13.5 Setting Rights to ShadowFS Shares

Grant POSIX rights for users so they can access files on the ShadowFS volume via the SMB/CIFS protocol. Rights are granted based on need. You set rights so that users can read, write, and execute in the ShadowFS volume’s root location in the /media/shadowfs directory. Do not set POSIX rights to the actual NCP shares for the primary and secondary volumes.

  1. Open a terminal console, then log in as the root user.

  2. Go to the ShadowFS volume root location of /media/shadowfs by entering the following at the terminal prompt:

    cd /media/shadowfs
  3. Set directory ownership for the group-level access to the ShadowFS volume root by entering the following:

    chown :groupname shadowfs_volumename

    For example, if the groupname is marketing and the shadowfs_volumename is USERS, enter

    chown :marketing USERS
  4. Set POSIX rights for the directory group by entering the following:

    chmod mode shadowfs_volumename

    For example, to grant POSIX read, write, and execute permissions for the user and group levels, and to set read and execute only for the others (world) level, set the mode to 775 by entering:

    chmod 775 USERS

    You are setting directory rights for /media/shadowfs/USERS as drwxrwxr-x.

  5. Visually verify POSIX rights by entering

    ll

    Continuing the example, the results should look like this:

    drwxrwxr-x  3 root marketing  80 May 16 15:48 USERS
  6. Verify that the SMB/CIFS user can access the ShadowFS volume and can create directories.

    1. Decide which user identity you want to use to test the setup. For example, you could assign the admin user as a user of the SMB/CIFS group, or use iManager to create a temporary user identity for a test user in the group.

    2. Use iManager to ensure that the test user is Linux-enabled with Linux User Management, and grant the user SSH rights for accessing the server.

      For information about configuring SSH for a user, see SSH Services on OES in the OES 2018 SP3: Planning and Implementation Guide.

    3. Use iManager to set eDirectory permissions on the volume or path for the test user.

    4. Use Secure Shell (SSH) to log in to the volume as a user in the group.

      For example, use ssh to connect to the server and log in:

      ssh username@server.context.com
      password:********
    5. Go to the ShadowFS volume location by entering

      cd /media/shadowfs/USERS

      The user should be able to cd to and see the directory. If not, recheck the preceding steps to ensure that you followed the steps correctly.

    6. As the user, create a directory. For example, enter

      mkdir username

      If the directory /media/shadowfs/USERS/username is created, the rights are working as expected.