If you want to make a share available to one or more users on a system, you can mount the share on a mount point anywhere on the system. When you mount a share as a superuser, you do not need to own the mount point. Mount options control the access to the mount point. You access the server as the user who mounted the share.
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.
# svcs network/smb/client STATE STIME FMRI online 19:24:36 svc:/network/smb/client:default
This service is enabled by default, so the usual state for the service is online. To enable the service, type the following command:
# svcadm enable -r network/smb/client
# smbadm show-shares [-A | -u username] [-t] server
$ mount -F smbfs [-o user=user-name,dirperms=octal-triplet,fileperms=octal-triplet,\ gid=group-ID...] //server/share mount-point
Specifies the account used to authenticate the user when accessing a remote system.
Specifies the directory permissions that you can set to the directories. The dirperms permission does not affect the access policies that the SMB server maintains.
Specifies the file permissions that you can set to the files on a mount point. The fileperms permission does not affect the access policies that the SMB server maintains.
Specifies the group ID that you can set as the effective group. The effective group uses the group permissions that is set for the mount point.
In this example, sales-tool share is mounted at the /sales mount point. This mount point is owned by the user user1 and group salesgrp. Mount options enable read and write access to the users belonging to the salesgrp group.
Use the smbadm show-shares command to list the shares.
# smbadm show-shares -A solarsystem c$ Default Share IPC$ Remote IPC sales-tools
Mount the sales-tools share to /sales mount point.
# mkdir -m 770 /sales # chown user1:salesgrp /sales # ls -ld /sales drwxrwx--- 2 user1 salesgrp 117 Feb 17 13:24 /sales # mount -F smbfs -o user=user1,fileperms=770,dirperms=770,gid=salesgrp \ //solarsystem/sales-tools /sales
Mount options enable the user user1 to access the sales-tools share on the system solarsystem. These options also enable users in the salesgrp group to access the files and directories. User bbb can access the share as the user belongs to the salesgrp group. However, any access to the mount point such as creating a file in the mount point can be done only by the user user1.
# su -bbb % id -gn salesgrp % cd /sales % ls -l total 0 drwxr-x---+ 1 bbb salesgrp 512 Feb 17 14:22 central -rwxr-----+ 1 user1 salesgrp 0 Feb 17 14:22 contacts drwxr-x---+ 1 user1 salesgrp 512 Feb 17 14:22 east -rwxr-----+ 1 alice salesgrp 0 Feb 17 14:22 numbers drwx------+ 1 aaa fingrp 512 Feb 17 14:22 west % touch bobs-file % ls -l bobs-file -rwxrwx---+ 1 user1 salesgrp 0 Feb 17 14:34 bobs-file
A user who does not belong to the salesgrp group cannot access the mount point.
# su - aaa % id -gn fingrp % cd /sales cd: /sales: [Permission denied]
You can remount the share using the uid mount option to enable the user aaa to access the share.
# umount /sales # mount -F smbfs -o user=user1,fileperms=770,dirperms=770,gid=salesgrp,uid=aaa\ //solarsystem/sales-tools /sales # su - aaa % id -un alice % cd /sales % ls -l -rwxrwx---+ 1 user1 salesgrp 0 Feb 17 14:34 bobs-file drwxr-x---+ 1 bbb salesgrp 512 Feb 17 14:22 central -rwxr-----+ 1 user1 salesgrp 0 Feb 17 14:22 contacts drwxr-x---+ 1 user1 salesgrp 512 Feb 17 14:22 east -rwxr-----+ 1 alice salesgrp 0 Feb 17 14:22 numbers drwx------+ 1 aaa fingrp 512 Feb 17 14:46 west
The user aaa who belongs to the fingrp group owns the west directory in the /sales mount point. However, user aaa cannot access the west directory, as the /sales mount point is mounted by user user1 who does not belong to the fingrp group.
% ls -l west ls: error reading directory west: Permission denied