Highlighted
prashant_shah
1 Nickel

Adding SMB share permissions via CLI

Jump to solution

I'm doing a migration of Celerra to Isilon and need to add my domain account to every share with "run-as-root" privilege.  Is there a way to do this through CLI?  I've tried "isi smb shares permission create" a bunch of different ways but can't figure out how to add a domain user.  I've got like 50 shares, so trying to avoid doing this manually to each share.

Labels (2)
0 Kudos
1 Solution

Accepted Solutions
AndrewChung
2 Iron

Re: Adding SMB share permissions via CLI

Jump to solution

Here is one to add a local user:

isi smb shares permission create --share=ifs --run-as-root admin

Here is one for an AD user:

isi smb shares permission create --share=ifs "addomain\username" --run-as-root

You may have to specify a zone with --zone=zonename

These commands are for OneFS 7.1.1.1.  Check your CLI guide for any subtle changes between versions.

9 Replies
chughh
2 Iron

Re: Adding SMB share permissions via CLI

Jump to solution

Hello Prashant,

You can refer to examples below.

The following commands create a directory at /ifs/data/share1 and then create

a share named share1 using that path:

mkdir /ifs/data/share1

isi smb shares create --name=share1 --path=/ifs/data/share1 \

--browsable=true --description="Example Share 1"

The following command creates a directory at /ifs/data/share2 and converts it to an SMB share:

isi smb shares create share2 --inheritable-path=/ifs/data/share2 \ --create-path --browsable=true --description="Example Share 2"

The following command creates a directory at /ifs/data/share3 and converts it to an SMB share. The command also applies an ACL to the share:

isi smb shares create share3 --inheritable-path=/ifs/data/share3 \ --create-path --browsable=true --description="Example Share 3" \ --inheritable-path-acl=true --create-permissions="default acl"

The following command creates the directory /ifs/data/share4 and converts it to

a non-browsable SMB share. The command also configures the use of mode bits for

permissions control:

isi smb shares create --name=share4 --path=/ifs/data/share4 \ --create-path --browsable=false --description="Example Share 4" \ --inheritable-path-acl=true --create-permissions="use create mask\ and mode"

2. Run the isi smb shares permission modify command to enable access to the share. The following command allows the well-known user Everyone full permissions to the HOMEDIR share:

isi smb shares permission modify HOMEDIR --wellknown Everyone \ --permission-type allow --permission full

For Onefs 7.0.x

isi smb shares permission create <share> {<user> | --uid <id>

| --group <name> | --gid <id> | --sid <sid> | --wellknown <name> }

{--permission-type {allow | deny}

--permission {full | change | read} | --run-as-root}

[--zone <string>]

[--verbose]

To modify permissions

isi smb shares permission modify <share>

{<user> | --group <name> | --gid <id> | --uid <id> | --sid <sid>

| --wellknown <name>}

[{--permission-type {allow | deny} --permission {full | change |

read} | --run-as-root}]

[--zone <zone>]

[--verbose]

prashant_shah
1 Nickel

Re: Adding SMB share permissions via CLI

Jump to solution

Thanks for your reply.  Can you give me a CLI example of how to add an AD user to a share?

0 Kudos
chughh
2 Iron

Re: Adding SMB share permissions via CLI

Jump to solution

Hello Prashant,

Which version of onefs ?

you can check by  typing uname -a.

0 Kudos
AndrewChung
2 Iron

Re: Adding SMB share permissions via CLI

Jump to solution

Here is one to add a local user:

isi smb shares permission create --share=ifs --run-as-root admin

Here is one for an AD user:

isi smb shares permission create --share=ifs "addomain\username" --run-as-root

You may have to specify a zone with --zone=zonename

These commands are for OneFS 7.1.1.1.  Check your CLI guide for any subtle changes between versions.

prashant_shah
1 Nickel

Re: Adding SMB share permissions via CLI

Jump to solution

It's 7.1.1.1.

Thanks!  That worked.  I didn't have the quotes around it before and it was giving a persona error.

0 Kudos
chughh
2 Iron

Re: Adding SMB share permissions via CLI

Jump to solution

Hello Prashant,

Try below commands.

corvair-3# isi smb shares create smb --path=/ifs --browsable=true --verbose

Created share: smb

corvair-3# isi smb shares view --share=ifs

                                     Share Name: ifs

                                           Path: /ifs

                                    Description: Isilon OneFS

                     Client-side Caching Policy: manual

Automatically expand user names or domain names: False

Automatically create home directories for users: False

                                      Browsable: True

Permissions:

Account  Account Type  Run as Root  Permission Type  Permission

----------------------------------------------------------------

admin    user          True         allow            full

Everyone wellknown     False        allow            full

----------------------------------------------------------------

After adding permission

corvair-3# isi smb shares permission create --share=ifs --run-as-root --group="DUR\isilon"

corvair-3# isi smb shares view --share=ifs

                                     Share Name: ifs

                                           Path: /ifs

                                    Description: Isilon OneFS

                     Client-side Caching Policy: manual

Automatically expand user names or domain names: False

Automatically create home directories for users: False

                                      Browsable: True

Permissions:

Account    Account Type  Run as Root  Permission Type  Permission

------------------------------------------------------------------

admin      user          True         allow            full

DUR\isilon group         True         allow            full

Everyone   wellknown     False        allow            full

------------------------------------------------------------------

AndrewChung
2 Iron

Re: Adding SMB share permissions via CLI

Jump to solution

Yup!  You have to be careful because Windows uses a backslash which is the escape character in UNIX.  If you used two \\ that would have worked as well.  Quoting it is just easier in most cases.

Re: Adding SMB share permissions via CLI

Jump to solution

How do you then delete an account from an existing SMB share? I am currently on OneFS 6.5.5.29.

0 Kudos

Re: Adding SMB share permissions via CLI

Jump to solution

Rafael,

The syntax is different in 7.x from 6.5.5.x, and keep in mind 6.5 goes EOSL in 2 months, so please plan an upgrade accordingly.

That said, on 6.5.5, the syntax is in the format:

isi smb permission delete sharename --user domain
username

In 7.x and above it’s

isi smb shares permission delete sharename --user domain
user

There is a really handly CLI reference guide between the versions (tells you what changes) available here:

https://support.emc.com/docu56264_OneFS-CLI-Mappings.pdf?language=en_US

Look to page 7 for this particular syntax.

Chris Klosterman, ICSP, ICIE, CCNA, VCP

Email: <mailto:chris.klosterman@emc.com> chris.klosterman@emc.com

Senior Solution Architect

Offer and Enablement Team

EMC²| Isilon Storage Division