Manual Pages
Table of Contents
na_cifs_access - modify share-level access control or Windows
machine account access
cifs access share [ -g ] user rights
cifs access -delete share [ -g ] user
cifs access share -m
cifs access -delete share -m
The cifs access command sets or modifies the share-level
Access Control List (``ACL'') of one or more shares. It
may also be used to set Windows machine account access to
the shares when Kerberos is used.
The share argument specifies the share whose ACL or Windows
machine account access is to be modified. If share
contains the wildcard characters * or ? , then the access
all the shares matching the specified pattern are modified.
The user argument specifies the user or group of the
ACL entry. user can be an NT user or group, if the filer
is using NT domain authentication, or it can be a Unix
user or group, or it can be the special all-encompassing
group everyone. The rights argument can be specified in
either NT or Unix style. NT-style rights are:
No Access
Read
Change
Full Control
Unix-style rights are a combination of r for read, w for
write, and x for execute.
If a share-level ACL entry for user already exists on the
specified share, cifs access updates that ACL entry.
To display the current share-level ACL of a share, use
Windows Server Manager or the cifs shares command.
If Kerberos is used, Windows machine accounts can authenticate
with the filer. Windows machine accounts are specified
with the -m option and access can only be allowed or
denied. cifs access may also be used to add Windows
machine account access to home directories by specifying
cifs.homedir as the share.
To determine if Windows machine accounts can access share,
use the cifs shares command.
-
-m
- Specifies that access is being modified for
Windows machine accounts.
-
-g
- Specifies that user is the name of a Unix
group. Use this option when you have a
Unix group and a Unix user or NT user or
group with the same name.
-
-delete
- Deletes the ACL entry for user on share or
denys Windows machine account access to
share.
The following example grants NT Read access to the NT user
ENGINEERING\mary on the share releases.
toaster> cifs access releases ENGINEERING\mary Read
The following example grants Unix read and execute access
to the user john on the share accounting.
toaster> cifs access accounting john rx
The following example grants full access to the Unix group
wheel on the share sysadmins.
toaster> cifs access sysadmins -g wheel Full Control
The following example deletes the ACL entry for ENGINEERING\mary
on the share releases.
toaster> cifs access -delete releases ENGINEERING\mary
The following example permits Windows machine account
access to home directories
toaster> cifs access cifs.homedir -m
Any changes take effect immediately
Changes are persistent across system reboots.
na_cifs_shares(1)
Table of Contents