Create file shares and mount targets in the UI, CLI, API, or Terraform.
Before you get started, and try to create mount targets for file shares, make sure that you created a VPC.
When you create a mount target, its transit encryption type must reflect the share's allowed transit encryption modes. You can create multiple mount targets for the share if it's to be used by resources in different VPCs. You can create one mount
target per VPC for the file share.
Creating a file share from the CLI
Gathering information from the CLI
Before you run the ibmcloud is share-create
command, you can gather information that you need for provisioning a share by viewing information about other file shares, mount targets, and file storage profiles.
Details for creating file shares.
Details |
Listing options |
What it provides |
File shares |
ibmcloud is shares |
List all shares in a region. |
File share details |
ibmcloud is share SHARE_ID |
Review details of a share. |
File share profiles |
ibmcloud is share-profiles |
List all file share profiles in a region. Only dp2 can be used to create file shares. |
Mount targets |
ibmcloud is share-mount-targets SHARE_ID |
List all mount targets for a file share. |
Subnets |
ibmcloud is subnets |
List all subnets. |
Reserved IP addresses |
ibmcloud is subnet-reserved-ips |
List all reserved IP addresses in the subnet. |
Security Groups |
ibmcloud is security-groups |
List all security groups. |
Creating a file share without a mount target from the CLI
You can use the ibmcloud is share-create
command to provision a file share in your selected zone with the dp2
profile, with your specific capacity and IOPS values. The following example shows how to create 1000-GB
file share with 1000 IOPS in the us-south-2 zone. This file share is created with the default security group access mode and with provider-managed encryption.
$ ibmcloud is share-create --name my-file-share --zone us-south-2 --profile dp2 --size 1000 --iops 1000
Creating file share my-file-share under account Test Account as user test.user@ibm.com...
ID r006-b696742a-92ee-4f6a-bfd7-921d6ddf8fa6
Name my-file-share
CRN crn:v1:bluemix:public:is:us-south-2:a/1234567::share:r006-b696742a-92ee-4f6a-bfd7-921d6ddf8fa6
Lifecycle state pending
Access control mode security_group
Accessor binding role none
Zone us-south-2
Profile dp2
Size(GB) 1000
IOPS 1000
Encryption provider_managed
Mount Targets ID Name
No mounted targets found.
Resource group ID Name
db8e8d865a83e0aae03f25a492c5b39e Default
Created 2023-10-18T22:15:15+00:00
Replication role none
Replication status none
Replication status reasons Status code Status message
- -
Security group access mode is the default and recommended setting. However, you can choose to create a file share with the VPC access mode that allows every Compute host in the VPC to mount the file share. See the following example.
$ ibmcloud is share-create --name my-vpc-file-share --zone us-south-2 --profile dp2 --size 1000 --iops 500 --access-control-mode vpc
Creating file share my-vpc-file-share under account Test Account as user test.user@ibm.com...
ID r006-b1707390-3825-41eb-a5bb-1161f77f8a58
Name my-vpc-file-share
CRN crn:v1:bluemix:public:is:us-south-2:a/a1234567::share:r006-b1707390-3825-41eb-a5bb-1161f77f8a58
Lifecycle state pending
Access control mode vpc
Zone us-south-2
Profile dp2
Size(GB) 1000
IOPS 500
Encryption provider_managed
Mount Targets ID Name
No mounted targets found.
Resource group ID Name
db8e8d865a83e0aae03f25a492c5b39e Default
Created 2023-10-18T22:57:05+00:00
Replication role none
Replication status none
Replication status reasons Status code Status message
- -
For more information about the command options, see ibmcloud is share-create
.
Creating a mount target for a file share from the CLI
To create a mount target for the file share, run the share-mount-target-create
command. Before you begin, gather some necessary information.
When you create a mount target, you must specify the file share that it is for. You can use the file share's name or ID. You must specify the VPC, too, either with its ID or name. The VPC must be unique to each mount target. You must also
specify the security access group that's going to be used to manage access to the share. The security groups that you associate with a mount target must allow inbound access for the TCP protocol on the NFS port from all virtual server instances
on which you want to mount the file share.
Lastly, you must specify values for the options that are needed to create a virtual network interface for the mount target. Use the appropriate CLI commands to list the available subnets,
reserved IP addresses in a subnet, security groups to get the information that you need.
The following example creates a mount target with a virtual network interface for a file share that has security group access mode.
