Modifying groups in RFC 2307-compliant zones

In a standard RFC 2307-compliant zone, modifying a UNIX-enabled group in a zone requires the following permissions:

Select this target object	To apply these permissions
The serviceConnectionPoint object for the group account	Click the Properties tab and select Allow to apply the following properties to this object only: Read allowedAttributesEffective Read objectGUID Read Name If you are changing the UNIX group identifier for a group, you need the following additional permissions applied to this object: Read gidNumber Write gidNumber Note If you don’t see this attribute listed for the serviceConnectionPoint object, change the object selected to posixGroup objects. If you are changing the UNIX name for a group, you need the following additional permissions applied to this object: Read name Write name Write Name Note The Name property is the common name (cn) of the serviceConnectionPoint object.

Select this target object

To apply these permissions

The serviceConnectionPoint object for the group account

Click the Properties tab and select Allow to apply the following properties to this object only:

If you are changing the UNIX group identifier for a group, you need the following additional permissions applied to this object:

Note If you don’t see this attribute listed for the serviceConnectionPoint object, change the object selected to posixGroup objects.

If you are changing the UNIX name for a group, you need the following additional permissions applied to this object:

Note The Name property is the common name (cn) of the serviceConnectionPoint object.