Verifying permissions for Kerberos configuration

Kerberos requires that certain UNIX permissions be set for the SVM root volume and for local users and groups.

1. Display the relevant permissions on the SVM root volume: volume show -volume root_vol_name-fields user,group,unix-permissions

   The root volume of the SVM must have the following configuration:

   Name...	Setting...
   UID	root or ID 0
   GID	root or ID 0
   UNIX permissions	755

   If these values are not shown, use the volume modify command to update them.

2. Display the local UNIX users:vserver services name-service unix-user show -vserver vserver_name

   The SVM must have the following UNIX users configured:

   User name	User ID	Primary group ID	Comment
   nfs	500	0	Required for GSS INIT phase. The first component of the NFS client user SPN is used as the user. The nfs user is not required if a Kerberos-UNIX name mapping exists for the SPN of the NFS client user.
   root	0	0	Required for mounting.

   If these values are not shown, you can use the vserver services name-service unix-user modify command to update them.

3. Display the local UNIX groups:vserver services name-service unix-group show -vserver vserver_name

   The SVM must have the following UNIX groups configured:

   Group name	Group ID
   daemon	1
   root	0

   If these values are not shown, you can use the vserver services name-service unix-group modify command to update them.