$ ibmcloud is share-mount-target-create my-file-share --subnet my-subnet --name my-cli-share-mount-target-1 --vni-name my-share-vni-1 --vni-sgs my-sg --resource-group-name Default --vpc my-vpc
Mounting target for share r006-b696742a-92ee-4f6a-bfd7-921d6ddf8fa6 under account Test Account as user test.user@ibm.com...
ID r006-dd497561-c7c9-4dfb-af0a-c84eeee78b61
Name my-cli-share-mount-target-1
VPC ID Name
r006-6e8fb140-5668-45b8-b98a-d5cb0e0bf39b my-vpc
Access control mode security_group
Resource type share_mount_target
Virtual network interface ID Name
r006-13c070d8-d038-49c6-95f5-e8503c5595e3 my-share-vni-1
Lifecycle state pending
Mount path -
Transit Encryption none
The following example creates a mount target for a file share that has VPC access mode.
$ ibmcloud is share-mount-target-create my-vpc-file-share --vpc my-vpc --name my-vpc-mount-target
Mounting target for share r006-b1707390-3825-41eb-a5bb-1161f77f8a58 under account Test Account as user test.user@ibm.com...
ID r006-5ed68506-860e-4dea-a1eb-9634704e3c4d
Name my-vpc-mount-target
VPC ID Name
r006-6e8fb140-5668-45b8-b98a-d5cb0e0bf39b my-vpc
Access control mode vpc
Resource type share_mount_target
Lifecycle state pending
Mount path -
Transit Encryption none
Created 2023-10-18T23:09:43+00:00
For more information about the command options, see ibmcloud is share-mount-target-create
.
Creating a file share with a mount target from the CLI
You can create a file share with one or more mount targets in one step by using the ibmcloud is share-create
command. You need to provide the zone name, the file share profile,
the file share size, and the IOPS. You can also specify a name, user tags, and even the initial owner UID. To create the mount target, you need to provide the mount target information in JSON format.
The following example shows how to create a file share with 500 GB capacity and 2000 IOPS in the us-south-2
zone. The file share is tagged with env:dev
and has security group access control mode. The file share can
be mounted on authorized virtual servers by using the mount target my-new-mount-target
.
$ ibmcloud is share-create --name my-new-file-share --zone us-south-2 --profile dp2 --size 500 --iops 2000 --user-tags env:dev --mount-targets '
>[{"name":"my-new-mount-target","virtual_network_interface": {"name":"my-vni","subnet": {"id":"r006-298acd6c-e71e-4204-a04f-fe4a4dd89805"}}}]'
Creating file share my-new-file-share under account Test Account as user test.user@ibm.com...
ID r006-925214bc-ded5-4626-9d8e-bc4e2e579232
Name my-new-file-share
CRN crn:v1:bluemix:public:is:us-south-2:a/a1234567::share:r006-925214bc-ded5-4626-9d8e-bc4e2e579232
Lifecycle state pending
Access control mode security_group
Accessor binding role origin
Allowed transit encryption modes user_managed,none
Zone us-south-2
Profile dp2
Size(GB) 500
IOPS 2000
User Tags env:dev
Encryption provider_managed
Mount Targets ID Name
r006-ad313f6b-ccb5-4941-a5f7-0c953f1043df my-new-mount-target
Resource group ID Name
db8e8d865a83e0aae03f25a492c5b39e Default
Created 2023-10-19T00:30:11+00:00
Replication role none
Replication status none
Replication status reasons Status code Status message
- -
The following example creates a file share with VPC access mode and a mount target that can be used by any virtual server instance within the VPC.
$ ibmcloud is share-create --name my-file-share-8 --zone us-south-1 --profile dp2 --size 40 --iops 2000 --user-tags env:dev --mount-targets '
> [{"name": "my-new-mount-target","vpc": {"name": "my-vpc"}}]'
Creating file share my-file-share-8 under account Test Account as user test.user@ibm.com...
ID r006-97733317-35c3-4726-9c28-1159de30012e
Name my-file-share-8
CRN crn:v1:bluemix:public:is:us-south-1:a/a1234567::share:r006-97733317-35c3-4726-9c28-1159de30012e
Lifecycle state pending
Access control mode vpc
Zone us-south-1
Profile dp2
Size(GB) 40
IOPS 2000
User Tags env:dev
Encryption provider_managed
Mount Targets ID Name
r006-36d67ada-ca83-44be-adad-dc58e7c38dc5 my-new-mount-target
Resource group ID Name
db8e8d865a83e0aae03f25a492c5b39e Default
Created 2023-10-18T23:52:45+00:00
Replication role none
Replication status none
Replication status reasons Status code Status message
- -
Creating a file share with customer-managed encryption from the CLI
By default, File Storage for VPC shares are encrypted with IBM-managed encryption. However, you can also create an envelop-encryption for your file shares by using one of the supported key management services to create or import your own root
keys. For more information, see Protecting data with envelope encryption
For more information about how to create a file share with customer-managed encryption, see Creating file shares with customer-managed encryption.
