Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Access Control
Special Forums Hardware Filesystems, Disks and Memory Access Control Post 40861 by davidg on Wednesday 24th of September 2003 11:32:45 AM
Old 09-24-2003
Hi,

There is :

root Userid 0
non-root Userid 1 <> 100
users Userid > 100

In fact only root will have more permissions. The rest is what you specify inside the application or with file ownership. I think you need to learn the unix basics starting at examine an "ls -l" and then understanding what is says.

Regs David
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Access control Lists

Hi, I was wondering if someone could help me with ACL's. I have a file, say output, created by the root user, member of group other. Its permissions are rwxr--r--. I want only people in group other to have rwx access, but I also want one other user, stephen, member of some_other_group to have rwx... (1 Reply)
Discussion started by: sroberts82
1 Replies

2. Shell Programming and Scripting

Access Control List

Hey all, I have a directory (own by user: b; group: grpB) which I want a user (user: a; group: grpA) to be able to read and execute from, I wonder if I should add user a to this particular directory's ACL or that I would add group grpB to user a's subgroup? I would like to know the difference... (3 Replies)
Discussion started by: mpang_
3 Replies

3. Solaris

Command for access control list

Hi, I want to set access control list on folders but it should be recursively, any Idea? command (1 Reply)
Discussion started by: manoj.solaris
1 Replies

4. UNIX for Dummies Questions & Answers

Does U*X have Access Control Lists?

In OS like windows, I can define an Access Control List (ACL) and specify which accounts and groups have what access to a specific file. I assume U*X, Linux and cygwin on windows have this ACL feature too. I'm using cygwin on windows. What do I type at a bash prompt to allow a specific user... (1 Reply)
Discussion started by: siegfried
1 Replies

5. UNIX for Dummies Questions & Answers

Internet Access Control

I need to control intenet access @ work. xample. I need PC 1 to only be able to access these five sites and add to the list as needed. Can anyone pint me a direction. (1 Reply)
Discussion started by: fruiz
1 Replies

6. AIX

Access control using LDAP

Hello, I've configurated a LDAP user authentication on AIX V6 against Active Directory (Windows Server 2008). The Tree is built as follows: test (DC) |--- testgroup (group with members: user1, user2) | |--- sys1 (OU) | |--- sys1group (group with member: user1) | |--- sys2 (OU)... (0 Replies)
Discussion started by: xia777
0 Replies

7. UNIX for Dummies Questions & Answers

eTrust Access Control

Hi, I am using eTrust Access Control at work. I have got no output after type checklogin. I wonder what is the reason. Does anyone know? Thanks eTrustAC selang v8.00a-1555.13 - eTrustAC command line interpreter Copyright (c) 2006 CA. All rights reserved. eTrustAC> checklogin user1... (0 Replies)
Discussion started by: uuontario
0 Replies

8. Proxy Server

How to use Squid on Linux to control certain IP to access Web Server and certain IP cannot access?

Dear all experts here, :) I would like to install a proxy server on Linux server to perform solely to control the access of Web server. In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server. I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies

LEARN ABOUT OPENSOLARIS

smbadm

smbadm(1M)						  System Administration Commands						smbadm(1M)

NAME

       smbadm - configure and manage CIFS local groups and users, and manage domain membership

SYNOPSIS

       smbadm add-member -m member [[-m member] ...] group

       smbadm create [-d description] group

       smbadm delete group

       smbadm disable-user username

       smbadm enable-user username

       smbadm get [[-p property] ...] group

       smbadm join -u username domain

       smbadm join -w workgroup

       smbadm list

       smbadm remove-member -m member [[-m member] ...] group

       smbadm rename group new-group

       smbadm set -p property=value [[-p property=value] ...] group

       smbadm show [-m] [-p] [group]

DESCRIPTION

       The smbadm command is used to configure CIFS local groups and to manage domain membership. You can also use the smbadm command to enable or
       disable SMB password generation for individual local users.

       CIFS local groups can be used when Windows accounts must be members of some local groups and when Windows style privileges must be granted.
       Solaris local groups cannot provide these functions.

       There  are two types of local groups: user defined and built-in. Built-in local groups are predefined local groups to support common admin-
       istration tasks.

       In order to provide proper identity mapping between CIFS local groups and Solaris groups, a CIFS local  group  must  have  a  corresponding
       Solaris	group.	This  requirement  has two consequences: first, the group name must conform to the intersection of the Windows and Solaris
       group name rules. Thus, a CIFS local group name can be up to eight(8) characters long and contain only lowercase characters  and  numbers.
       Second, a Solaris local group has to be created before a CIFS local group can be created.

       Built-in  groups  are  standard	Windows  groups  and  are predefined by the CIFS service. The built-in groups cannot be added, removed, or
       renamed, and these groups do not follow the CIFS local group naming conventions.

       When the CIFS server is started, the following built-in groups are available:

       Administrators

	   Group members can administer the system.

       Backup Operators

	   Group members can bypass file access controls to back up and restore files.

       Power Users

	   Group members can share directories.

       Solaris local users must have an SMB password for authentication and to gain access to CIFS resources. This password is	created  by  using
       the passwd(1) command when the pam_smb_password module is added to the system's PAM configuration. See the pam_smb_passwd(5) man page.

       The  disable-user  and  enable-user subcommands control SMB password-generation for a specified local user. When disabled, the user is pre-
       vented from connecting to the Solaris CIFS service. By default, SMB password-generation is enabled for all local users.

       To reenable a disabled user, you must use the enable-user subcommand and then reset the user's password by using the  passwd  command.  The
       pam_smb_passwd.so.1 module must be added to the system's PAM configuration to generate an SMB password.

