Provided by: ksmbd-tools_3.5.2-3_amd64 bug

NAME

       ksmbd.conf - the configuration file for ksmbd.mountd

DESCRIPTION

       ksmbd.conf   is   the   configuration   file   for   ksmbd.mountd(8)   user  mode  daemon.
       ksmbd.addshare(8) can be used  for  configuring  shares  for  ksmbd.conf.   ksmbd.addshare
       modifies  ksmbd.conf  such  that  its existing formatting is not retained.  ksmbd.addshare
       notifies ksmbd.mountd of changes, if it had made any, by  sending  the  SIGHUP  signal  to
       ksmbd.mountd.  Changes made with ksmbd.addshare will never require restarting ksmbd.mountd
       and ksmbd to take effect.  ksmbd.control --reload can be used for  notifying  ksmbd.mountd
       of   changes   when   not   using   ksmbd.addshare.   ksmbd.conf  is  expected  to  be  at
       /etc/ksmbd/ksmbd.conf by default.  A configuration file that may serve as an  example  can
       be found at /etc/ksmbd/ksmbd.conf.example.

FILE FORMAT

       ksmbd.conf  consists  of  sections  (i.e. groups) with each section marking the end of the
       previous one.  A section begins with the section name enclosed in brackets  ([])  followed
       by  a  newline.   A  section  may  contain  parameters separated by newlines.  A parameter
       consists of a name (i.e. a key) and a value, in that order, separated  by  an  equal  sign
       (=).   A  name  may  contain  leading and trailing tabs and spaces.  A value, which begins
       immediately after the equal sign, may contain leading tabs and  spaces  or  be  empty.   A
       value  may be a list of multiple values separated by commas, tabs, and spaces.  For a list
       of users, all users in a system group are given by giving the group name prefixed with  an
       at  (@).   A  value  may  have  a  number  suffix, which is either Kr a hash (#) marks the
       beginning of a comment which continues until the end of the line.

SHARES

       Each section name, except that of the global section, defines a shared resource,  commonly
       referred  to  as a share.  A section name, which is the share name, must be UTF-8, [1, 64)
       bytes, and is case-insensitive.  Users that may be allowed to connect to a share are those
       that  are  present  in  ksmbdpwd.db(5)  user  database.  A share may limit which users are
       allowed to connect to a particular share.  When connected to a share, the user  is  mapped
       to  a  system  user  and underlying filesystem permissions are enforced.  By default, this
       mapping is done by name, but it may also be done by mapping all  users  connected  to  the
       share  to  a  single  system  user  and  group.  When connecting as a user not in the user
       database, only guest sessions may work.

PARAMETERS

       Share parameters, marked below with (S), can be  given  in  any  section.   When  a  share
       parameter  is  given  in  a  section  other than global, it is specific to that particular
       share.  Under the global section, a share parameter sets its default value for all shares.
       Global  parameters,  marked  below  with  (G), can only be given in the global section and
       control functionality that applies to the server.  Changes to global parameters apply only
       after restarting ksmbd.mountd and ksmbd.

       bind interfaces only (G)
              Only bind to interfaces given with interfaces.

              Default: bind interfaces only = no

       browseable (S)
              Share is seen in a net view and in the browse list.

              Default: browseable = yes

       comment (S)
              Description of the share as seen in a net view and and in the browse list.

              Default: comment =

       create mask (S)
              Octal  bitmask  that  gets  bitwise  ANDed with DOS-to-UNIX-mapped permissions when
              creating a file.

              Default: create mask = 0744

       crossmnt (S)
              Allow path lookup to cross a mountpoint to the root of a different filesystem.

              Default: crossmnt = yes

       deadtime (G)
              Number of minutes of inactivity before a connection is considered dead and is  then
              terminated.   The  connection  is  not  terminated  if it has any open files.  With
              deadtime = 0, no connection is considered dead due to inactivity.

              Default: deadtime = 0

       directory mask (S)
              Octal bitmask that gets bitwise  ANDed  with  DOS-to-UNIX-mapped  permissions  when
              creating a directory.

              Default: directory mask = 0755

       durable handles (G)
              Can grant SMB2 durable file handles on a share.

              Default: durable handles = no

       force create mode (S)
              Octal  bitmask  that  gets bitwise ORed after the bitmask given with create mask is
              applied.