Creating a file share with the API
You can create file shares and mount targets by directly calling the REST APIs.
Before you begin
Set up your API environment. Define variables for the IAM token, API endpoint, and API version. For instructions, see Setting up your API and CLI environment.
You must provide the generation
parameter and specify generation=2
. For more information, see Generation in the Virtual Private Cloud API reference.
A good way to learn more about the API is to click Get sample API call on the provisioning pages in IBM Cloud console. You can view the correct sequence of API requests and better understand actions and their dependencies.
Creating a file share with the API
Make a POST /shares
request to create a file share. Specify the size of the file share, a name, the IOPS profile, and zone. If you want to be able to create a file share with granular access authorization, specify security_group
as the access mode.
curl -X POST \
"$vpc_api_endpoint/v1/shares?version=2024-05-06&generation=2"\
-H "Authorization: $iam_token" \
-d '{
"access_control_mode": "security-group",
"allowed_transit_encryption_modes": ["none", "user-managed"],
"size": 4800,
"iops": 3000,
"name": "myshare-1",
"profile": {"name": "dp2"},
"zone": {"name": "us-south-1"}
}
Make sure that when you create the mount target, you also specify a virtual network interface that is a member of the security group that your virtual server instance belongs to.
The following example shows a request to create a 4800 GB file share. It specifies the access control mode vpc
, which enables all clients in each mount target's VPC to have access to this file share. This option is less secure,
and does not support newer features.
curl -X POST \
"$vpc_api_endpoint/v1/shares?version=2023-08-08&generation=2"\
-H "Authorization: $iam_token" \
-d '{
"size": 4800,
"iops": 3000,
"name": "myshare-1",
"profile": {"name": "dp2"},
"access_control_mode": "vpc",
"zone": {"name": "us-south-1"}
}'
A successful response looks like the following example.
{
"access_control_mode": "vpc",
"created_at": "2023-08-08T22:31:50Z",
"crn": "crn": "crn:[...]",
"encryption": "provider_managed",
"href": "https://us-south.iaas.cloud.ibm.com/v1/shares/acd96d70-b8d3-4b56-ad7f-9c1035df93b2",
"id": "acd96d70-b8d3-4b56-ad7f-9c1035df93b2",
"initial_owner": {
"gid": 0,
"uid": 0
},
"iops": 3000,
"lifecycle_state": "pending",
"name": "myshare-1",
"profile": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/share/profiles/dp2",
"name": "dp2",
"resource_type": "share_profile"
},
"replication_role": "none",
"replication_status": "none",
"replication_status_reasons": [],
"resource_group": {
"crn": "crn:v1:public:resource-controller::a/e2f80b84-bc75-4f53-8737-8193ef1d1a7b::resource-group:e96d1fa9-76f2-4c87-a737-dbab3a947b24",
"href": "https://resource-controller.cloud.ibm.com/v2/resource_groups/e96d1fa9-76f2-4c87-a737-dbab3a947b24",
"id": "e96d1fa9-76f2-4c87-a737-dbab3a947b24",
"name": "Default"
},
"resource_type": "share",
"size": 4800,
"mount_targets": [],
"zone": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"name": "us-south-1"
}
}
Creating a mount target for a file share with the API
This request creates or adds a mount target to an existing file share. In this example, the vpc
property is specified because the file share's access control mode is vpc
. Data encryption in transit can not be enabled.
Access control modes of the mount target and the share must match. Both must be either vpc
or security_group
. When you create a mount target with security_group
access mode, pay attention to the share's
allowed_transit_encryption_modes
. The transit_encryption
value must reflect what is allowed for the share.
curl -X POST \
"$vpc_api_endpoint/v1/shares/$share_id/mount_targets?version=2023-08-08&generation=2"\
-H "Authorization: Bearer $iam_token"\
-H 'Content-Type: application/json'\
-d '{
"access_control_mode": "vpc"
"name": "mount-target-name1",
"vpc": {"id": "6e01bc24-4a6e-4a0c-a1bd-4caa0c8159e7"},
"transit_encryption": "none"
}'
A successful response looks like the following example.
