Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

NFS Account Mapping Task Reference

Published: October 5, 2011

Applies To: Windows Server 2008, Windows Storage Server 2008 R2

This section contains a list of the management tasks related to NFS Account Mapping.

Contents

You can manage the NFS user and group account mappings using ADSI Edit. For Windows Server 2008 you can use the ADSI Edit snap-in. For Windows Server 2008 R2, Windows Storage Server 2008 R2, or for the Remote Server Administration Tools (RSAT) for Windows 7, you can use the:

  • ADSI Edit snap-in. For more information, see ADSI Edit (adsiedit.msc).

  • Attribute Editor tab on a user or group object in Active Directory Users and Computers. This requires that you click Advanced Features on the View menu in Active Directory Users and Computers.

You can manage NFS user account mappings using the Windows PowerShell cmdlets available in the Active Directory Module for Windows PowerShell. The Active Directory Module for Windows PowerShell is available in Windows Server 2008 R2 or Windows Storage Server 2008 R2. However, you can also manage computers running Windows Server 2008 using the Remote Server Administration Tools (RSAT) for Windows 7 from Windows Server 2008 R2, or from Windows Storage Server 2008 R2.

Manage NFS user account mappings by performing the following tasks:

You can view user account mappings configured for an individual user using the GetADUser cmdlet as shown in the following example (where user_name is the user name, SamAccountName object attribute, for the user to be viewed):

Get-ADUser –Identity <user_name> -Properties uidNumber, gidNumber

For more information about this cmdlet, see Get-ADUser.

You can use the Get-ADUser cmdlet to view the user account mappings configured for multiple users by using:

  • The –Filter parameter of the Get-ADUser cmdlet. Use this method when the selection criteria for the –Filter parameter returns the correct set of users.

  • A .csv file and the Import-CSV cmdlet. Use this method when the selection criteria for the –Filter parameter is too complex.

You can view user account mappings configured for multiple users using the GetADUser cmdlet as shown in the following example (where filter_parameter is the criteria for selecting the users):

Get-ADUser –Filter <filter_param> -Properties uidNumber, gidNumber

For more information about this cmdlet, see Get-ADUser. When the selection criteria for the –Filter parameter is too complex, use a .csv file to specify a set of users as described in the following section.

You can view the user account mappings configured for a specific set of users using the Export-CSV, Import-CSV and GetADUser cmdlets. This method can be useful when the selection criteria for the –Filter parameter is too complex.

You can create a.csv file that you can use as a baseline for this task using the Export-CSV cmdlet. For more information about these cmdlets, see Export-CSV, Import-CSV, and Set-ADUser.

  1. Create a .csv file that contains the list of SamAccountName object attributes for the users you wish to view using the Get-AdUser and ExportCSV cmdlets as shown in the following example (where filter_param is the criteria used to select the users to be exported and csv_file_name is the file name for the .csv file being created):

    Get-ADUser –Filter <filter_param> | Select-Object SamAccountName | Export-CSV <csv_file_name>
    
    This creates a .csv file that contains the SamAccountName attribute of the user object for the users selected using the –Filter parameter as shown in the following example:

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser
    "SamAccountName"
    "user01"
    "user02"
    "user03"
    
  2. View the uidNumber and the gidNumber attributes of the user object for each user in the .csv file by running the following command (where csv_file_name is the file name for the .csv file):

    Import-CSV <csv_file_name> | ForEach-Object {Get-ADUser Identity $_.SamAccountName –Properties uidNumber, gidNumber}
    

You can add or modify the user account mapping configured for an individual user using the SetADUser cmdlet as shown in the following example (where user_name is the SamAccountName attribute, or user name, of the user object, uid_number is the UID to be added or modified, and gid_number is the GID to be added or modified):

Set-ADUser –Identity <user_name> -Replace @{uidNumber="<uid_number>", gidNumber="<gid_number>"}
noteNote
The UID and GID values must be unique for the user and group accounts respectively. The cmdlets will not validate these values for uniqueness.

For more information about this cmdlet, see Set-ADUser.

You can add or modify the user account mappings for multiple users using the Import-CSV and SetADUser cmdlets. You can create a .csv file that you can use as a baseline for this task using the Export-CSV cmdlet. For more information about these cmdlets, see Export-CSV, Import-CSV, and Set-ADUser.

noteNote
The Set-ADUser cmdlet only changes the attributes of an existing account in AD DS. The Set-ADUser cmdlet does not create user accounts in AD DS.

