OneFS includes a configurable SMB service to create and manage SMB shares. SMB shares provide Windows clients network access to file system resources on the cluster. You can grant permissions to users and groups to carry out operations such as reading, writing, and setting access permissions on SMB shares.

The /ifs directory is configured as an SMB share and is enabled by default. OneFS supports both user and anonymous security modes. If the user security mode is enabled, users who connect to a share from an SMB client must provide a valid user name with proper credentials.

SMB shares act as checkpoints, and users must have access to a share in order to access objects in a file system on a share. If a user has access granted to a file system, but not to the share on which it resides, that user will not be able to access the file system regardless of privileges. For example, assume a share named ABCDocs contains a file named file1.txt in a path such as: /ifs/data/ABCDocs/file1.txt. If a user attempting to access file1.txt does not have share privileges on ABCDocs, that user cannot access the file even if originally granted read and/or write privileges to the file.

The SMB protocol uses security identifiers (SIDs) for authorization data. All identities are converted to SIDs during retrieval and are converted back to their on-disk representation before they are stored on the cluster.

When a file or directory is created, OneFS checks the access control list (ACL) of its parent directory. If the ACL contains any inheritable access control entries (ACEs), a new ACL is generated from those ACEs. Otherwise, OneFS creates an ACL from the combined file and directory create mask and create mode settings.

OneFS supports the following SMB clients:

SMB version
Supported operating systems
3.0 - Multichannel only
Windows 8 or later

Windows Server 2012 or later

Windows 7 or later

Windows Server 2008 R2 or later

Windows Vista or later

Windows Server 2008 or later

Mac OS X 10.9 or later

Windows 2000 or later

Windows XP or later

Mac OS X 10.5 or later