{
"access_control_mode": "vpc",
"created_at": "2023-08-08T23:31:59Z",
"href": "https://us-south.iaas.cloud.ibm.com/v1/shares/ff859972-8c39-4528-91df-eb9160eae918/mount_targets/9fdf4438-f5b4-4b6f-8bca-602494fd6c31",
"id": "9fdf4438-f5b4-4b6f-8bca-602494fd6c31",
"lifecycle_state": "pending",
"mount_path": "domain.com:/vol_xyz_2891fd0a_63aa_4deb_9ed5_1159e37cb5aa",
"name": "mount-target-name1",
"resource_type": "share_target",
"transit_encryption": "none",
"vpc": {
"crn": "crn:[...]",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/e6ff7b61-feb4-4c87-94aa-277d6f93e164",
"id": "e6ff7b61-feb4-4c87-94aa-277d6f93e164",
"name": "vpc-name1",
"resource_type": "vpc"
}
}
Adding a mount target to an existing file share by specifying a subnet and security group
Make a POST /shares/{share_id}/mount_targets
request and specify a subnet and security group for the mount target network interface. The security groups that you associate with a mount target must allow inbound access for the
TCP protocol on the NFS port from all virtual server instances on which you want to mount the file share.
This example adds a mount target to an existing file share, which is identified by ID, and provides a subnet and security group to define the network interface.
curl -X POST "$vpc_api_endpoint/v1/shares/f1ab81ef-dd30-459a-85e0-9094164978b1/mount_targets/?version=2023-07=18&generation=2"\
-d '{
"virtual_network_interface": {
"subnet": {"id": "1a0b3d75-8a62-4c78-9263-f9bcd25a8759"},
"security_groups": [{"id": "b2599112-7027-480e-ad1b-fd917d2fcb84"}]
},
"transit_encryption": "user_managed"
}'
Creating a file share and mount target together with the API
The following example request creates a file share that has the VPC-wide access mode and a mount target that can be used by every virtual server instance in the specified VPC. It also adds user tags to the share.
Access to the mount target is VPC wide; all instances in the VPC have access to this file share. Newer features such as cross-zone mounting and data encryption in transit are not supported.
curl -X POST \
"$vpc_api_endpoint/v1/shares?version=2023-08-08&generation=2\
-H "Authorization: Bearer $iam_token"\
-H 'Content-Type: application/json'\
-d '{
"access_control_mode": "vpc",
"allowed_transit_encryption_modes": "none",
"size": 4800,
"iops": 48000,
"mount_targets": [
{
"name": "mount-target-name1",
"vpc": {"id": "a1fb6c4f-6a63-4d34-8bf6-55fab89e932a"}
}
],
"name": "share-name1",
"profile": {"name": "dp2"},
"user_tags": [
"env:test",
"env:prod"
],
"resource_group": {},
"zone": {"name": "us-south-1"}
}'
A successful response looks like the following example.
{
"access_control_mode": "vpc",
"created_at": "2023-08-08T23:31:59Z",
"crn": "crn:[...]",
"encryption": "provider_managed",
"href": "https://us-south.iaas.cloud.ibm.com/v1/shares/ff859972-8c39-4528-91df-eb9160eae918",
"id": "ff859972-8c39-4528-91df-eb9160eae918",
"iops": 48000,
"lifecycle_state": "stable",
"name": "share-name1",
"profile": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/share/profiles/dp2",
"name": "dp2",
"resource_type": "share_profile"
},
"replication_role": "none",
"replication_status": "none",
"replication_status_reasons": [],
"resource_group": {
"crn": "crn:[...]",
"href": "https://resource-controller.cloud.ibm.com/v2/resource_groups/6b45d0aa-e0a6-478b-a5d9-bb45b106676d",
"id": "6b45d0aa-e0a6-478b-a5d9-bb45b106676d",
"name": "Default"
},
"resource_type": "share",
"size": 4800,
"mount_targets": [
{
"href": "https://us-south.iaas.cloud.ibm.com/v1/shares/ff859972-8c39-4528-91df-eb9160eae918/mount_targets/9fdf4438-f5b4-4b6f-8bca-602494fd6c31",
"id": "9fdf4438-f5b4-4b6f-8bca-602494fd6c31",
"name": "mount-target-name1",
"resource_type": "share_target",
"vpc": {
"crn": "crn:[...]",
"href": "https://us-south.iaas.cloud.ibm.com/v1/vpcs/e6ff7b61-feb4-4c87-94aa-277d6f93e164",
"id": "e6ff7b61-feb4-4c87-94aa-277d6f93e164",
"name": "vpc-name1",
"resource_type": "vpc"
}
}
],
"user_tags": ["env:test","env:prod"],
"zone": {
"href": "https://us-south.iaas.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"name": "us-south-1"
}
}
Creating a file share and mount target by specifying a subnet
The default access control mode for file shares is security_group
. It's more secure than the vpc-wide options and supports newer featues. To create the mount target with the network interface at the same time that the file share
is created, make a POST /shares
request and specify a subnet. Specifying the subnet
property is required when you're not specifying a virtual network interface.
