network share read-only | |
396 | version | |
397 | used to distinguish different versions of the | |
1da177e4 | 398 | mount helper utility (not typically needed) |
f139291c MCC |
399 | sep |
400 | if first mount option (after the -o), overrides | |
1da177e4 | 401 | the comma as the separator between the mount |
f139291c MCC |
402 | parms. e.g.:: |
403 | ||
1da177e4 | 404 | -o user=myname,password=mypassword,domain=mydom |
f139291c MCC |
405 | |
406 | could be passed instead with period as the separator by:: | |
407 | ||
1da177e4 | 408 | -o sep=.user=myname.password=mypassword.domain=mydom |
f139291c | 409 | |
1da177e4 LT |
410 | this might be useful when comma is contained within username |
411 | or password or domain. This option is less important | |
412 | when the cifs mount helper cifs.mount (version 1.1 or later) | |
413 | is used. | |
f139291c MCC |
414 | nosuid |
415 | Do not allow remote executables with the suid bit | |
1da177e4 LT |
416 | program to be executed. This is only meaningful for mounts |
417 | to servers such as Samba which support the CIFS Unix Extensions. | |
418 | If you do not trust the servers in your network (your mount | |
419 | targets) it is recommended that you specify this option for | |
420 | greater security. | |
f139291c MCC |
421 | exec |
422 | Permit execution of binaries on the mount. | |
423 | noexec | |
424 | Do not permit execution of binaries on the mount. | |
425 | dev | |
426 | Recognize block devices on the remote mount. | |
427 | nodev | |
428 | Do not recognize devices on the remote mount. | |
429 | suid | |
430 | Allow remote files on this mountpoint with suid enabled to | |
1da177e4 LT |
431 | be executed (default for mounts when executed as root, |
432 | nosuid is default for user mounts). | |
f139291c MCC |
433 | credentials |
434 | Although ignored by the cifs kernel component, it is used by | |
1da177e4 | 435 | the mount helper, mount.cifs. When mount.cifs is installed it |
f139291c | 436 | opens and reads the credential file specified in order |
1da177e4 LT |
437 | to obtain the userid and password arguments which are passed to |
438 | the cifs vfs. | |
f139291c MCC |
439 | guest |
440 | Although ignored by the kernel component, the mount.cifs | |
1da177e4 LT |
441 | mount helper will not prompt the user for a password |
442 | if guest is specified on the mount options. If no | |
443 | password is specified a null password will be used. | |
f139291c MCC |
444 | perm |
445 | Client does permission checks (vfs_permission check of uid | |
1da177e4 LT |
446 | and gid of the file against the mode and desired operation), |
447 | Note that this is in addition to the normal ACL check on the | |
f139291c | 448 | target machine done by the server software. |
1da177e4 | 449 | Client permission checking is enabled by default. |
f139291c MCC |
450 | noperm |
451 | Client does not do permission checks. This can expose | |
1da177e4 LT |
452 | files on this mount to access by other users on the local |
453 | client system. It is typically only needed when the server | |
454 | supports the CIFS Unix Extensions but the UIDs/GIDs on the | |
455 | client and server system do not match closely enough to allow | |
6473a559 SF |
456 | access by the user doing the mount, but it may be useful with |
457 | non CIFS Unix Extension mounts for cases in which the default | |
458 | mode is specified on the mount but is not to be enforced on the | |
459 | client (e.g. perhaps when MultiUserMount is enabled) | |
1da177e4 LT |
460 | Note that this does not affect the normal ACL check on the |
461 | target machine done by the server software (of the server | |
462 | ACL against the user name provided at mount time). | |
f139291c MCC |
463 | serverino |
464 | Use server's inode numbers instead of generating automatically | |
1da177e4 LT |
465 | incrementing inode numbers on the client. Although this will |
466 | make it easier to spot hardlinked files (as they will have | |
467 | the same inode numbers) and inode numbers may be persistent, | |
468 | note that the server does not guarantee that the inode numbers | |
469 | are unique if multiple server side mounts are exported under a | |
470 | single share (since inode numbers on the servers might not | |
471 | be unique if multiple filesystems are mounted under the same | |
7521a3c5 SF |
472 | shared higher level directory). Note that some older |
473 | (e.g. pre-Windows 2000) do not support returning UniqueIDs | |
474 | or the CIFS Unix Extensions equivalent and for those | |
