Security Model Functionality - Overland Storage SnapServer Administrator's Manual

SnapServer 7.0 Administrator's Guide
The security model determines the rules regarding which security personality will be
present on files and directories created by the various protocols and clients, and whether
the personality of files and directories can be changed by changing permissions.

Security Model Functionality

The following table describes the behavior of security models.
Function
Security Models
Directory
Ownership
Security
Personality of
Files and
Directories
10400317-001 10/2011
Description
Default ownership differs according to the method used to create the
security model directory:
• From the client – For UNIX personality directories, the owner and
owning group will be according to the logged-in user. For Windows
personality directories, the owner will be the logged-in user, or
"Administrators" for directories created by Domain Admins or members
of the local admingrp.
• From the Web Management Interface – For UNIX personality
directories, the user and group owner will be admin and admingrp. For
Windows personality directories, the owner will be the local admingrp
("Administrators").
Files and directories created by clients inside security models will acquire
security personality and permissions according to the rules of the security
model.
Windows/Mixed
• Files and directories created by SMB clients will have the Windows
security personality. Permissions will either be inherited according to
the ACL of the parent directory (if Windows) or will receive a default ACL
that grants the user full access only (if the parent is UNIX or has no
inheritable permissions).
• Files and directories created by non-SMB clients will have the UNIX
personality. UNIX permissions will be as set by the client (per the user's
local umask on the client).
• The security personality of a file or directory can be changed by any
user with sufficient rights to change permissions or ownership. If a
client of one security personality changes permissions or ownership of
a file or directory of a different personality, the personality will change
to match the personality of the client protocol (for example, if an NFS
client changes UNIX permissions on a Windows file, the file will change
to the UNIX personality).
UNIX
• Files and directories created by non-SMB clients will have the UNIX
personality. UNIX permissions will be as set by the client (per the user's
local umask on the client).
• Files and directories created by SMB clients will have the UNIX
personality. UNIX permissions will be set to a default.
• The personality of files and directories cannot be changed on a UNIX
security model. All files and directories always have the UNIX
personality.
©2010-11 Overland Storage, Inc.
7 – Security Options
7-29