  1. Create a .csv file that contains the list of SamAccountName attributes of the user object for the users you wish to configure NFS user account mappings.

    Use the Get-AdUser and ExportCSV cmdlets as shown in the following example (where filter_param is the criteria used to select the users to be exported and csv_file_name is the file name for the .csv file being created):

    Get-ADUser –Filter <filter_param> | Select-Object SamAccountName | Export-CSV <csv_file_name>
    
    This creates a .csv file that contains the SamAccountName attribute of the user object for the users selected using the –Filter parameter as shown in the following example:

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser
    "SamAccountName"
    "user01"
    "user02"
    "user03"
    
  2. Modify the.csv file created in the previous step to include the uidNumber and the gidNumber attributes for each user as shown in the following example:

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser
    "SamAccountName","uidNumber","gidNumber"
    "user01","101","402"
    "user02","102","402"
    "user03","103","401"
    
  3. Add or modify the uidNumber attribute of the user object for each user in the .csv file by running the following command:

    Import-CSV <csv_file_name> | ForEach-Object {Set-ADUser Identity $_.SamAccountName –Replace @{uidNumber="$_.uidNumber", gidNumber="$_.gidNumber"}}
    

You can remove user account mapping configured for an individual group using the SetADUser cmdlet by clearing the uidNumber and gidNumber attributes of the user object as shown in the following example (where user_name is the user name, SamAccountName attribute, for the user to be removed):

Set-ADUser –Identity <user_name> -Clear uidNumber, gidNumber
noteNote
The Set-ADUser cmdlet only changes the attributes of an existing account in AD DS. The Set-ADUser cmdlet does not create user accounts in AD DS.

For more information about this cmdlet, see Set-ADUser.

The Set-ADUser cmdlet can be used to remove the user account mappings configured for multiple users using:

  • The –Filter parameter of the Set-ADGroup cmdlet. This method can be useful when the selection criteria for the –Filter parameter is able to return the correct set of groups.

  • A .csv file and the Import-CSV cmdlet. This method can be useful when the selection criteria for the –Filter parameter is too complex.

You can remove user account mappings configured for multiple users using the SetADUser cmdlet as shown in the following example (where filter_param is the criteria for selecting the users to have NFS mapping removed):

Set-ADUser –Filter <filter_param> -Clear uidNumber, gidNumber
noteNote
The Set-ADUser cmdlet only changes the attributes of an existing account in AD DS. The Set-ADUser cmdlet does not create user accounts in AD DS.

For more information about this cmdlet, see Set-ADUser.

When the selection criteria for the –Filter parameter is too complex, use a .csv file to specify a set of groups as described in the following section, “How to Remove NFS User Account Mappings for a Specific Set of Users Using a .csv File”.

You can remove the user account mappings configured for a specific set of users using the Import-CSV and SetADGroup cmdlets. This method can be useful when the selection criteria for the –Filter parameter is too complex.

You can create a.csv file that you can use as a baseline for this task using the ExportCSV cmdlet. For more information about these cmdlets, see Export-CSV, Import-CSV, and Set-ADUser.

noteNote
The Set-ADUser cmdlet only changes the attributes of an existing account in AD DS. The Set-ADUser cmdlet does not create user accounts in AD DS.

  1. Create a .csv file that contains the list of SamAccountName attributes of the user objects for the users you wish to remove using the Get-AdUser and ExportCSV cmdlets as shown in the following example (where filter_param is the criteria used to select the groups to be exported and csv_file_name is the file name of the .csv file being created):

    Get-ADUser –Filter <filter_param> | Select-Object SamAccountName | Export-CSV <csv_file_name>
    
    This creates a .csv file that contains the SamAccountName attribute of the user objects for the users selected using the –Filter parameter as shown in the following example:

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser
    "SamAccountName"
    "user01"
    "user02"
    "user03"
    
  2. Remove the NFS user account mapping by clearing the uidNumber and gidNumber attributes of the user objects for each user in the .csv file by running the following command (where csv_file_name is the file name for the .csv file you created in the previous step):

    Import-CSV <csv_file_name> | ForEach-Object {Set-ADUser Identity $_.SamAccountName –Clear uidNumber, gidNumber}
    

You can find all user objects with duplicate uidNumber attribute values in AD DS or AD LDS using the GetADUser cmdlet as shown in the following example:

Get-ADUser -Filter {uidNumber -like "*"} -Properties uidNumber | Select-Object Name, uidNumber | Group-Object uidNumber| ?{ $_.Count -gt 1 } | Select-Object -Expand Group

For more information about this cmdlet, see Get-ADUser.