              Default: force create mode = 0000

       force directory mode (S)
              Octal bitmask that gets bitwise ORed after the bitmask given with directory mask is
              applied.

              Default: force directory mode = 0000

       force group (S)
              System group that all users connected to the share are mapped to.

              Default: force group =

       force user (S)
              System  user that all users connected to the share are mapped to.  With force group
              = , primary group of the system user is the respective system group.

              Default: force user =

       guest account (G)
              User that does not require a password when connecting to any share with guest ok  =
              yes.   When  connecting  to  such  a  share with the user left empty, the parameter
              determines what system user to map to.

              Default: guest account = nobody

       guest account (S)
              User that does not require a password when connecting to the share with guest ok  =
              yes given.

              Default: guest account =

       guest ok (S)
              Allow  passwordless  connections  to the share as the user given with guest account
              and with the user left empty.

              Default: guest ok = no

       hide dot files (S)
              Files starting with a dot appear as hidden files.

              Default: hide dot files = yes

       inherit owner (S)
              Ownership for new files and directories is  controlled  by  the  ownership  of  the
              parent directory.

              Default: inherit owner = no

       interfaces (G)
              List of the interfaces that are listened to with bind interfaces only = yes given.

              Default: interfaces =

       invalid users (S)
              List of the users that are disallowed to connect to the share.  A user being in the
              list has precedence over it being in valid users.  With invalid users = ,  no  user
              is disallowed.

              Default: invalid users =

       ipc timeout (G)
              Number  of seconds user space has time to reply to a heartbeat frame.  If exceeded,
              all sessions and TCP connections will be closed.  With ipc timeout = 0, user  space
              can reply whenever.

              Default: ipc timeout = 0

       kerberos keytab file (G)
              Path of the keytab file for the service principal.  If no value is given, it is the
              default keytab resolved with krb5_kt_default(3).

              Default: kerberos keytab file =

       kerberos service name (G)
              Service principal name.  If no value is given, it is cifs/  followed  by  the  FQDN
              resolved with getaddrinfo(3).

              Default: kerberos service name =

       map to guest (G)
              When  to  map a user to the user given with guest account.  With map to guest = bad
              user, map when the user does not exist.

              Default: map to guest = never

       max active sessions (G)
              Maximum number of simultaneous sessions to all shares.

              Default: max active sessions = 1024

       max connections (G)
              Maximum number of simultaneous connections to the server.  With max  connections  =
              0,  the  value will be set to the maximum allowed number of 65536.  Number suffixes
              are allowed.

              Default: max connections = 128

       max connections (S)
              Maximum number of simultaneous connections to the share.  With max connections = 0,
              the  value will be set to the maximum allowed number of 65536.  Number suffixes are
              allowed.

              Default: max connections = 128

       max open files (G)
              Maximum number of simultaneous open files for a client.

              Default: max open files = 10000

       netbios name (G)
              NetBIOS name.

              Default: netbios name = KSMBD SERVER

       oplocks (S)
              Issue oplocks to file open requests on the share.

              Default: oplocks = yes

       path (S)
              Path of the directory users connected to the share are given access to.

              Default: path =

       read list (S)
              List of the users that are allowed read-only access to the share.  A user being  in
              the list has precedence over read only = no or it being in write list.

              Default: read list =

       read only (S)
              Users  are  allowed read-only access to the share.  With read only = no, the effect
              is the same as with writeable = yes.

              Default: read only = ; yes

       restrict anonymous (G)
              How to restrict connections to any share as the  user  given  with  guest  account.
              With  restrict anonymous = 1 or restrict anonymous = 2, disallow connections to the
              IPC$ share and any share that gives guest ok = no.

              Default: restrict anonymous = 0

       root directory (G)
              Path of the directory prepended to  path  of  every  share.   Somewhat  similar  to
              chroot(2).

              Default: root directory =

       server max protocol (G)
              Maximum protocol version supported.

              Default: server max protocol = SMB3_11

       server min protocol (G)
              Minimum protocol version supported.

              Default: server min protocol = SMB2_10

       server multi channel support (G)
              Use of SMB3 multi-channel is supported.  SMB3 multi-channel support is experimental
              and may corrupt data under race conditions.

