Manual Pages


Table of Contents

NAME

na_cifs_access - modify share-level access control or Windows machine account access

SYNOPSIS

cifs access share [ -g ] user rights

cifs access -delete share [ -g ] user

cifs access share -m

cifs access -delete share -m

DESCRIPTION

The cifs access command sets or modifies the share-level Access Control List (``ACL'') of one or more shares. It may also be used to set Windows machine account access to the shares when Kerberos is used.

The share argument specifies the share whose ACL or Windows machine account access is to be modified. If share contains the wildcard characters * or ? , then the access all the shares matching the specified pattern are modified. The user argument specifies the user or group of the ACL entry. user can be an NT user or group, if the node is using NT domain authentication, or it can be a Unix user or group, or it can be the special all-encompassing group everyone. The rights argument can be specified in either NT or Unix style. NT-style rights are:

No Access

Read

Change

Full Control

Unix-style rights are a combination of r for read, w for write, and x for execute.

If a share-level ACL entry for user already exists on the specified share, cifs access updates that ACL entry.

To display the current share-level ACL of a share, use Windows Server Manager or the cifs shares command.

If Kerberos is used, Windows machine accounts can authenticate with the node. Windows machine accounts are specified with the -m option and access can only be allowed or denied. cifs access may also be used to add Windows machine account access to home directories by specifying cifs.homedir as the share.

To determine if Windows machine accounts can access share, use the cifs shares command.

OPTIONS

-m
Specifies that access is being modified for Windows machine accounts.

-g
Specifies that user is the name of a Unix group. Use this option when you have a Unix group and a Unix user or NT user or group with the same name.

-delete
Deletes the ACL entry for user on share or denys Windows machine account access to share.

EXAMPLES

The following example grants NT Read access to the NT user ENGINEERING\mary on the share releases.

toaster> cifs access releases ENGINEERING\mary Read

The following example grants Unix read and execute access to the user john on the share accounting.

toaster> cifs access accounting john rx

The following example grants full access to the Unix group wheel on the share sysadmins.

toaster> cifs access sysadmins -g wheel Full Control

The following example deletes the ACL entry for ENGINEERING\mary on the share releases.

toaster> cifs access -delete releases ENGINEERING\mary

The following example permits Windows machine account access to home directories

toaster> cifs access cifs.homedir -m

EFFECTIVE

Any changes take effect immediately

PERSISTENCE

Changes are persistent across system reboots.

SEE ALSO

na_cifs_shares(1)


Table of Contents