You can manage NFS group account mappings using the Windows PowerShell cmdlets available in the Active Directory Module for Windows PowerShell. The Active Directory Module for Windows PowerShell is available in Windows Server 2008 R2 or Windows Storage Server 2008 R2. However, you can also manage computers running Windows Server 2008 using the Remote Server Administration Tools (RSAT) for Windows 7 from Windows Server 2008 R2, or from Windows Storage Server 2008 R2.

Manage NFS group account mappings by performing the following tasks:

You can view group account mappings for an individual group using the GetADGroup cmdlet as shown in the following example (where group_name is the group name, such as the SamAccountName attribute of the group object, for the group to be viewed):

Get-ADGroup –Identity <group_name> -Properties gidNumber

For more information about this cmdlet, see Get-ADGroup.

The Get-ADGroup cmdlet can be used to view the NFS group account mappings for multiple groups using:

  • The –Filter parameter of the Get-ADGroup cmdlet. This method can be useful when the selection criteria for the –Filter parameter is able to return the correct set of groups.

  • A .csv file and the Import-CSV cmdlet. This method can be useful when the selection criteria for the –Filter parameter is too complex.

You can view group account mappings for multiple groups using the GetADGroup cmdlet as shown in the following example (where filter_parameter is the criteria for selecting the groups):

Get-ADGroup –Filter <filter_param> -Properties gidNumber

For more information about this cmdlet, see Get-ADGroup. When the selection criteria for the –Filter parameter is too complex, use a .csv file to specify a set of groups as described in the following section, “How to View NFS Group Account Mappings for a Specific Set of Groups Using a .csv File”.

You can view the group account mappings for a specific set of groups using the Import-CSV and GetADGroup cmdlets. This method can be useful when the selection criteria for the –Filter parameter is too complex.

You can create a.csv file that you can use as a baseline for this task using the ExportCSV cmdlet. For more information about these cmdlets, see Export-CSV, Import-CSV, and Get-ADGroup.

  1. Create a .csv file that contains the list of SamAccountName attributes of the group objects for the groups you wish to view using the Get-AdGroup and ExportCSV cmdlets as shown in the following example (where filter_param is the criteria used to select the groups to be exported and csv_file_name is the file name for the .csv file being created):

Get-ADGroup –Filter <filter_param> | Select-Object SamAccountName | Export-CSV <csv_file_name>

This creates a .csv file that contains the SamAccountName attribute of the group objects for the groups selected using the –Filter parameter as shown in the following example:

#TYPE Selected.Microsoft.ActiveDirectory.Management.ADGroup
"SamAccountName"
"group01"
"group02"
"group03"
  1. View the gidNumber attribute for each group in the .csv file by running the following command (where csv_file_name is the file name for the .csv file):

Import-CSV <csv_file_name> | ForEach-Object {Get-ADGroup Identity $_.SamAccountName –Properties gidNumber}

You can add or modify the group account mapping for an individual group using the SetADGroup cmdlet as shown in the following example (where group_name is the SamAccountName attribute, or group name, of the group object and gid_number is the GID to be added or modified):

Set-ADGroup –Identity <group_name> -Replace @{gidNumber="<gid_number>"}
noteNote
The Set-ADGroup cmdlet only changes the attributes of an existing account in AD DS. The Set-ADGroup cmdlet does not create group accounts in AD DS.

For more information about this cmdlet, see Set-ADGroup.

You can add or modify the group account mapping for multiple groups using the Import-CSV and SetADGroup cmdlets. You can create a.csv file that you can use as a baseline for this task using the Export-CSV cmdlet. For more information about these cmdlets, see Export-CSV, Import-CSV, and Set-ADGroup.

noteNote
The Set-ADGroup cmdlet only changes the attributes of an existing account in AD DS. The Set-ADGroup cmdlet does not create group accounts in AD DS.