475 | this mount option will have no effect. Exporting cifs mounts | |
476 | under nfsd requires this mount option on the cifs mount. | |
f139291c | 477 | This is now the default if server supports the |
c5077ec4 | 478 | required network operation. |
f139291c MCC |
479 | noserverino |
480 | Client generates inode numbers (rather than using the actual one | |
c5077ec4 SF |
481 | from the server). These inode numbers will vary after |
482 | unmount or reboot which can confuse some applications, | |
483 | but not all server filesystems support unique inode | |
484 | numbers. | |
f139291c MCC |
485 | setuids |
486 | If the CIFS Unix extensions are negotiated with the server | |
1da177e4 LT |
487 | the client will attempt to set the effective uid and gid of |
488 | the local process on newly created files, directories, and | |
6473a559 SF |
489 | devices (create, mkdir, mknod). If the CIFS Unix Extensions |
490 | are not negotiated, for newly created files and directories | |
cab00891 | 491 | instead of using the default uid and gid specified on |
6473a559 SF |
492 | the mount, cache the new file's uid and gid locally which means |
493 | that the uid for the file can change when the inode is | |
f139291c MCC |
494 | reloaded (or the user remounts the share). |
495 | nosetuids | |
496 | The client will not attempt to set the uid and gid on | |
497 | on newly created files, directories, and devices (create, | |
1da177e4 LT |
498 | mkdir, mknod) which will result in the server setting the |
499 | uid and gid to the default (usually the server uid of the | |
67594feb | 500 | user who mounted the share). Letting the server (rather than |
6473a559 SF |
501 | the client) set the uid and gid is the default. If the CIFS |
502 | Unix Extensions are not negotiated then the uid and gid for | |
503 | new files will appear to be the uid (gid) of the mounter or the | |
504 | uid (gid) parameter specified on the mount. | |
f139291c MCC |
505 | netbiosname |
506 | When mounting to servers via port 139, specifies the RFC1001 | |
507 | source name to use to represent the client netbios machine | |
1da177e4 | 508 | name when doing the RFC1001 netbios session initialize. |
f139291c MCC |
509 | direct |
510 | Do not do inode data caching on files opened on this mount. | |
af901ca1 | 511 | This precludes mmapping files on this mount. In some cases |
1da177e4 LT |
512 | with fast networks and little or no caching benefits on the |
513 | client (e.g. when the application is doing large sequential | |
f139291c | 514 | reads bigger than page size without rereading the same data) |
1da177e4 | 515 | this can provide better performance than the default |
f139291c MCC |
516 | behavior which caches reads (readahead) and writes |
517 | (writebehind) through the local Linux client pagecache | |
1da177e4 LT |
518 | if oplock (caching token) is granted and held. Note that |
519 | direct allows write operations larger than page size | |
520 | to be sent to the server. | |
f139291c MCC |
521 | strictcache |
522 | Use for switching on strict cache mode. In this mode the | |
d39454ff PS |
523 | client read from the cache all the time it has Oplock Level II, |
524 | otherwise - read from the server. All written data are stored | |
525 | in the cache, but if the client doesn't have Exclusive Oplock, | |
526 | it writes the data to the server. | |
f139291c MCC |
527 | rwpidforward |
528 | Forward pid of a process who opened a file to any read or write | |
d4ffff1f PS |
529 | operation on that file. This prevent applications like WINE |
530 | from failing on read and write if we use mandatory brlock style. | |
f139291c MCC |
531 | acl |
532 | Allow setfacl and getfacl to manage posix ACLs if server | |
1da177e4 | 533 | supports them. (default) |
f139291c MCC |
534 | noacl |
535 | Do not allow setfacl and getfacl calls on this mount | |
536 | user_xattr | |
537 | Allow getting and setting user xattrs (those attributes whose | |
538 | name begins with ``user.`` or ``os2.``) as OS/2 EAs (extended | |
f6d09982 SF |
539 | attributes) to the server. This allows support of the |
540 | setfattr and getfattr utilities. (default) | |
f139291c MCC |
541 | nouser_xattr |
542 | Do not allow getfattr/setfattr to get/set/list xattrs | |
543 | mapchars | |
544 | Translate six of the seven reserved characters (not backslash):: | |
545 | ||
737b758c | 546 | *?<>|: |
f139291c | 547 | |
6a0b4824 SF |
548 | to the remap range (above 0xF000), which also |
549 | allows the CIFS client to recognize files created with | |
550 | such characters by Windows's POSIX emulation. This can | |
