Skip to main content

Map administrator groups to the ONTAP SMB root

Contributors netapp-aaron-holt netapp-dbagwell netapp-ahibbard netapp-aherbin
PDFs

If you have only CIFS clients in your environment and your storage virtual machine (SVM) was set up as a multiprotocol storage system, you must have at least one Windows account that has root privilege for accessing files on the SVM; otherwise, you cannot manage the SVM because you do not have sufficient user rights.

About this task

If your storage system was set up as NTFS-only, the /etc directory has a file-level ACL that enables the administrators group to access the ONTAP configuration files.

Steps

  1. Set the privilege level to advanced: set -privilege advanced

  2. Configure the CIFS server option that maps the administrators group to root as appropriate:

    If you want to…​ Then…​

    Map the administrator group members to root

    vserver cifs options modify -vserver vserver_name -is-admin-users-mapped-to-root-enabled true All accounts in the administrators group are considered root, even if you do not have an /etc/usermap.cfg entry mapping the accounts to root. If you create a file using an account that belongs to the administrators group, the file is owned by root when you view the file from a UNIX client.

    Disable mapping the administrators group members to root

    vserver cifs options modify -vserver vserver_name -is-admin-users-mapped-to-root-enabled false Accounts in the administrators group no longer map to root. You can only explicitly map a single user to root.

  3. Verify that the option is set to the desired value: vserver cifs options show -vserver vserver_name

  4. Return to the admin privilege level: set -privilege admin