Follow

About this task

This task controls user access to filesystems via SMB shares. By default, when an SMB share is created, the share-level permissions allow all users full access to the share unless restricted by file or folder permissions.

The instructions below apply to:

  • Shares of SMB filesystems 
  • Shares of SMB filesystem snapshots

Prerequisites

  • A filesystem share or a filesystem snapshot share
  • The security identifier (SID) of a user or group

Identifying the SID

To set share-level permissions for a user or group, you need to know its security identifier (SID).

  • The SIDs of users and groups in the InfiniBox local user repository are displayed in the SMB tab of the console's Settings page.
  • To retrieve the SID of an Active Directory (AD) domain user or group, use either a PowerShell or a Windows command

Using PowerShell to retrieve a SID from AD

To identify the SID, replace user-or-group-name with the name of the relevant user or group, and run the following PowerShell command:

PS C:\Users\Administrator> $NAME="user-or-group-name"
PS C:\Users\Administrator> $PRNC=(New-Object System.Security.Principal.NTAccount($NAME))
PS C:\Users\Administrator> $PRNC.Translate([System.Security.Principal.SecurityIdentifier]).value
S-1-5-21-21235654234-654154345-18166254336720-8160

Using Windows command line to retrieve a SID from AD

To use Windows command line to identify the SID, use one of the following commands. Replace user-name  for the relevant user, or group-name for the relevant group.

C:\Users\Administrator>wmic useraccount where name='user-name' get sid
SID
S-1-5-21-21235654234-654154345-18166254336720-8160

C:\Users\Administrator>wmic group where name='group-name' get sid
SID
S-1-5-21-21235654234-654154345-18166254336720-120

Instructions

  1. In the GUI, click the Datasets icon on the left toolbar, and select the Datasets tab.
  2. Do one of the following:
    • For a share of a filesystem: Select the filesystem name, and click the Shares tab.
    • For a share of a filesystem snapshot: Expand the filesystem tree, select the filesystem snapshot name, and click the Shares tab.
  3. Select the share name.
    The SMB Share Permissions window opens in the right pane.
  4. To add an entry for a principal, click Add Share-Level Permission Entry.
  5. Enter the principal (user or group) SID for the entry, and select one of the following permissions levels:
    • Read Only
    • Read Write
    • Full Control
    • None
  6. Click Done.

Related tasks

This task and all other filesystem tasks are available on both the GUI and InfiniShell.

Related InfiniShell commands

  • fs.share.permission.add - adding a permission entry to a share
  • fs.share.permission.modify - modifying attributes of a permission
  • fs.share.permission.query - querying for the permission attributes of a share
  • fs.share.permission.remove - removing a permission entry from a share
Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Last edited: 2022-04-27 13:06:15 UTC

Comments