  1. Create a .csv file that contains the list of SamAccountName attributes of the group objects for the groups you wish to configure NFS group account mappings using the Get-AdGroup and ExportCSV cmdlets as shown in the following example (where filter_param is the criteria used to select the groups to be exported and csv_file_name is the file name for the .csv file being created):

    Get-ADGroup –Filter <filter_param> | Select-Object SamAccountName | Export-CSV <csv_file_name>
    
    This creates a .csv file that contains the SamAccountName object attribute for the groups selected using the –Filter parameter as shown in the following example:

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADGroup
    "SamAccountName"
    "group01"
    "group02"
    "group03"
    
  2. Modify the.csv file created in the previous step to include the gidNumber object attribute for each group as shown in the following example:

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADGroup
    "SamAccountName","gidNumber"
    "group01","401"
    "group02","402"
    "group03","403"
    
  3. Add or modify the gidNumber attribute for each group in the .csv file by running the following command:

    Import-CSV <csv_file_name> | ForEach-Object {Set-ADGroup Identity $_.SamAccountName –Replace @{gidNumber="$_.gidNumber"}}
    

You can remove group account mapping for an individual group using the SetADGroup cmdlet by clearing the gidNumber object attribute as shown in the following example (where group_name is the group name, and SamAccountName is the attribute of the group object of the group to be removed):

Set-ADGroup –Identity <group_name> -Clear gidNumber
noteNote
The Set-ADGroup cmdlet only changes the attributes of an existing account in AD DS. The Set-ADGroup cmdlet does not create group accounts in AD DS.

For more information about this cmdlet, see Set-ADGroup.

You can use the Set-ADGroup cmdlet to remove the group account mappings for multiple groups using:

  • The –Filter parameter of the Set-ADGroup cmdlet. This method can be useful when the selection criteria for the –Filter parameter is able to return the correct set of groups.

  • A .csv file and the Import-CSV cmdlet. This method can be useful when the selection criteria for the –Filter parameter is too complex.

You can remove group account mappings for multiple groups using the SetADGroup cmdlet as shown in the following example (where filter_param is the criteria for selecting the groups to have NFS mapping removed):

Set-ADGroup –Filter <filter_param> -Clear gidNumber
noteNote
The Set-ADGroup cmdlet only changes the attributes of an existing account in AD DS. The Set-ADGroup cmdlet does not create group accounts in AD DS.

For more information about this cmdlet, see Set-ADGroup.

When the selection criteria for the –Filter parameter is too complex, use a .csv file to specify a set of groups as described in the following section, “How to Remove NFS Group Account Mappings for a Specific Set of Groups Using a .csv File”.

You can remove the group account mapping for a specific set of groups using the Import-CSV and SetADGroup cmdlets. This method can be useful when the selection criteria for the –Filter parameter is too complex.

You can create a .csv file that you can use as a baseline for this task using the ExportCSV cmdlet. For more information about these cmdlets, see Export-CSV, Import-CSV, and Set-ADGroup.

noteNote
The Set-ADGroup cmdlet only changes the attributes of an existing account in AD DS. The Set-ADGroup cmdlet does not create group accounts in AD DS.

  1. Create a .csv file that contains the list of SamAccountName attributes of the group objects for the groups you wish to view using the Get-AdGroup and ExportCSV cmdlets as shown in the following example (where filter_param is the criteria used to select the groups to be exported and csv_file_name is the file name for the .csv file being created):

    Get-ADGroup –Filter <filter_param> | Select-Object SamAccountName | Export-CSV <csv_file_name>
    
    This creates a .csv file that contains the SamAccountName attribute for the groups selected using the –Filter parameter as shown in the following example:

    #TYPE Selected.Microsoft.ActiveDirectory.Management.ADGroup
    "SamAccountName"
    "group01"
    "group02"
    "group03"
    
  2. Remove the group account mapping by clearing the gidNumber object attribute for each group in the .csv file by running the following command (where csv_file_name is the file name for the .csv file you created in the previous step):

    Import-CSV <csv_file_name> | ForEach-Object {Set-ADGroup Identity $_.SamAccountName –Clear gidNumber}
    

You can find group objects with duplicate gidNumber attribute values in AD DS or AD LDS using the SetADGroup cmdlet as shown in the following example:

Get-ADGroup -Filter {gidNumber -like "*"} -Properties gidNumber | Select-Object Name, gidNumber | Group-Object gidNumber| ?{ $_.Count -gt 1 } | Select-Object -Expand Group

For more information about this cmdlet, see Get-ADGroup.

