Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Solaris CIFS Administration Guide
Previous Next

Managing CIFS Groups (Task Map)

This section describes how to manage CIFS groups and privileges for the Solaris CIFS service.


Note - CIFS groups apply only to users that are connected through CIFS.


For information about CIFS groups and local users, see Local CIFS Groups.

The following table points to the tasks that you can use to manage CIFS groups through the Solaris CIFS service.

Task

Description

For Instructions

Create a CIFS group.

Create a CIFS group to manage users.

How to Create a CIFS Group

Add a member to a CIFS group.

Add a member to a CIFS group by using the smbadm command.

How to Add a Member to a CIFS Group

Remove a member from a CIFS group.

Remove a member from a CIFS group by using the smbadm command.

How to Remove a Member From a CIFS Group

Modify CIFS group properties.

A CIFS group can grant the following privileges:

  • backup. Permit group members to back up file system objects.

  • restore. Permit group members to restore file system objects.

  • take-ownership. Permit group members to take ownership of file system objects.

You can specify a description of the CIFS group if you modify the value of the description property.

How to Modify CIFS Group Properties

You use the smbadm(1M) command to manage CIFS groups on the system that runs the Solaris CIFS service.

How to Create a CIFS Group

  1. Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC authorizations, or use the “SMB Management” RBAC profile, which is part of the “File System Management” profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Choose the name of the group to create.

    You might choose a name that reflects a common set of tasks that the group can perform or the organization to which the group members belong.

  3. Create the CIFS group.
    # smbadm create [-d description] group-name

    The -d option is used to specify a textual description of the CIFS group.

    For example, to create a group called wsales, type:

    # smbadm create -d "Sales Force for the Western Region" wsales

    In order to provide proper identity mapping between CIFS groups and Solaris groups, a CIFS group must have a corresponding Solaris group. This requirement has two consequences. First, the group name must conform to the intersection of the Windows and Solaris group name rules. Thus, a CIFS group name can be up to eight (8) characters long and contain only lowercase characters and numbers. Second, a Solaris group has to be created before a CIFS group can be created. The Solaris group is created by using the groupadd command. See the groupadd(1M) man page.

How to Add a Member to a CIFS Group

  1. Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC authorizations, or use the “SMB Management” RBAC profile, which is part of the “File System Management” profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Add a user to the CIFS group.
    # smbadm add-member -m member-name [[-m member-name] …] group-name

    member-name can be specified as [domain-name\\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.

    You must escape the backslash character (\) because it is a special character in the Solaris shells.

    For example, to add user terry of the sales domain to the wsales group, type:

    # smbadm add-member -m sales\\terry wsales

    To add a local user to a CIFS group, specify the Solaris host name rather than the domain name. For example, to add local user terry of the solarsystem host to the wsales group, type:

    # smbadm add-member -m solarsystem\\terry wsales

How to Remove a Member From a CIFS Group

  1. Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC authorizations, or use the “SMB Management” RBAC profile, which is part of the “File System Management” profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Remove a user from the CIFS group.
    # smbadm remove-member -m member-name [[-m member-name] …] group-name

    member-name can be specified as [domain-name\\]username or [domain-name/]username. The domain name is the domain in which the user can be authenticated. By default, the domain name is the name of the domain that you joined.

    For example, to remove user terry of the sales domain from the wsales group, type:

    # smbadm remove-member -m sales\\terry wsales

    To remove a local user from a CIFS group, specify the Solaris host name rather than the domain name. For example, to remove local user terry of the solarsystem host from the wsales group, type:

    # smbadm remove-member -m solarsystem\\terry wsales

How to Modify CIFS Group Properties

  1. Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC authorizations, or use the “SMB Management” RBAC profile, which is part of the “File System Management” profile.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.

  2. Modify one or more CIFS group properties.
    # smbadm set -p property=value [[-p property=value] …] group-name

    You can specify one or more property-value pairs on the command line. Each property-value pair must be preceded by the -p option. Valid values for privileges are on or off. The value of the description property is an arbitrary text string.

    For example, to grant the backup privilege and to modify the description of the wsales group, type:

    # smbadm set -p backup=on \ -p description="Sales force for the Western region" wsales
Previous Next

 
 
  Published under the terms fo the Public Documentation License Version 1.01. Design by Interspire