Add Local User

Overview

This function adds local users that are used for the local user authentication.

For added local users, CIFS access, NFS access, and FTP access to the shared folders are available on a per user basis.

Up to 100 local users can be added in the storage system.

This function is used in a Unified Storage environment.

Caution
  • This function cannot be executed if an Active Directory authentication server or an LDAP authentication server is used. Remove all the authentication servers before using this function.

  • This function cannot be executed if the port for changing the local user authentication password is in the open state.

    Use the "set nas-port" CLI command to open and close the port for changing the local user authentication password. Use the "show nas-port" CLI command to check the port status.

    Refer to "ETERNUS CLI User's Guide" for details about each command.

Note
  • Local users can be deleted. Refer to the [Delete Local User] function for details.

  • The password for a local user and the groups (primary and secondary groups) to which the local user belongs can be changed. Refer to the [Modify Local User] function for details.

  • Create local groups to which local users belong. Refer to the [Add Local Group] function for details.

User Privileges

Availability of Executions in the Default Role

Default role Availability of executions
Monitor  
Admin
StorageAdmin
AccountAdmin  
SecurityAdmin  
Maintainer

Refer to "User Roles and Policies" for details on the policies and roles.

Settings

Local User Settings

Item Description Setting values

Name

Enter a local user name.

Caution
  • An existing local user name cannot be used.

  • The user name that has been registered for logging in to the NAS engine (for FTP) cannot be used.

    The user name for logging in to the NAS engine is created with the "create nas-engine-user" CLI command.

  • Entered letters are not case-sensitive.

Up to 32 alphanumeric characters and symbols (in the US-ASCII format)

  • A hyphen (0x2D), an underscore (0x5F), and a dollar sign (0x24) can be used.

  • Alphanumeric characters or an underscore (0x5F) can be used for the first character.

  • A dollar sign (0x24) can only be used for the last character.

  • The following reserved words cannot be used.

    "adm", "audio", "bin",

    "cdrom", "daemon", "dbus",

    "dialout", "disk", "floppy",

    "ftp", "games", "gluster",

    "halt", "input", "kmem",

    "ldap", "lock", "lp",

    "mail", "man", "mem",

    "nfsnobody", "nobody", "nscd",

    "nslcd", "ntp", "operator",

    "oprofile", "polkitd", "root",

    "rpc", "rpcuser", "shutdown",

    "ssh_keys", "sshd", "sync",

    "sys", "systemd-journal",

    "systemd-network", "tape", "tcpdump",

    "tss", "tty", "users",

    "utempter", "utmp", "video",

    and "wheel"

User ID

Enter a local user ID for the local user.

If this item is omitted, an unused number is assigned in ascending order starting from "500".

Caution
  • If "shareuser$" is entered for "Name", only "450" can be set for this item.

  • An existing user ID cannot be used.

450

500 - 999

Password

Enter a password for the local user.

8 - 32 alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format)

Confirm new Password

Input the same character string as the value entered in the "New Password" field for confirmation.

8 - 32 alphanumeric characters and symbols (0x20 - 0x7E in the US-ASCII format)

[Primary Group] Tab

A list of local groups registered in the storage system that can be used as primary groups is displayed. Select a primary group to which the added local user will belong.

Item Description Setting values

Radio buttons to select a primary group

Select a radio button for primary group to which the local user will belong.

Caution
  • The same group as the secondary group cannot be selected.

Primary Group

Selected

Cleared

Or select "sharegroup$" (default).

ID

The group ID for the primary group is displayed.

  • For "shareuser$"

    450

  • For "sharegroup$"

    451

500 - 999

Name

The group name for the primary group is displayed.

Local group name

User(s) who belongs to a Primary Group

The local user names that belong to the primary group are displayed.

If no local users belong to the primary group, a "-" (hyphen) is displayed.

[Secondary Group] Tab

A list of local groups registered in the storage system that can be used as secondary groups is displayed. Select secondary groups to which the added local user will belong. Multiple secondary groups can be selected.

Item Description

Checkbox to select a secondary group

Select the checkboxes for the secondary groups to which the local user will belong.

The local user can belong to a maximum of 16 groups or the local user may not belong to any secondary group.

Caution
  • The same group as the primary group cannot be selected.

ID

The group ID for the secondary group is displayed.

For details about group IDs for secondary groups that are automatically created in the storage system, refer to "Special Group".

450

451

500 - 999

1002

1003

1004

Name

The group name for the secondary group is displayed.

For details about group name for secondary groups that are automatically created in the storage system, refer to "Special Group".

BUILTIN_Administrators

BUILTIN_Users

BUILTIN_BackupOperators

Local group name

User(s) who belongs to a Secondary Group

The local user names that belong to the secondary group are displayed.

If no local users belong to the secondary group, a "-" (hyphen) is displayed.

Special Group (Affiliation possible: , Affiliation not possible: -)

Local group ID Local group name Description Available groups
Primary group Secondary group

1002

BUILTIN_Administrators

One of the BUILTIN groups (*1). Users who belong to this group can execute all operations for all domain controllers within the domain.

-

1003

BUILTIN_Users

One of the BUILTIN groups (*1). Users who belong to this group can execute most of the general operations.

-

1004

BUILTIN_BackupOperators

One of the BUILTIN groups (*1). Users who belong to this group can perform file backups and file recoveries regardless of the access permissions for all the files of domain controllers within the domain.

-
*1  :  "BUILTIN groups" are groups that are included in the storage system as standard. If local users belong to these groups, the backup and restore function of Arcserve can be used.

Operating Procedures

  1. Click [Add Local User] in [Action].

  2. Specify parameters, and click the [Add] button.

    → A confirmation screen appears.

    Caution
    • An error screen appears in the following conditions:
      • Each parameter fails to satisfy the input conditions

      • "Password" does not match "Confirm Password"

      • The number of selected secondary groups exceeds the maximum number per local user

      • The total number of local users has reached the maximum number of local users for the storage system

  3. Click the [OK] button.

    → Addition of the local user starts.

  4. Click the [Done] button to return to the [Environment Settings] screen.