File Sharing Configuration; File Volume Permissions - HP NetStorage 6000 Manual

object via UNIX (chmod or chown commands) and have the object become a UNIX object since this could
potentially weaken the access control that protects these objects.
In order for clients to share files across Windows and UNIX protocols, it is necessary to establish their credential
equivalence in each protocol. With this equivalence established, clients can access the files without regard to
their current working environment as the owner, member of a group, or as part of the Everyone or Other account.
A Windows client is identified by NT domain name, user name and the RID (relative ID) that is part of the unique
security descriptor supplied by the NT domain controller. UNIX clients are identified by their UID and GID
values whether they are part of a NIS administered server or not.
As described in the previous sections, the Windows and UNIX operating systems use different methods for
authentication, user identification, and controlling access to resources through permissions. If users are going to
be recognized as the owner of a file in both Windows and UNIX it will be necessary to "map" or create
equivalence between users in each environment. It will also be necessary to obtain information from each user
that will allow file permissions and access controls to be displayed in a manner that is consistent with each
protocol. All of this is accomplished using a series of map files that hold client information that will allow the
identification and translation of user credentials from one protocol to another.
Before discussing mapping strategies and the mechanisms used to map clients note that mapping is only used
when NT clients access UNIX file objects. Because the HP NetStorage 6000 uses a UNIX file system as its
native file system, UNIX file objects and NT objects have UNIX security attributes associated with these objects.
Therefore, whenever a UNIX client accesses these objects the HP NetStorage 6000 does not need to consult
any mapping strategy to determine permissions. It is only when an NT client tries to access UNIX objects that the
mapping strategy is employed or necessary.
File access and sharing is determined on several different levels including file volume creation, Windows and
UNIX security policies, and a choice of mapping strategies that are selected. Each of these aspects controls
and refines the access that users will or will not have with the files stored on the HP NetStorage 6000. Each of
these topic areas will be covered in the discussion below.

5 File Sharing Configuration

File sharing considerations begin with the file allocation storage that is established when file volumes are created
with UNIX and/or Windows permissions. The administrator will need to consider the overall availability and
amount of storage resources needed for each of the protocols.

5.1 File Volume Permissions

Before files can be shared in a heterogeneous environment the administrator must establish file sharing policies
which will allow both Windows and UNIX clients to gain access to files that are located on the HP NetStorage
6000. When file volumes are created the administrator selects the access that will be available for this volume
by selecting Windows clients only, UNIX clients only, or both Windows and UNIX clients. The choices that the
administrator makes on one volume will not affect the choices that can be made on other volumes. An example
is shown below:
Copyright © 2000 Hewlett-Packard Company Page 18 of 28
All Rights Reserved