Modifying groups in RFC 2307-compliant zones

In a standard RFC 2307-compliant zone, modifying a UNIX-enabled group in a zone requires the following permissions:

Select this target object To apply these permissions

The serviceConnectionPoint object for the group account

Click the Properties tab and select Allow to apply the following properties to this object only:

  • Read allowedAttributesEffective
  • Read objectGUID
  • Read Name

If you are changing the UNIX group identifier for a group, you need the following additional permissions applied to this object:

  • Read gidNumber
  • Write gidNumber

Note If you don’t see this attribute listed for the serviceConnectionPoint object, change the object selected to posixGroup objects.

If you are changing the UNIX name for a group, you need the following additional permissions applied to this object:

  • Read name
  • Write name
  • Write Name

Note The Name property is the common name (cn) of the serviceConnectionPoint object.