The following example creates and attaches a virtual network interface to your mount target with a reserved IP address and applies the rules of the selected security group. The security groups that
you associate with a mount target must allow inbound access for the TCP protocol on the NFS port from all virtual server instances on which you want to mount the file share.
In this example, the mount target section specifies a subnet ID. The system picks a reserved IP from that subnet for the virtual network interface when the mount target is created.
curl -X POST "$vpc_api_endpoint/v1/shares?version=2023-08-08&generation=2"\
-H "Authorization: $iam_token"\
-d '{
"allowed_transit_encryption_modes": ["user-managed"],
"size": 10,
"name": "myshare-1",
"profile": {"name": "dp2"},
"zone": {"name": "us-south-1"},
"mount_targets": [
"virtual_network_interface": {"subnet": {"id": "4e95744c-7e64-48c9-b5d2-3b6481b1dfde"}},
"transit_encryption": {"user_managed"}
]
}'
When the transit_encryption
property is set to user_managed
, encryption in transit with an instance identity certificate is enabled. The default value for the transit_encryption
property is none
,
which disables encryption in transit. However, if the allowed_transit_encryption_modes
is specified as user-managed
, then the mount target must have user_managed
as the value of transit_encryption
.
A successful response looks like the following example.
{
"access_control_mode": "security_group",
"allowed_transit_encryption_modes": ["user-managed"],
"created_at": "2023-08-08T12:15:12Z",
"href": "$vpc_api_endpoint/v1/shares/90c4bb62-1724-47bd-8c45-f7d37d7c3508/mount_targets/7e5bdb52-676d-43b2-991f-2053cf6855eb",
"id": "7e5bdb52-676d-43b2-991f-2053cf6855eb",
"lifecycle_state": "pending",
"mount_path": "",
"name": "myshare-1",
"primary_ip": {"address": ""},
"resource_type": "share_target",
"subnet": {
"crn": "crn:[...]",
"href": "$vpc_api_endpoint/v1/subnets/4e95744c-7e64-48c9-b5d2-3b6481b1dfde",
"id": "4e95744c-7e64-48c9-b5d2-3b6481b1dfde",
"name": "subnet-2",
"resource_type": "subnet"
},
"transit_encryption": "user-managed",
"virtual_network_interface": {
"crn": "crn:[...]",
"href": "$vpc_api_endpoint/v1/virtual_network_interface/710y-b8aa945c-7eac-4c15-bad6-a56db9d1e9bd",
"id": "710y-b8aa945c-7eac-4c15-bad6-a56db9d1e9bd",
"name": "enlace-traverse-oat-console",
"resource_type": "VirtualNetworkInterface"
},
"vpc": {
"crn": "crn:[...]",
"href": "$vpc_api_endpoint/v1/vpcs/82fa21ae-a645-4dd5-9136-d48a723bf00e",
"id": "82fa21ae-a645-4dd5-9136-d48a723bf00e",
"name": "my-vpc-2",
"resource_type": "vpc"
}
}
Creating a file share and mount target by specifying a subnet and security group
To create the mount target network interface, make a POST /shares
request and specify a subnet and security group. The security groups that you associate with a mount target must allow inbound access for the TCP protocol on the
NFS port from all virtual server instances on which you want to mount the file share.
In this example, the mount_targets
property specifies a subnet ID and security group ID. When the transit_encryption
property is set to user_managed
, it enables encryption in transit by using an instance
identity certificate. The default value is none, which disables encryption in transit.
curl -X POST "$vpc_api_endpoint/v1/shares?version=2023-08-08&generation=2"\
-H "Authorization: $iam_token" \
-d '{
"size": 20,
"iops": 100,
"name": "myshare-3",
"profile": {"name": "dp2"},
"zone": {"name": "us-south-1"},
"allowed_transit_encryption_modes": ["user-managed"],
"mount_targets": [
"virtual_network_interface": {
"subnet": {"id": "4e95744c-7e64-48c9-b5d2-3b6481b1dfde"},
"security_groups": [{"id": "34c09abb-37bf-4ef6-88bb-f63a0ef28915"}]
},
"transit_encryption": {"user_managed"}
]
}'
The following response shows that access control mode is security_group
, which is the default value.
