Integrating Local File System Security Into Windows Domain Environments; Comparing Administrative (Hidden) And Standard Shares; Planning For Compatibility Between File Sharing Protocols - HP 345646-001 - StorageWorks NAS 2000s External Storage Server Administration Manual

Integrating Local File System Security into Windows Domain Environments

ACLs include properties specific to users and groups from a particular workgroup server or
domain environment. In a multidomain environment, user and group permissions from several
domains can apply to files stored on the same device. Users and groups local to the NAS 2000s
can be given access permissions to shares managed by the device. The domain name of the
NAS 2000s supplies the context in which the user or group is understood. Permission
configuration depends on the network and domain infrastructure where the server resides.
File-sharing protocols (except NFS) supply a user and group context for all connections over
the network. (NFS supplies a machine based context.) When new files are created by those
users or machines, the appropriate ACLs are applied.
Configuration tools provide the ability to share permissions out to clients. These shared
permissions are propagated into a file system ACL and when new files are created over the
network, the user creating the file becomes the file owner. In cases where a specific
subdirectory of a share has different permissions from the share itself, the NTFS permissions
on the subdirectory apply instead. This method results in a hierarchical security model where
the network protocol permissions and the file permissions work together to provide
appropriate security for shares on the device.
Note:
on a file system to have different permissions from those applied to a share. When this situation
occurs, the file level permissions override the share permissions.

Comparing Administrative (Hidden) and Standard Shares

CIFS supports both administrative shares and standard shares. Administrative shares are
shares with a last character of $. Administrative shares are not included in the list of shares
when a client browses for available shares on a CIFS server. Standard shares are shares that do
not end in a $ character. Standard shares are listed whenever a CIFS client browses for
available shares on a CIFS server.
The NAS 2000s supports both administrative and standard CIFS shares. To create an
administrative share, end the share name with the $ character when setting up the share. Do not
type a $ character at the end of the share name when creating a standard share.

Planning for Compatibility between File Sharing Protocols

When planning for cross-platform share management on the NAS 2000s, it is important to
understand the different protocols and their associated constraints. Each additional protocol
that is supported adds another level of constraints and complexity.
NAS 2000s Administration Guide
Share permissions and file level permissions are implemented separately. It is possible for files
Folder, Printer, and Share Management
125