Manage Unmapped UNIX User Access to NFS shares to help ensure the appropriate users have access to the files and folders. Perform Unmapped UNIX User Access management using the following tasks:

The Unmapped UNIX User Access feature is available on Windows Server 2008 R2 or Windows Storage Server 2008 R2. You can enable Unmapped UNIX User Access by using one of the methods in the following table.

Table 14. Methods to Enable Unmapped UNIX User Access

Method

Perform these steps

Windows Explorer

  1. In Windows Explorer, go to the <target_folder>, right-click it, and then click Properties (where target_folder is a folder that is an NFS share).

  2. In the <target_folder> Properties dialog box, on the NFS Sharing tab, click Manage NFS Sharing.

    The NFS Advanced Sharing dialog box displays.

  3. In the NFS Advanced Sharing dialog box, select the No server authentication check box.

  4. In the NFS Advanced Sharing dialog box, select the Enable unmapped user access check box.

  5. In the NFS Advanced Sharing dialog box, click Allow unmapped UNIX user access, and then click OK.

  6. In the <target_folder> Properties dialog box, click Close.

Share and Storage Management

  1. Start Share and Storage Management.

  2. In the Share and Storage Management console, in the details pane, click the Shares tab, and then click <share_name> (where share_name is the name of the NFS share).

  3. In the Actions pane, click Properties.

    The <share_name> Properties dialog box displays.

  4. In the <share_name> Properties dialog box, on the NFS Authentication tab, select the Enable unmapped user access check box.

  5. On the NFS Authentication tab, click Allow unmapped UNIX user access, and then click OK.

  6. Close the Share and Storage Management console.

Nfsshare.exe

At an elevated command prompt, type the following command and then press ENTER (where nfs_share is the name of the NFS shared folder):

Nfsshare.exe nfs_share –o unmapped=yes anon=no

You can view Unmapped UNIX User Access configuration by using one of the methods in the following table.

Table 15. Methods to View Unmapped UNIX User Access Configuration

Method

Perform these steps

Windows Explorer

  1. In Windows Explorer, go to <target_folder>, right-click it, and then click Properties (where target_folder is the folder that is shared as an NFS share).

  2. In the <target_folder> Properties dialog box, on the NFS Sharing tab, click Manage NFS Sharing.

    The NFS Advanced Sharing dialog box displays.

  3. In the NFS Advanced Sharing dialog box, if the Allow unmapped UNIX user access option button is:

    • Selected, then Unmapped UNIX User Access is enabled.

    • Cleared, then Unmapped UNIX User Access is disabled.

  4. In the NFS Advanced Sharing dialog box, click OK.

  5. In the <target_folder> Properties dialog box, click Close.

Share and Storage Management

  1. Start Share and Storage Management.

  2. In the Share and Storage Management console, in the details pane, click the Shares tab, and then click <share_name> (where share_name is the name of the NFS share).

  3. In the Actions pane, click Properties.

    The <share_name> Properties dialog box displays.

  4. In the <share_name> Properties dialog box, on the NFS Authentication tab, select the Enable unmapped user access check box.

  5. On the NFS Authentication tab, click Allow unmapped UNIX user access.

  6. In the <share_name> Properties dialog box, on the NFS Authentication tab, if the Allow unmapped UNIX user access option button is:

    • Selected, then Unmapped UNIX User Access is enabled.

    • Cleared, then Unmapped UNIX User Access is disabled.

  7. In the <share_name> Properties dialog box, click OK.

  8. Close the Share and Storage Management console.

Nfsshare.exe

At an elevated command prompt, type the following command and then press ENTER (where nfs_share is the name of the NFS shared folder):

Nfsshare.exe nfs_share

The Unmapped UNIX User Access feature is available on Windows Server 2008 R2 or Windows Storage Server 2008 R2. You can enable Unmapped UNIX User Access by using one of the methods in the following table.

Table 16. Methods to Enable Unmapped UNIX User Access

Method

Perform these steps

Windows Explorer

  1. In Windows Explorer, go to <target_folder>, right-click it, and then click Properties (where target_folder is a folder that is an NFS share).

  2. In the <target_folder> Properties dialog box, on the NFS Sharing tab, click Manage NFS Sharing.

    The NFS Advanced Sharing dialog box displays.

  3. In the NFS Advanced Sharing dialog box, ensure that the Allow unmapped UNIX user access option button is cleared.

    You can select other configuration settings as appropriate for your solution.