{
"access_control_mode": "security_group",
"allowed_transit_encryption_modes": ["user-managed"],
"created_at": "2023-08-08T12:55:40Z",
"crn": "crn:[...]",
"encryption": "provider_managed",
"href": "$vpc_api_endpoint/v1/shares/r006-56f91d4a-2801-470a-b368-176bde64e954",
"id": "r006-56f91d4a-2801-470a-b368-176bde64e954",
"initial_owner": {
"gid": 0,
"uid": 0
},
"iops": 100,
"lifecycle_state": "pending",
"name": "myshare-3",
"profile": {
"href": "$vpc_api_endpoint/v1/share/profiles/dp2",
"name": "dp2",
"resource_type": "share_profile"
},
"replication_role": "none",
"replication_status": "none",
"replication_status_reasons": [],
"resource_group": {
"crn": "crn:[...]",
"href": "$vpc_api_endpoint/v2/resource_groups/678523bcbe2b4eada913d32640909956",
"id": "678523bcbe2b4eada913d32640909956",
"name": "Default"
},
"resource_type": "share",
"size": 20,
"mount_targets": [
{
"href": "$vpc_api_endpoint/v1/shares/r006-56f91d4a-2801-470a-b368-176bde64e954/mount_targets/r006-b8573e2c-60ee-4ecc-9eae-c52f890a8195",
"id": "r006-b8573e2c-60ee-4ecc-9eae-c52f890a8195",
"name": "sticky-idealist-spoiled-sloppily",
"resource_type": "share_target",
"transit_encryption": {"user_managed"}
}
],
"user_tags": [],
"zone": {
"href": "https://us-south.cloud.ibm.com/v1/regions/us-south/zones/us-south-1",
"name": "us-south-1"
}
}
Creating a file share and mount target by specifying a virtual network interface
To perform this operation, you must already have a virtual network interface and that virtual network interface must not be attached to another resource.
Make a POST /shares
request and create a mount target with a virtual network interface. Specify the ID of an unattached virtual network interface in the mount target's virtual_network_interface
property.
curl -X POST "$vpc_api_endpoint/v1/shares?version=2023-08-08&generation=2" \
-H "Authorization: $iam_token" \
-d '{
"size": 10,
"name": "share-sc-2",
"profile": {"name": "dp2"},
"zone": {"name": "us-south-3"},
"allowed_transit_encryption_modes": ["none"],
"mount_targets": [{
"name": "mount-target-1",
"transit_encryption": {"none"},
"virtual_network_interface": {"id": "0767-fa41aecb-4f21-423d-8082-630bfba1e1d9"}
}]
}'
Adding supplemental IDs when you create a file share with the API
With the API, you can set UID
and GID
values for the initial_owner
property to control access to your file shares. Wherever you mount the file share, the root folder uses that user ID and group ID owner.
You set the UID
or GID
, or both when you create a share in a POST /shares
call.
If you change the supplemental IDs (UID or GID) from the virtual server instance, it is not possible to determine that it was changed. As a result, initial_owner
does not change in the API database but changes only in the file
storage system.
Table 1 shows UID and GID values that you can set and values that are reserved.
Unix/Linux® supplemental ID values.
ID value |
Description |
UID |
|
UID 0 |
Reserved for root. |
UID 1–99 |
Reserved for predefined accounts. |
UID 100–999 |
Reserved by the system for administrative system accounts and groups. |
UID 1000–10000 |
Used by applications account. |
UID 10000+ |
Available for user accounts. |
GID |
|
GID 0 |
Reserved for root. |
GID 1–99 |
Reserved for the system and application use. |
GID 100+ |
Allocated for the user’s group. |
To set supplemental IDs when you create a share, make a POST /shares
call and specify the initial_owner
property with the supplemental IDs. See the following example.
curl -X POST \
"$vpc_api_endpoint/v1/shares?version=2023-08-08&generation=2"\
-H "Authorization: $iam_token" \
-d '{
"initial_owner": {"gid": 101,"uid": 10001},
"size": 4800,
"name": "share-name",
"profile": {"name": "dp2"},
"zone": {"name": "us-south-1"}
.
.
.
}'