Richard Bruce wrote: > Okay, it sounds like I might have been misunderstanding something then. On a > 7210 the interface only allows ACL configuration on the share root directory. > > > Keep in mind that there are no Unix users or groups configured on the box, > and all users and groups are defined in active directory. How would we > configure the ACL's to allow only a specific active directory group full > control of the root directory of the share and hide the contents for everyone > else? > > For example, we wish to give full control of the share root directory to the > active directory defined "Group_A" in domain "ad_domain.edu". Do we define > an ACL for defined user "grou...@ad_domain.edu" with all rights except "i" > and "n"? > > Thanks again, > Richard
This is the ACL set that I use: group:staff:rwxpdDaARWcCos:fd-----:allow group:users:r-x---a-R-c--s:fd-----:allow That is on the root of all my shares, so all normal users can read and execute but only staff can write etc. Even though there aren't users on the solaris box, there are groups. I've mapped the groups to AD groups with idmap: add "wingroup:Domain [email protected]" unixgroup:users add "wingroup:Domain [email protected]" unixgroup:staff Obviously you can map these however you want. HTH Matt _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