  4. In the NFS Advanced Sharing dialog box, click OK.

  5. In the <target_folder> Properties dialog box, click Close.

Share and Storage Management

  1. Start Share and Storage Management.

  2. In the Share and Storage Management console, in the details pane, click the Shares tab, and then click <share_name> (where share_name is the name of the NFS share).

  3. In the Actions pane, click Properties.

    The <share_name> Properties dialog box is displayed.

  4. In the <share_name> Properties dialog box, on the NFS Authentication tab, ensure that the Allow unmapped UNIX user access option button is cleared.

    You can select other configuration settings as appropriate for your solution.

  5. In the <share_name> Properties dialog box, click OK.

  6. Close the Share and Storage Management console.

Nfsshare.exe

At an elevated command prompt, type the following command and then press Enter (where nfs_share is the name of the NFS shared folder):

Nfsshare.exe nfs_share –o unmapped=no

Manage NFS resource access to ensure the appropriate users have access to the files and folders that are accessed through an NFS share. Manage access to NFS shares using the following tasks:

You can create an NFS share by using one of the following methods:

  • The NFS Sharing tab in the folder properties in Windows Explorer as described in the section "To create a shared resource using the Windows interface" in Create an NFS Shared Network Resource.

  • The Nfsshare.exe tool as described in the section "To create a shared resource using the command prompt" in Create an NFS Shared Network Resource.

  • The Provision a Shared Folder Wizard in the Share and Storage Management console as described in Share a Resource.

noteNote
Ensure that you set the appropriate user and group access to the NFS share as described in Manage User and Group Access to an NFS Share.

You can manage user and group access to an NFS share by managing the:

You can view user and group access to an NFS share by using one of the following methods:

  • The NFS Sharing tab in the folder properties in Windows Explorer as described in the "To create a shared resource using the Windows interface" section in Create an NFS Shared Network Resource.

  • The Nfsshare.exe tool as described in the "To create a shared resource using the command prompt section" in Create an NFS Shared Network Resource.

  • The Provision a Shared Folder Wizard in the Share and Storage Management console as described in Share a Resource.

Nfsfile.exe is a command line tool that allows you to manage files that are created on a share with Unmapped UNIX User Access enabled and is included in Windows Server 2008 R2 and Windows Storage Server 2008 R2. You can use Nfsfile.exe to view and manage the permissions assigned to NFS shares using UNIX–like mode bits. You can also use Nfsfile.exe to convert the custom SIDs created by Unmapped UNIX User Access to the mapped SIDs (regular Windows SIDs) used by a mapped user access method.

You can view the command line parameters for Nfsfile.exe by typing nfsfile.exe /? at an elevated command prompt and then pressing ENTER, as shown in the following example:

C:\Users\Administrator>nfsfile.exe /?
Manipulates attributes of Services for NFS files.

NFSFILE [/v] [/s] [/i[[u=<uid>]|[g=<gid>]|[wu=<account>]|[wg=<account>]]]
        [/r[[u=<uid>]|[g=<gid>]|[m=<mode>]]] [/c[w|x]] <filespec>

/? - this message
/v - verbose
/s - scan sub-directories for matching files
/i - include files matching the specified criteria
        u <uid> - NFS owner SID matches <uid>
        g <gid> - NFS group SID matches <gid>
        wu <account> - NFS owner SID matches <account>
        wg <account> - NFS group SID matches <account>
/r - replace specified option on file
        u <uid> - set uid
        g <gid> - set gid
        m <mode> - set modebits to <mode>
        wu <account> - Set Windows Owner account
        wg <account> - Set Windows Group account
/c - convert the file according to
        w - Windows style ACL (Mapped)
        x - Unix Style ACL (Unmapped)

The following sections include a more detailed description of each parameter.

This parameter displays the syntax of Nfsfile.exe. No other parameters are required. An example of this parameter is shown in the previous Nfsfile.exe Syntax section in this document.

This parameter specifies the target files for the command and can include the "*" and "?" wildcard characters.

The following example shows sample output by specifying wildcard character usage:

C:\SharedFolders>nfsfile.exe /s /v /cw *.*
Start to process '*.*'...

Modified file: C:\SharedFolders\NFS_Share_01.
Modified file: C:\SharedFolders\NFS_Share_01\test_file.txt.

Successfully processed 2 files; Failed processing 0 files

The following example shows sample output by specifying the Test_File.txt file name:

C:\SharedFolders\NFS_Share_01>nfsfile.exe /s /v Test_File.txt
Start to process 'Test_File.txt'...