551 | also be useful when mounting to most versions of Samba | |
552 | (which also forbids creating and opening files | |
553 | whose names contain any of these seven characters). | |
554 | This has no effect if the server does not support | |
555 | Unicode on the wire. | |
f139291c MCC |
556 | nomapchars |
557 | Do not translate any of these seven characters (default). | |
558 | nocase | |
559 | Request case insensitive path name matching (case | |
02582e9b | 560 | sensitive is the default if the server supports it). |
f139291c MCC |
561 | (mount option ``ignorecase`` is identical to ``nocase``) |
562 | posixpaths | |
563 | If CIFS Unix extensions are supported, attempt to | |
82940a46 SF |
564 | negotiate posix path name support which allows certain |
565 | characters forbidden in typical CIFS filenames, without | |
566 | requiring remapping. (default) | |
f139291c MCC |
567 | noposixpaths |
568 | If CIFS Unix extensions are supported, do not request | |
82940a46 SF |
569 | posix path name support (this may cause servers to |
570 | reject creatingfile with certain reserved characters). | |
f139291c MCC |
571 | nounix |
572 | Disable the CIFS Unix Extensions for this mount (tree | |
a403a0a3 SF |
573 | connection). This is rarely needed, but it may be useful |
574 | in order to turn off multiple settings all at once (ie | |
575 | posix acls, posix locks, posix paths, symlink support | |
576 | and retrieving uids/gids/mode from the server) or to | |
577 | work around a bug in server which implement the Unix | |
578 | Extensions. | |
f139291c MCC |
579 | nobrl |
580 | Do not send byte range lock requests to the server. | |
c46fa8ac SF |
581 | This is necessary for certain applications that break |
582 | with cifs style mandatory byte range locks (and most | |
583 | cifs servers do not yet support requesting advisory | |
584 | byte range locks). | |
f139291c MCC |
585 | forcemandatorylock |
586 | Even if the server supports posix (advisory) byte range | |
13a6e42a SF |
587 | locking, send only mandatory lock requests. For some |
588 | (presumably rare) applications, originally coded for | |
589 | DOS/Windows, which require Windows style mandatory byte range | |
590 | locking, they may be able to take advantage of this option, | |
591 | forcing the cifs client to only send mandatory locks | |
592 | even if the cifs server would support posix advisory locks. | |
f139291c | 593 | ``forcemand`` is accepted as a shorter form of this mount |
13a6e42a | 594 | option. |
f139291c MCC |
595 | nostrictsync |
596 | If this mount option is set, when an application does an | |
be652445 SF |
597 | fsync call then the cifs client does not send an SMB Flush |
598 | to the server (to force the server to write all dirty data | |
599 | for this file immediately to disk), although cifs still sends | |
600 | all dirty (cached) file data to the server and waits for the | |
601 | server to respond to the write. Since SMB Flush can be | |
602 | very slow, and some servers may be reliable enough (to risk | |
603 | delaying slightly flushing the data to disk on the server), | |
604 | turning on this option may be useful to improve performance for | |
605 | applications that fsync too much, at a small risk of server | |
606 | crash. If this mount option is not set, by default cifs will | |
607 | send an SMB flush request (and wait for a response) on every | |
608 | fsync call. | |
f139291c MCC |
609 | nodfs |
610 | Disable DFS (global name space support) even if the | |
2c1b8615 | 611 | server claims to support it. This can help work around |
13a6e42a SF |
612 | a problem with parsing of DFS paths with Samba server |
613 | versions 3.0.24 and 3.0.25. | |
f139291c MCC |
614 | remount |
615 | remount the share (often used to change from ro to rw mounts | |
616 | or vice versa) | |
617 | cifsacl | |
618 | Report mode bits (e.g. on stat) based on the Windows ACL for | |
619 | the file. (EXPERIMENTAL) | |
620 | servern | |
621 | Specify the server 's netbios name (RFC1001 name) to use | |
622 | when attempting to setup a session to the server. | |
5e6e6232 CG |
623 | This is needed for mounting to some older servers (such |
624 | as OS/2 or Windows 98 and Windows ME) since they do not | |
625 | support a default server name. A server name can be up | |
626 | to 15 characters long and is usually uppercased. | |
f139291c MCC |
627 | sfu |
628 | When the CIFS Unix Extensions are not negotiated, attempt to | |
6473a559 SF |
629 | create device files and fifos in a format compatible with |