              Default: server multi channel support = no

       server signing (G)
              Client is allowed or required to use SMB2 signing.  With server signing =  disabled
              or server signing = auto, SMB2 signing is allowed if it is requested by the client.
              With server signing = mandatory, SMB2 signing is required.

              Default: server signing = disabled

       server string (G)
              String that will appear in browse lists next to the machine name.

              Default: server string = SMB SERVER

       share:fake_fscaps (G)
              Decimal bitmask that gets bitwise ORed with the filesystem capability flags  so  as
              to  fake them.  With share:fake_fscaps = 64, the FILE_SUPPORTS_SPARSE_FILES flag is
              set.

              Default: share:fake_fscaps = 64

       smb2 leases (G)
              Negotiate SMB2 leases on file open requests.

              Default: smb2 leases = no

       smb2 max credits (G)
              Maximum number of outstanding simultaneous SMB2 operations.   Number  suffixes  are
              allowed.

              Default: smb2 max credits = 8192

       smb2 max read (G)
              Maximum  length  that  may be used in a SMB2 READ request sent by a client.  Number
              suffixes are allowed.

              Default: smb2 max read = 4MB

       smb2 max trans (G)
              Maximum buffer size that may be used by a client in a sent SET_INFO  request  or  a
              received  QUERY_INFO,  QUERY_DIRECTORY, or CHANGE_NOTIFY response.  Number suffixes
              are allowed.

              Default: smb2 max trans = 1MB

       smb2 max write (G)
              Maximum length that may be used in a SMB2 WRITE request sent by a  client.   Number
              suffixes are allowed.

              Default: smb2 max write = 4MB

       smb3 encryption (G)
              Client  is  disallowed,  allowed,  or  required  to use SMB3 encryption.  With smb3
              encryption = disabled, SMB3 encryption is disallowed even if it is requested by the
              client.  With smb3 encryption = auto, SMB3 encryption is allowed if it is requested
              by the client.  With smb3 encryption = mandatory, SMB3 encryption is required, i.e.
              clients that do not support encryption will be denied access to all shares.

              Default: smb3 encryption = auto

       smbd max io size (G)
              Maximum read/write size of SMB-Direct.  Number suffixes are allowed.

              Default: smbd max io size = 8MB

       store dos attributes (S)
              Store  DOS  attributes  using xattr and then use them in the DOS-to-UNIX-mapping of
              permissions.

              Default: store dos attributes = yes

       tcp port (G)
              TCP port that is listened to.

              Default: tcp port = 445

       valid users (S)
              List of the users that are allowed to connect to the share.  With valid users  =  ,
              all users are allowed.

              Default: valid users =

       veto files (S)
              Names of files and directories that are made invisible and inaccessible.  Names are
              given between forward slashes (/), e.g. veto files = /foo/bar/ to  make  files  and
              directories  named  foo  and bar invisible and inaccessible.  An asterisk (*) and a
              question mark (?) are used for matching any number of characters and  a  character,
              respectively.

              Default: veto files =

       vfs objects (S)
              List of the VFS modules to overload I/O operations with.  Available VFS modules are
              acl_xattr and streams_xattr.

              Default: vfs objects =

       workgroup (G)
              Workgroup the server will appear to be in when queried by clients.

              Default: workgroup = WORKGROUP

       writable (S)
              Users are allowed read-write access to the share.  With writable = yes, the  effect
              is the same as with read only = no.

              Default: writable =

       writeable (S)
              Synonym for writable.

       write list (S)
              List of the users that are allowed read-write access to the share.  A user being in
              the list has precedence over read only = yes.

              Default: write list =

       write ok (S)
              Synonym for writable.

COPYRIGHT

       Copyright ©  2015-2022  ksmbd-tools  contributors.   License  GPLv2:  GNU  GPL  version  2
       <https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html>.
       This  is free software: you are free to change and redistribute it.  There is NO WARRANTY,
       to the extent permitted by law.

REPORTING BUGS

       For  bug  reports,  use  the   issue   tracker   at   https://github.com/cifsd-team/ksmbd-
       tools/issues.

SEE ALSO

       Utilities
              ksmbd.addshare(8), ksmbd.adduser(8), ksmbd.mountd(8)