Security; About Hp Nas Va Security; Hp Nas Va Security In A Unix-Only Environment; Unix File Security - HP J3278B - SureStore CD-ROM Server/Tower 7 NAS Server User Manual

Security

About HP NAS VA Security

Two basic ways to ensure the security of the HP NAS VA are:
control access to the device
o
set an administrative password to ensure that only authorized users gain access to
o
key administrative functions
Access and rights to the data that clients store on the HP NAS VA device can involve security in
the Windows and UNIX environments. The subject of security is beyond the scope of this manual,
but many excellent books are available. This section offers a very abbreviated discussion of key
security elements that you might consider when administering your HP NAS VA, including
administrative password, shares, and exports. Further informaion on security for UNIX-only
environments and security for NT-only environments is available.

HP NAS VA Security in a UNIX-only Environment

UNIX File Security

UNIX uses a reasonably simple approach to data access security. Each workstation performs
user authentication locally. Each user is associated with a 16-bit integer (user ID or UID).
Additionally, each user can be a part of a group that is denoted by another 16-bit integer (group
ID or GID). A user can be a member of several groups, each with its own unique GID. All objects
contain associated meta-data that includes the UID and GID as well as read/write/execute
permissions for the object. A typical UNIX file permission might look like:
-rwxr-xr-x 1 201 5 611 Nov 11 11:09 testfile
-rwxr-xr-x 1 Wilson Engineering 611 Nov 11 11:09 testfile
In the first line, numbers represent the UID and GID; in the second line, the names associated
with the UID and GID are displayed. In either case, Wilson (UID 201), who is a member of the
Engineering group (GID 5), created a file that has permissions for three different groups. The
permissions are represented by a string of nine characters: three characters for the permissions
of each of the three groups of users. The three groups are the owner (Wilson), the group
(Engineering), and other. In the example above, the owner has specified rwx (read/write/execute)
privileges for himself, r-x (read/execute) privileges for the group, and r-x (read/execute)
privileges for other.
In your network, you might use a Network Information Service (NIS) server to help you maintain
common configuration files such as the password, group, and host files. If your environment uses
a NIS server, you can enable NIS. The HP NAS VA then maintains the same UID and GID
numbers that your UNIX users are currently assigned in a heterogeneous environment.
Note: Whether you disable or enable the use of a NIS server, you are in no way affecting the
security of a homogenous UNIX environment.
An additional form of security called host access is available in the UNIX environment and
controls which client machines are allowed access to the HP NAS VA, regardless of the user. The
allowed clients are specified by a list of IP addresses or hostnames representing those machines.
Host access controls access by machine, not user.
61