LinuxCIFS utils

From SambaWiki
Revision as of 16:33, 9 January 2014 by Jlayton (talk | contribs) (→‎News)


The in-kernel CIFS filesystem is generally the preferred method for mounting SMB/CIFS shares on Linux.

The in-kernel CIFS filesystem relies on a set of user-space tools. That package of tools is called cifs-utils. Although not really part of Samba proper, these tools were originally part of the Samba package. For several reasons, shipping these tools as part of Samba was problematic and it was deemed better to split them off into their own package.


  • January 9, 2014: Release 6.3
    • fixes for various bugs turned up by Coverity
    • clean unused cruft of out upcall binary
    • add new pam_cifscreds PAM module for establishing NTLM creds on login
  • October 4, 2013: Release 6.2
  • July 2, 2013: Release 6.1
  • March 25, 2013: Release 6.0
  • January 7, 2013: Release 5.9
  • November 11, 2012: Release 5.8
  • October 09, 2012: Release 5.7
  • July 26, 2012: Release 5.6
    • -Werror has been removed by default from CFLAGS
    • PIE and RELRO are enabled by default at build time
    • better integration with systemd by allowing the use of /bin/systemd-ask-password if available
    • better checks and warnings from cifscreds when used in environments that do not have a session keyring
  • May 30, 2012: Release 5.5
  • April 18, 2012: Release 5.4
    • the "rootsbindir" can now be specified at configure time
    • mount.cifs now supports the -s option by passing "sloppy" to the kernel in the options string
    • cifs.upcall now properly respects the domain_realm section in krb5.conf
    • unprivileged users can no longer mount onto dirs into which they can't chdir (fixes CVE-2012-1586)
  • January 28, 2012: Release 5.3
  • December 09, 2011: Release 5.2
    • cifs.idmap can now map uid/gid to SID in addition to the other way around
    • getcifsacl/setcifsacl are now installed by default in /usr/bin instead of /usr/sbin. The manpages are now in section 1.
    • cifs.upcall has a new scheme for picking the SPN on krb5 mounts. The hostname is now always lowercased. If we fail to get a ticket using an unqualified name, it now attempts to guess the domain name.
    • A lot of manpage updates, additions and corrections
  • September 23, 2011: Release 5.1
    • fix for a minor security issue that can corrupt the mtab
    • new getcifsacl/setcifsacl tools that allow you to fetch and set raw Windows ACLs via an xattr.
    • a lot of manpage patches
  • June 1, 2011: Release 5.0
    • mount.cifs always uses the original device string to ensure that umounts by unprivileged users are not problematic
    • there is a new cifs.idmap program for handling idmapping upcalls
    • a lot of manpage patches
  • March 4, 2011: Release 4.9
    • Some distros (namely Fedora) are moving to having /etc/mtab be a symlink to /proc/mounts. We automatically skip trying to alter the mtab if it's a symlink.
    • fix for a bug that could prevent root from mounting onto a directory to which he did not have explicit execute permission.
    • fix for a bug that caused the mount helper to pass in a corrupt address when someone specified an IPv6 address with a scopeid.
    • mount.cifs bugfix for an uninitialized variable that could cause a segfault
  • January 21, 2011: Release 4.8.1
  • January 15, 2011: Release 4.8
  • October 19, 2010: Release 4.7
  • July 30, 2010: Release 4.6
  • May 21, 2010: Release 4.5
  • April 28, 2010: Release 4.4
  • April 9, 2010: Release 4.3
  • April 2, 2010: Release 4.2
  • March 23, 2010: Release 4.1
  • March 3, 2010: Release 4.0 -- first official cifs-utils release
  • February 26, 2010: Release 4.0rc1
  • February 14, 2010: The git repo has moved to a new location. See the Development section below
  • February 9, 2010: Release 4.0-alpha1. In order to smooth the transition from shipping these tools as part of samba, the first release will be 4.0.


A historical set of cifs-utils releases is available in the releases directory.



The source code for cifs-utils is managed via git. An example checkout from the main git repo:

$ git clone git://

gitweb access is also available here.


Questions, suggestions, concerns, and patches should be sent to Security issues should be sent to to avoid immediate public disclosure.