W -rwxr-xr-x <0755>  NFS\user02  NFS\Domain Users  C:\SharedFolders\NFS_Share_01
\test_file.txt

Successfully processed 1 files; Failed processing 0 files

This parameter displays verbose information about assigning access to the files specified in the filespec parameter.

The following example shows sample output without the /v parameter:

C:\SharedFolders>nfsfile.exe /s /cw *.*
Start to process '*.*'...

Successfully processed 2 files; Failed processing 0 files

The following example shows sample output with the /v parameter:

C:\SharedFolders>nfsfile.exe /s /v /cw *.*
Start to process '*.*'...

Modified file: C:\SharedFolders\NFS_Share_01.
Modified file: C:\SharedFolders\NFS_Share_01\test_file.txt.

Successfully processed 2 files; Failed processing 0 files

This parameter searches sub-folders beneath the current folder for the files specified in the filespec parameter, as shown in the following example:

C:\SharedFolders>nfsfile.exe /v /s *.*
Start to process '*.*'...

W drwxr-xr-x <0755>  BUILTIN\Administrators  NFS\Domain Users  C:\SharedFolders\
NFS_Share_01
W -rwxr-xr-x <0755>  BUILTIN\Administrators  NFS\Domain Users  C:\SharedFolders\
NFS_Share_01\test_file.txt
Successfully processed 2 files; Failed processing 0 files
noteNote
You can also use the /i parameter to specify additional selection criteria for the values in the filespec parameter.

This parameter allows you to filter the files based on the user or group identity based on the options in the following table.

Table 17. Options for the /i Parameter

Option

Description

u

Only returns files that are owned by the UID specified with this option.

In the following example, only files that are owned by the user with a UID of "101" are returned:

nfsfile.exe /v /s /i u=101 *.*

g

Only returns files that have the primary group of the GID specified with this option.

In the following example, only files that have the primary group with a GID of "401" are returned:

nfsfile.exe /v /s /i g=401 *.*

wu

Only returns files that are owned by the user specified with this option.

In the following example, only files that are owned by the user "user01" are returned:

nfsfile.exe /v /s /i wu=user01 *.*

wg

Only returns files that have the primary group specified with this option.

In the following example, only files that are have the primary group of "group01" are returned:

nfsfile.exe /v /s /i wg=group01 *.*

This parameter allows you to set (replace) the owner and primary group for a file or folder and to specify the access permissions based on the standard UNIX file access mode permissions, such as configured by the UNIX chmod command.

Table 18. Options for the /r Parameter

Option

Description

u

Sets the ownership of the file to the UID specified with this option. You can use this option in conjunction with the g and m options.

noteNote
You can runthe parameter on files with unmapped user access using custom SIDs. If you use this parameter on files with mapped user access, the command will fail.

In the following example, the user with a UID of "101" is configured as the owner of the Test_File.txt file:

nfsfile.exe /v /s /r u=101 /cx Test_File.txt

g

Sets the primary group of the file to the GID specified with this option. You can also use this option in conjunction with the u and m options.

In the following example, the primary group with a GID of "401" is configured as the primary group of the Test_File.txt file:

nfsfile.exe /v /s /r g=401 /cx Test_File.txt

m

Specifies the access permissions to a file using the standard UNIX file access mode permissions. You can use this option with either the:

  • u and the g options to specify the owner and group using a UID and GID.

  • wu and wg options to specify owner and group using the owner and group name respectively. The owner and group accounts can be domain accounts or local accounts.

In the following example, the UNIX file access mode permissions are set to "755" on the Test_File.txt file:

nfsfile.exe /v /s /r m=755 /cx Test_File.txt

wu

Sets the owner of the file based on the user specified with this option. You can use this option in conjunction with the wg and m options.

In the following example, the user "user01" is configured as the owner of the Test_File.txt file:

nfsfile.exe /v /s /r wu=user01 /cw Test_File.txt

wg

Sets the primary group of the file based on the group specified with this option. You can use this option in conjunction with the wu and m options.

In the following example, the primary group "group01" is configured as the primary group of the Test_File.txt file:

nfsfile.exe /v /s /r wg=group01 /cw Test_File.txt

This parameter converts a file that was created using Unmapped UNIX User Access to a file that uses mapped UNIX user access.

This parameter converts a file that was created using mapped UNIX user access to a file that uses Unmapped UNIX User Access.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.