Skip to main content

Mapping the administrators group to root

If you have only CIFS clients in your environment and your storage virtual machine (SVM) was set up as a multiprotocol storage system, you must have at least one Windows account that has root privilege for accessing files on the SVM; otherwise, you cannot manage the SVM because you do not have sufficient user rights.

About this task

If your storage system was set up as NTFS-only, however, the /etc directory has a file-level ACL that enables the administrators group to access the ONTAP configuration files.

  1. Set the privilege level to advanced: set -privilege advanced
  2. Configure the CIFS server option that maps the administrators group to root as appropriate:
    If you want to...Then...
    Map the administrator group members to rootvserver cifs options modify -vserver vserver_name -is-admin-users-mapped-to-root-enabled true

    All accounts in the administrators group are considered root, even if you do not have an /etc/usermap.cfg entry mapping the accounts to root. If you create a file using an account that belongs to the administrators group, the file is owned by root when you view the file from a Linux client.

    Disable mapping the administrators group members to rootvserver cifs options modify -vserver vserver_name -is-admin-users-mapped-to-root-enabled false

    Accounts in the administrators group no longer map to root. You can only explicitly map a single user to root.

  3. Verify that the option is set to the desired value: vserver cifs options show -vserver vserver_name
  4. Return to the admin privilege level: set -privilege admin