No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Actualize the CIFS rights management in the non-AD domain

Publication Date:  2012-11-05 Views:  98 Downloads:  0
Issue Description
At a certain site, the user needs to actualize parts of the rights management via the CIFS in the non-AD domain, the detailed requirement is: there are four file systems, there is only one user has the “read -write” rights in each file system and the other user can’t access the file system.
The administer has the “read-write” right for every file system.
Alarm Information
Handling Process
The file systems: fs01、fs02、fs03、fs04
Users: u1、u2、u3、u4、admin( the administer)
Group: groupadmin
The admin user belongs to the “groupadmin” group.
1. Create the group “groupadmin” in the CIFS.
.CIFS> local group add groupadmin
CIFS> local group show
List of groups

2. Create the users “u1、u2、u3、u4、admin” in the CIFS, take the “u1” and “admin” for examples:
CIFS> local user add u1
Input password for u1.
Enter password: ******
Re-enter password: ******
Adding USER : u1
Success: User u1 created successfully
CIFS> local user add admin groupadmin
Input password for admin.
Enter password: ******
Re-enter password: ******
Adding USER : admin
Success: User admin created successfully
CIFS> local group show groupadmin
           GroupName      UsersList
           ---------      ---------
           groupadmin      admin

Take “admin” as an example, create the CIFS share, nominate a user and the administer the “read-write” right.
CQBANKsrc.CIFS> share add fs01 fs01

Where, “fs_mode=1771” denotes the “owner=u1” has the “rwx” right, “group=groupadmin” has the “rwx” right; and the other users only have the “x” right, it needs the “r-x” right at least can the user enter into the CIFS shared files, so the other users can’t access the CIFS shared files.

Root Cause
According to the different methods provided by the CIFS which are used to set different rights, combined with the “rw、ro、fs_mode、rw=@group”, we can configure to satisfy the customer’s different rights requirement.
1. The “rw” (read write) and “ro” (read only) of the CIFS share have the first priority, their coverage is the biggest (the whole CIFS share), but the granularity is thickest.
2. The “fs_mode” and “group” have the second priority, we can configure the share rights at the sight of the “owner, group, other” in the UNIX.
3. “rw=@group、ro=@group、deny=@group” can used to configure a certain group’s rights of read-write/ read only/ deny. They can actualize through the Samba, and they are corresponding with the Samba’s three parameters: write list、read list and invalid list.