Access Control In A Shared Cifs/Nfs Environment; Cifs Access Permission Settings - Fujitsu ETERNUS DX S5 Series Design Manual

4. NAS Functions

CIFS Access Permission Settings

Access Control in a Shared CIFS/NFS Environment

When the CIFS protocol and the NFS protocol are used, the access control varies depending on the version of
NFS.
The NFS access control varies depending on the NFS version.
For details, refer to
If the same name is used for the local user and the local group without case sensitivity when a local user is
registered in ACL, access control may not be set correctly for Windows.
Caution
During the operation phase
• Even though advanced security settings are specified with Windows ACL, the ACL security setting for
some users or groups may be unintentionally overwritten by an ACL setting that is performed later or
may not be enabled when the CIFS protocol and the NFS protocol are used at the same time.
• Even though advanced security settings are specified with Windows ACL, the UNIX POSIX ACL converts
them to Read permissions, Write permissions, and Execute permissions and maps these permissions.
Accesses from other Windows clients are controlled by privileges mapped to POSIX ACL.
• When adding ACL user from Windows, a security ID (Security ID) may be displayed instead of the name
that is specified from other Windows clients. If this occurs, disconnect the network drive and wait for a
while. After rebooting the network drive, the specified name is displayed.
CIFS Access Permission Settings
Access permissions can be set for a specific user or group when a CIFS shared folder is created.
The group "everyone" can be specified as a group. Access permissions can be changed for existing CIFS shared
folders. The CIFS access permission setting can grant access permissions for users or groups who have access
permissions that are granted by the ACL function.
When "everyone" is specified as the group, the privileges that are set for "everyone" are granted to all users.
However, users that are granted the "rw" access privilege can read and write data regardless of the privileges
that are set for "everyone".
Access permissions for the CIFS shared folders can be changed using ETERNUS Web GUI or ETERNUS CLI.
The changed settings are applied to sessions that are established after the change.
Caution
During the configuration phase
To use the CIFS access permission setting for access control of a shared folder, either omit the owner and
group settings or specify "root" when creating a shared folder. For details on the owner and group settings
of the shared folder, refer to
"Access Control in an NFS Environment" (page
"File Sharing" (page
182).
184).
183 Design Guide