630 | Services for Unix (SFU). In addition retrieve bits 10-12 | |
631 | of the mode via the SETFILEBITS extended attribute (as | |
cab00891 | 632 | SFU does). In the future the bottom 9 bits of the |
6473a559 SF |
633 | mode also will be emulated using queries of the security |
634 | descriptor (ACL). | |
f139291c MCC |
635 | mfsymlinks |
636 | Enable support for Minshall+French symlinks | |
736a3320 SM |
637 | (see http://wiki.samba.org/index.php/UNIX_Extensions#Minshall.2BFrench_symlinks) |
638 | This option is ignored when specified together with the | |
639 | 'sfu' option. Minshall+French symlinks are used even if | |
640 | the server supports the CIFS Unix Extensions. | |
f139291c MCC |
641 | sign |
642 | Must use packet signing (helps avoid unwanted data modification | |
750d1151 SF |
643 | by intermediate systems in the route). Note that signing |
644 | does not work with lanman or plaintext authentication. | |
f139291c MCC |
645 | seal |
646 | Must seal (encrypt) all data on this mounted share before | |
95b1cb90 SF |
647 | sending on the network. Requires support for Unix Extensions. |
648 | Note that this differs from the sign mount option in that it | |
649 | causes encryption of data sent over this mounted share but other | |
650 | shares mounted to the same server are unaffected. | |
f139291c MCC |
651 | locallease |
652 | This option is rarely needed. Fcntl F_SETLEASE is | |
84210e91 SF |
653 | used by some applications such as Samba and NFSv4 server to |
654 | check to see whether a file is cacheable. CIFS has no way | |
655 | to explicitly request a lease, but can check whether a file | |
656 | is cacheable (oplocked). Unfortunately, even if a file | |
657 | is not oplocked, it could still be cacheable (ie cifs client | |
658 | could grant fcntl leases if no other local processes are using | |
659 | the file) for cases for example such as when the server does not | |
660 | support oplocks and the user is sure that the only updates to | |
661 | the file will be from this client. Specifying this mount option | |
662 | will allow the cifs client to check for leases (only) locally | |
663 | for files which are not oplocked instead of denying leases | |
664 | in that case. (EXPERIMENTAL) | |
f139291c MCC |
665 | sec |
666 | Security mode. Allowed values are: | |
667 | ||
668 | none | |
669 | attempt to connection as a null user (no name) | |
670 | krb5 | |
671 | Use Kerberos version 5 authentication | |
672 | krb5i | |
673 | Use Kerberos authentication and packet signing | |
674 | ntlm | |
675 | Use NTLM password hashing (default) | |
676 | ntlmi | |
677 | Use NTLM password hashing with signing (if | |
bf820679 | 678 | /proc/fs/cifs/PacketSigningEnabled on or if |
f139291c MCC |
679 | server requires signing also can be the default) |
680 | ntlmv2 | |
681 | Use NTLMv2 password hashing | |
682 | ntlmv2i | |
683 | Use NTLMv2 password hashing with packet signing | |
684 | lanman | |
685 | (if configured in kernel config) use older | |
189acaae | 686 | lanman hash |
f139291c MCC |
687 | hard |
688 | Retry file operations if server is not responding | |
689 | soft | |
690 | Limit retries to unresponsive servers (usually only | |
f6d09982 | 691 | one retry) before returning an error. (default) |
bf820679 | 692 | |
1da177e4 LT |
693 | The mount.cifs mount helper also accepts a few mount options before -o |
694 | including: | |
695 | ||
f139291c | 696 | =============== =============================================================== |
1da177e4 | 697 | -S take password from stdin (equivalent to setting the environment |
f139291c | 698 | variable ``PASSWD_FD=0`` |
1da177e4 LT |
699 | -V print mount.cifs version |
700 | -? display simple usage information | |
f139291c | 701 | =============== =============================================================== |
1da177e4 | 702 | |
8426c39c | 703 | With most 2.6 kernel versions of modutils, the version of the cifs kernel |
1da177e4 LT |
704 | module can be displayed via modinfo. |
705 | ||
706 | Misc /proc/fs/cifs Flags and Debug Info | |
707 | ======================================= | |
f139291c | 708 | |
1da177e4 | 709 | Informational pseudo-files: |
f139291c MCC |
710 | |
711 | ======================= ======================================================= | |
95c99904 SJ |
712 | DebugData Displays information about active CIFS sessions and |
713 | shares, features enabled as well as the cifs.ko | |
714 | version. | |
1da177e4 | 715 | Stats Lists summary resource usage information as well as per |
