Table of Contents
Advertisement
Integrating Local File System Security into Windows Domain Environments
ACLs include properties specific to users and groups from a particular workgroup server or
domain environment. In a multidomain environment, user and group permissions from several
domains can apply to files stored on the same device. Users and groups local to the NAS 1000s
can be given access permissions to shares managed by the device. The domain name of the
NAS 1000s supplies the context in which the user or group is understood. Permission
configuration depends on the network and domain infrastructure where the server resides.
File-sharing protocols (except NFS) supply a user and group context for all connections over
the network. (NFS supplies a machine based context.) When new files are created by those
users or machines, the appropriate ACLs are applied.
Configuration tools provide the ability to share permissions out to clients. These shared
permissions are propagated into a file system ACL and when new files are created over the
network, the user creating the file becomes the file owner. In cases where a specific
subdirectory of a share has different permissions from the share itself, the NTFS permissions
on the subdirectory apply instead. This method results in a hierarchical security model where
the network protocol permissions and the file permissions work together to provide
appropriate security for shares on the device.
Note:
on a file system to have different permissions from those applied to a share. When this situation
occurs, the file level permissions override the share permissions.
Comparing Administrative (Hidden) and Standard Shares
CIFS supports both administrative shares and standard shares. Administrative shares are
shares with a last character of $. Administrative shares are not included in the list of shares
when a client browses for available shares on a CIFS server. Standard shares are shares that do
not end in a $ character. Standard shares are listed whenever a CIFS client browses for
available shares on a CIFS server.
The NAS 1000s supports both administrative and standard CIFS shares. To create an
administrative share, end the share name with the $ character when setting up the share. Do not
type a $ character at the end of the share name when creating a standard share.
Planning for Compatibility between File Sharing Protocols
When planning for cross-platform share management on the NAS 1000s, it is important to
understand the different protocols and their associated constraints. Each additional protocol
that is supported adds another level of constraints and complexity.
NFS Compatibility Issues
Of the file sharing protocols that are supported on the NAS 1000s, NFS introduces the most
constraints. When planning to manage CIFS and NFS shares, consider two specific
requirements.
Note:
available in Chapter 6, UNIX File System Management.
NAS 1000s Administration Guide
Share permissions and file level permissions are implemented separately. It is possible for files
Further information, including details about the NFS Service and the User Mapping service, is
Folder and Share Management
93
Advertisement
Table of Contents
