Add Local Group

Overview

This function adds local groups to which the local users belong.

For added local groups, CIFS access, NFS access, and FTP access to the shared folders are available on a per group basis.

Up to 100 local groups can be added in the storage system.

This function is used in a Unified Storage environment.

Caution

This function cannot be executed if an Active Directory authentication server or an LDAP authentication server is used. Remove all the authentication servers before using this function.
"Name" and "Group ID" of the existing local groups cannot be changed. To change "Name" or "Group ID", delete the relevant local group and then create it again.
Note that this function cannot be used to create the following special groups because these groups are automatically created by the storage system. Special groups are included in the maximum number of groups.
- BUILTIN_Administrators
- BUILTIN_Users
- BUILTIN_BackupOperators
This function cannot be executed if the port for changing the local user authentication password is in the open state.

Use the "set nas-port" CLI command to open and close the port for changing the local user authentication password. Use the "show nas-port" CLI command to check the port status.

Refer to "ETERNUS CLI User's Guide" for details about each command.

Note

Local groups can be deleted. Refer to the [Delete Local Group] function for details.
Local users are registered to the local group. Refer to the [Add Local User] function for details.

User Privileges

Availability of Executions in the Default Role

Default role	Availability of executions
Monitor
Admin
StorageAdmin
AccountAdmin
SecurityAdmin
Maintainer

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

Local Group Settings

Item	Description	Setting values
Name	Enter a local group name. Caution An existing local group name cannot be used. The user name that has been registered for logging in to the NAS engine (for FTP) cannot be used. The user name for logging in to the NAS engine is created with the "create nas-engine-user" CLI command. Entered letters are not case-sensitive. Local group names that consist of only numbers cannot be used.	Up to 32 alphanumeric characters and symbols (in the US-ASCII format) A hyphen (0x2D), an underscore (0x5F), and a dollar sign (0x24) can be used. Alphanumeric characters or an underscore (0x5F) can be used for the first character. A dollar sign (0x24) can only be used for the last character. The following reserved words cannot be used. "adm", "audio", "bin", "cdrom", "daemon", "dbus", "dialout", "disk", "floppy", "ftp", "games", "gluster", "halt", "input", "kmem", "ldap", "lock", "lp", "mail", "man", "mem", "nfsnobody", "nobody", "nscd", "nslcd", "ntp", "operator", "oprofile", "polkitd", "root", "rpc", "rpcuser", "shutdown", "ssh_keys", "sshd", "sync", "sys", "systemd-journal", "systemd-network", "tape", "tcpdump", "tss", "tty", "users", "utempter", "utmp", "video", and "wheel" The following special group names cannot be used. "BUILTIN_Administrators", "BUILTIN_Users", "BUILTIN_BackupOperators"
Group ID	Enter a local group ID for the local group. If this item is omitted, an unused number is assigned in ascending order starting from "500". Caution If "shareuser$" is entered for "Name", only "450" can be set for this item. An existing group ID cannot be used.	450 500 - 999

Item

Description

Setting values

Name

Enter a local group name.

Caution

An existing local group name cannot be used.
The user name that has been registered for logging in to the NAS engine (for FTP) cannot be used.

The user name for logging in to the NAS engine is created with the "create nas-engine-user" CLI command.
Entered letters are not case-sensitive.
Local group names that consist of only numbers cannot be used.

Up to 32 alphanumeric characters and symbols (in the US-ASCII format)

A hyphen (0x2D), an underscore (0x5F), and a dollar sign (0x24) can be used.
Alphanumeric characters or an underscore (0x5F) can be used for the first character.
A dollar sign (0x24) can only be used for the last character.
The following reserved words cannot be used.

"adm", "audio", "bin",

"cdrom", "daemon", "dbus",

"dialout", "disk", "floppy",

"ftp", "games", "gluster",

"halt", "input", "kmem",

"ldap", "lock", "lp",

"mail", "man", "mem",

"nfsnobody", "nobody", "nscd",

"nslcd", "ntp", "operator",

"oprofile", "polkitd", "root",

"rpc", "rpcuser", "shutdown",

"ssh_keys", "sshd", "sync",

"sys", "systemd-journal", "systemd-network",

"tape", "tcpdump", "tss",

"tty", "users", "utempter",

"utmp", "video", and "wheel"
The following special group names cannot be used.

"BUILTIN_Administrators", "BUILTIN_Users",

"BUILTIN_BackupOperators"

Group ID

Enter a local group ID for the local group.

If this item is omitted, an unused number is assigned in ascending order starting from "500".

Caution

If "shareuser$" is entered for "Name", only "450" can be set for this item.
An existing group ID cannot be used.

450

500 - 999

Operating Procedures

Click [Add Local Group] in [Action].
Specify parameters, and click the [Add] button.
→ A confirmation screen appears.
Caution
- An error screen appears in the following conditions:
  - Each parameter fails to satisfy the input conditions
  - The total number of local groups has reached the maximum number of local groups for the storage system
Click the [OK] button.

→ Addition of the local group starts.
Click the [Done] button to return to the [Environment Settings] screen.