3de5e974 | 716 | share statistics. |
f139291c | 717 | ======================= ======================================================= |
1da177e4 LT |
718 | |
719 | Configuration pseudo-files: | |
f139291c MCC |
720 | |
721 | ======================= ======================================================= | |
254e55ed SF |
722 | SecurityFlags Flags which control security negotiation and |
723 | also packet signing. Authentication (may/must) | |
724 | flags (e.g. for NTLM and/or NTLMv2) may be combined with | |
725 | the signing flags. Specifying two different password | |
f139291c MCC |
726 | hashing mechanisms (as "must use") on the other hand |
727 | does not make much sense. Default flags are:: | |
728 | ||
729 | 0x07007 | |
730 | ||
731 | (NTLM, NTLMv2 and packet signing allowed). The maximum | |
254e55ed SF |
732 | allowable flags if you want to allow mounts to servers |
733 | using weaker password hashes is 0x37037 (lanman, | |
2e655021 SF |
734 | plaintext, ntlm, ntlmv2, signing allowed). Some |
735 | SecurityFlags require the corresponding menuconfig | |
736 | options to be enabled (lanman and plaintext require | |
737 | CONFIG_CIFS_WEAK_PW_HASH for example). Enabling | |
738 | plaintext authentication currently requires also | |
739 | enabling lanman authentication in the security flags | |
740 | because the cifs module only supports sending | |
741 | laintext passwords using the older lanman dialect | |
742 | form of the session setup SMB. (e.g. for authentication | |
743 | using plain text passwords, set the SecurityFlags | |
f139291c MCC |
744 | to 0x30030):: |
745 | ||
746 | may use packet signing 0x00001 | |
747 | must use packet signing 0x01001 | |
748 | may use NTLM (most common password hash) 0x00002 | |
749 | must use NTLM 0x02002 | |
750 | may use NTLMv2 0x00004 | |
751 | must use NTLMv2 0x04004 | |
752 | may use Kerberos security 0x00008 | |
753 | must use Kerberos 0x08008 | |
754 | may use lanman (weak) password hash 0x00010 | |
755 | must use lanman password hash 0x10010 | |
756 | may use plaintext passwords 0x00020 | |
757 | must use plaintext passwords 0x20020 | |
758 | (reserved for future packet encryption) 0x00040 | |
254e55ed | 759 | |
8426c39c JL |
760 | cifsFYI If set to non-zero value, additional debug information |
761 | will be logged to the system error log. This field | |
762 | contains three flags controlling different classes of | |
763 | debugging entries. The maximum value it can be set | |
764 | to is 7 which enables all debugging points (default 0). | |
765 | Some debugging statements are not compiled into the | |
766 | cifs kernel unless CONFIG_CIFS_DEBUG2 is enabled in the | |
767 | kernel configuration. cifsFYI may be set to one or | |
f139291c MCC |
768 | nore of the following flags (7 sets them all):: |
769 | ||
770 | +-----------------------------------------------+------+ | |
771 | | log cifs informational messages | 0x01 | | |
772 | +-----------------------------------------------+------+ | |
773 | | log return codes from cifs entry points | 0x02 | | |
774 | +-----------------------------------------------+------+ | |
775 | | log slow responses | 0x04 | | |
776 | | (ie which take longer than 1 second) | | | |
777 | | | | | |
778 | | CONFIG_CIFS_STATS2 must be enabled in .config | | | |
779 | +-----------------------------------------------+------+ | |
780 | ||
1da177e4 LT |
781 | traceSMB If set to one, debug information is logged to the |
782 | system error log with the start of smb requests | |
783 | and responses (default 0) | |
784 | LookupCacheEnable If set to one, inode information is kept cached | |
785 | for one second improving performance of lookups | |
786 | (default 1) | |
1da177e4 LT |
787 | LinuxExtensionsEnabled If set to one then the client will attempt to |
788 | use the CIFS "UNIX" extensions which are optional | |
789 | protocol enhancements that allow CIFS servers | |
790 | to return accurate UID/GID information as well | |
791 | as support symbolic links. If you use servers | |
792 | such as Samba that support the CIFS Unix | |
793 | extensions but do not want to use symbolic link | |
f139291c MCC |
794 | support and want to map the uid and gid fields |
795 | to values supplied at mount (rather than the | |
1da177e4 | 796 | actual values, then set this to zero. (default 1) |
f139291c | 797 | ======================= ======================================================= |
1da177e4 | 798 | |
f139291c MCC |
799 | These experimental features and tracing can be enabled by changing flags in |