   Escaping Backslash Character
       For  the add-member, remove-member, and join (with -u) subcommands, the backslash character () is a valid separator between member or user
       names and domain names. The backslash character is a shell special character and must be quoted. For example, you might	escape	the  back-
       slash  character  with another backslash character: domain\username. For more information about handling shell special characters, see the
       man page for your shell.

OPERANDS

       The smbadm command uses the following operands:

       domain

	   Specifies the name of an existing Windows domain to join.

       group

	   Specifies the name of the CIFS local group.

       username

	   Specifies the name of a Solaris local user.

SUB-COMMANDS
       The smbadm command includes these subcommands:

       add-member -m member [[-m member] ...] group

	   Adds the specified member to the specified CIFS local group. The -m member option specifies the name of a CIFS local group member.  The
	   member name must include an existing user name and an optional domain name.

	   Specify the member name in either of the following formats:

	     [domain]username
	     [domain/]username

	   For example, a valid member name might be sales	erry or sales/terry, where sales is the Windows domain name and terry is the name of a
	   user in the sales domain.

       create [-d description] group

	   Creates a CIFS local group with the specified name. You can optionally specify a description of the group by using the -d option.

       delete group

	   Deletes the specified CIFS local group. The built-in groups cannot be deleted.

       disable username

	   Disables SMB password-generation capabilities for the specified local user. A disabled local user is prevented from accessing the  sys-
	   tem	by  means  of  the CIFS service. When a local user account is disabled, you cannot use the passwd command to modify the user's SMB
	   password until the user account is reenabled.

       enable username

	   Enables SMB password-generation capabilities for the specified local user. After the password-generation  capabilities  are	reenabled,
	   you must use the passwd command to generate the SMB password for the local user before he can connect to the CIFS service.

	   The	passwd command manages both the Solaris password and SMB password for this user if the pam_smb_passwd module has been added to the
	   system's PAM configuration.

       get [[-p property=value] ...] group

	   Retrieves property values for the specified group. If no property is specified, all property values are shown.

       join -u username domain

	   Joins a Windows domain or a workgroup.

	   The default mode for the CIFS service is workgroup mode, which uses the default workgroup name, WORKGROUP.

	   An authenticated user account is required to join a domain, so you must specify the	Windows  administrative  user  name  with  the	-u
	   option. If the password is not specified on the command line, the user is prompted for it. This user should be the domain administrator
	   or any user who has administrative privileges for the target domain.

	   username and domain can be entered in any of the following formats:

	     username[+password] domain
	     domainusername[+password]
	     domain/username[+password]
	     username@domain

	   ...where domain can be the NetBIOS or DNS domain name.

	   If a machine trust account for the system already exists on a domain controller, any authenticated user account can be used when  join-
	   ing	the  domain.  However,	if  the machine trust account does not already exist, an account that has administrative privileges on the
	   domain is required to join the domain.

       join -w workgroup

	   Joins a Windows domain or a workgroup.

	   The -w workgroup option specifies the name of the workgroup to join when using the join subcommand.

       list

	   Shows information about the current workgroup or domain. The information typically includes the workgroup name or  the  primary  domain
	   name. When in domain mode, the information includes domain controller names and trusted domain names.

	   Each entry in the ouput is identified by one of the following tags:

	   - [*] -    Primary domain

	   - [.] -    Local domain

	   - [-] -    Other domains

	   - [+] -    Selected domain controller

       remove-member -m member [[-m member] ...] group

	   Removes the specified member from the specified CIFS local group. The -m member option specifies the name of a CIFS local group member.
	   The member name must include an existing user name and an optional domain name.

	   Specify the member name in either of the following formats:

	     [domain]username
	     [domain/]username

	   For example, a valid member name might be sales	erry or sales/terry, where sales is the Windows domain name and terry is the name of a
	   user in the sales domain.

       rename group new-group

	   Renames the specified CIFS local group. The group must already exist. The built-in groups cannot be renamed.

       set -p property=value [[-p property=value] ...] group

	   Sets configuration properties for a CIFS local group. The description and the privileges for the built-in groups cannot be changed.

	   The -p property=value option specifies the list of properties to be set on the specified group.

	   The group-related properties are as follows:

	   backup=[on|off]

	       Specifies whether members of the CIFS local group can bypass file access controls to back up file system objects.

	   description=description-text

	       Specifies a text description for the CIFS local group.

	   restore=[on|off]

	       Specifies whether members of the CIFS local group can bypass file access controls to restore file system objects.

	   take-ownership=[on|off]

	       Specifies whether members of the CIFS local group can take ownership of file system objects.

       show [-m] [-p] [group]

	   Shows information about the specified CIFS local group or groups. If no group is specified, information is shown for all groups. If the
	   -m option is specified, the group members are also shown. If the -p option is specified, the group privileges are also shown.

EXIT STATUS

       The following exit values are returned:

       0	    Successful completion.

       >0	    An error occurred.

ATTRIBUTES

       See the attributes(5) man page for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsmbsu 		   |
       +-----------------------------+-----------------------------+
       |Utility Name and Options     |Uncommitted		   |
       +-----------------------------+-----------------------------+
       |Utility Output Format	     |Not-An-Interface		   |
       +-----------------------------+-----------------------------+
       |smbadm join		     |Obsolete			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       passwd(1), groupadd(1M), idmap(1M), idmapd(1M), kclient(1M), share(1M), sharectl(1M), sharemgr(1M), smbd(1M), smbstat(1M), smb(4), smbauto-
       home(4), attributes(5), pam_smb_passwd(5), smf(5)

SunOS 5.11							    8 Jan 2009								smbadm(1M)
All times are GMT -4. The time now is 08:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy