|
|
|
|
|
Managing CIFS Groups (Task Map)
This section describes how to manage CIFS groups and privileges for the
Solaris CIFS service.
Note - CIFS groups apply only to users that are connected through CIFS.
For information about CIFS groups and local users, see Local CIFS Groups. The following table points to the tasks that you can use to
manage CIFS groups through the Solaris CIFS service. Task |
Description |
For Instructions |
Create a CIFS group. |
Create
a CIFS group to manage users. |
How to Create a CIFS Group |
Add a member to a CIFS group. |
Add
a member to a CIFS group by using the smbadm command. |
How to Add a Member to a CIFS Group |
Remove a
member from a CIFS group. |
Remove a member from a CIFS group by
using the smbadm command. |
How to Remove a Member From a CIFS Group |
Modify CIFS group properties. |
A CIFS group can grant the
following privileges:
backup. Permit group members to back up file system objects.
restore. Permit group members to restore file system objects.
take-ownership. Permit group members to take ownership of file system objects.
You can specify a description of the CIFS group if you
modify the value of the description property. |
How to Modify CIFS Group Properties |
You use the smbadm(1M) command to manage CIFS groups on the system
that runs the Solaris CIFS service.
How to Create a CIFS Group
- Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC
authorizations, or use the “SMB Management” RBAC profile, which is part of
the “File System Management” profile.
Roles contain authorizations and privileged commands. For more information about roles, see
Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Choose the name of the group to create.
You might choose a name that reflects a common set of tasks
that the group can perform or the organization to which the group
members belong.
- Create the CIFS group.
# smbadm create [-d description] group-name The -d option is used to specify a textual description of the
CIFS group. For example, to create a group called wsales, type: # smbadm create -d "Sales Force for the Western Region" wsales In order to provide proper identity mapping between CIFS groups and Solaris
groups, a CIFS group must have a corresponding Solaris group. This requirement
has two consequences. First, the group name must conform to the intersection
of the Windows and Solaris group name rules. Thus, a CIFS group
name can be up to eight (8) characters long and contain only
lowercase characters and numbers. Second, a Solaris group has to be created
before a CIFS group can be created. The Solaris group is created
by using the groupadd command. See the groupadd(1M) man page.
How to Add a Member to a CIFS Group
- Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC
authorizations, or use the “SMB Management” RBAC profile, which is part of
the “File System Management” profile.
Roles contain authorizations and privileged commands. For more information about roles, see
Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Add a user to the CIFS group.
# smbadm add-member -m member-name [[-m member-name] …] group-name member-name can be specified as [domain-name\\]username or [domain-name/]username. The domain name is
the domain in which the user can be authenticated. By default, the
domain name is the name of the domain that you joined. You must escape the backslash character (\) because it is a special
character in the Solaris shells. For example, to add user terry of the sales domain to the
wsales group, type: # smbadm add-member -m sales\\terry wsales To add a local user to a CIFS group, specify the Solaris
host name rather than the domain name. For example, to add local
user terry of the solarsystem host to the wsales group, type: # smbadm add-member -m solarsystem\\terry wsales
How to Remove a Member From a CIFS Group
- Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC
authorizations, or use the “SMB Management” RBAC profile, which is part of
the “File System Management” profile.
Roles contain authorizations and privileged commands. For more information about roles, see
Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Remove a user from the CIFS group.
# smbadm remove-member -m member-name [[-m member-name] …] group-name member-name can be specified as [domain-name\\]username or [domain-name/]username. The domain name is
the domain in which the user can be authenticated. By default, the
domain name is the name of the domain that you joined. For example, to remove user terry of the sales domain from the
wsales group, type: # smbadm remove-member -m sales\\terry wsales To remove a local user from a CIFS group, specify the Solaris
host name rather than the domain name. For example, to remove local
user terry of the solarsystem host from the wsales group, type: # smbadm remove-member -m solarsystem\\terry wsales
How to Modify CIFS Group Properties
- Become superuser, assume an equivalent role, obtain the solaris.smf.value.smb and solaris.smf.manage.smb RBAC
authorizations, or use the “SMB Management” RBAC profile, which is part of
the “File System Management” profile.
Roles contain authorizations and privileged commands. For more information about roles, see
Configuring RBAC (Task Map) in System Administration Guide: Security Services. To configure a role with the Primary Administrator profile, see Chapter 2, Working With the Solaris Management Console (Tasks), in System Administration Guide: Basic Administration.
- Modify one or more CIFS group properties.
# smbadm set -p property=value [[-p property=value] …] group-name You can specify one or more property-value pairs on the command line.
Each property-value pair must be preceded by the -p option. Valid values
for privileges are on or off. The value of the description property
is an arbitrary text string. For example, to grant the backup privilege and to modify the description
of the wsales group, type: # smbadm set -p backup=on \ -p description="Sales force for the Western region" wsales
|
|
|
|
|