800 | /proc/fs/cifs (after the cifs module has been installed or built into the | |
801 | kernel, e.g. insmod cifs). To enable a feature set it to 1 e.g. to enable | |
802 | tracing to the kernel message log type:: | |
1da177e4 | 803 | |
1047abc1 | 804 | echo 7 > /proc/fs/cifs/cifsFYI |
f139291c | 805 | |
1047abc1 SF |
806 | cifsFYI functions as a bit mask. Setting it to 1 enables additional kernel |
807 | logging of various informational messages. 2 enables logging of non-zero | |
808 | SMB return codes while 4 enables logging of requests that take longer | |
f139291c | 809 | than one second to complete (except for byte range lock requests). |
3de5e974 SF |
810 | Setting it to 4 requires CONFIG_CIFS_STATS2 to be set in kernel configuration |
811 | (.config). Setting it to seven enables all three. Finally, tracing | |
f139291c | 812 | the start of smb requests and responses can be enabled via:: |
1da177e4 LT |
813 | |
814 | echo 1 > /proc/fs/cifs/traceSMB | |
815 | ||
3de5e974 SF |
816 | Per share (per client mount) statistics are available in /proc/fs/cifs/Stats. |
817 | Additional information is available if CONFIG_CIFS_STATS2 is enabled in the | |
818 | kernel configuration (.config). The statistics returned include counters which | |
819 | represent the number of attempted and failed (ie non-zero return code from the | |
820 | server) SMB3 (or cifs) requests grouped by request type (read, write, close etc.). | |
1da177e4 LT |
821 | Also recorded is the total bytes read and bytes written to the server for |
822 | that share. Note that due to client caching effects this can be less than the | |
823 | number of bytes read and written by the application running on the client. | |
f139291c | 824 | Statistics can be reset to zero by ``echo 0 > /proc/fs/cifs/Stats`` which may be |
3de5e974 | 825 | useful if comparing performance of two different scenarios. |
f139291c MCC |
826 | |
827 | Also note that ``cat /proc/fs/cifs/DebugData`` will display information about | |
cea21805 | 828 | the active sessions and the shares that are mounted. |
3d2af346 SF |
829 | |
830 | Enabling Kerberos (extended security) works but requires version 1.2 or later | |
831 | of the helper program cifs.upcall to be present and to be configured in the | |
832 | /etc/request-key.conf file. The cifs.upcall helper program is from the Samba | |
cba22b1c | 833 | project(https://www.samba.org). NTLM and NTLMv2 and LANMAN support do not |
3d2af346 SF |
834 | require this helper. Note that NTLMv2 security (which does not require the |
835 | cifs.upcall helper program), instead of using Kerberos, is sufficient for | |
836 | some use cases. | |
837 | ||
be652445 SF |
838 | DFS support allows transparent redirection to shares in an MS-DFS name space. |
839 | In addition, DFS support for target shares which are specified as UNC | |
3d2af346 SF |
840 | names which begin with host names (rather than IP addresses) requires |
841 | a user space helper (such as cifs.upcall) to be present in order to | |
842 | translate host names to ip address, and the user space helper must also | |
be652445 SF |
843 | be configured in the file /etc/request-key.conf. Samba, Windows servers and |
844 | many NAS appliances support DFS as a way of constructing a global name | |
845 | space to ease network configuration and improve reliability. | |
3d2af346 SF |
846 | |
847 | To use cifs Kerberos and DFS support, the Linux keyutils package should be | |
848 | installed and something like the following lines should be added to the | |
f139291c | 849 | /etc/request-key.conf file:: |
3d2af346 | 850 | |
f139291c MCC |
851 | create cifs.spnego * * /usr/local/sbin/cifs.upcall %k |
852 | create dns_resolver * * /usr/local/sbin/cifs.upcall %k | |
3d2af346 | 853 | |
c9c4708f SJ |
854 | CIFS kernel module parameters |
855 | ============================= | |
856 | These module parameters can be specified or modified either during the time of | |
f139291c MCC |
857 | module loading or during the runtime by using the interface:: |
858 | ||
c9c4708f SJ |
859 | /proc/module/cifs/parameters/<param> |
860 | ||
f139291c | 861 | i.e.:: |
c9c4708f | 862 | |
f139291c | 863 | echo "value" > /sys/module/cifs/parameters/<param> |
3d2af346 | 864 | |
f139291c MCC |
865 | ================= ========================================================== |
866 | 1. enable_oplocks Enable or disable oplocks. Oplocks are enabled by default. | |
867 | [Y/y/1]. To disable use any of [N/n/0]. | |
868 | ================= ========================================================== |