Security Model Directories; Security Model Management - Overland Storage SnapServer Administrator's Manual

SnapServer GuardianOS 7.2 Administrator's Guide
• The security personality of a file or directory can be changed by any user with
sufficient rights to change permissions or ownership. If a client of one security
personality changes permissions or ownership of a file or directory of a different
personality, the personality will change to match the personality of the client protocol
(for example, if an NFS client changes UNIX permissions on a Windows file, the file
will change to the UNIX personality).
UNIX Security Model:
• Files and directories created by non-SMB clients will have the UNIX personality.
UNIX permissions will be as set by the client (per the user's local umask on the client).
• Files and directories created by SMB clients will have the UNIX personality. UNIX
permissions will be set to a default.
• The personality of files and directories cannot be changed on a UNIX security model.
All files and directories always have the UNIX personality.

Security Model Directories

With Traditional RAID, a security model can be configured on directories immediately
underneath the top-level volume directory.
Default ownership differs according to the method used to create the security model
directory:
• From the client – For UNIX personality directories, the owner and owning group will
be according to the logged-in user. For Windows personality directories, the owner will
be the logged-in user, or "Administrators" for directories created by Domain Admins or
members of the local admingrp.
• From the Web Management Interface – For UNIX personality directories, the user
and group owner will be admin and admingrp. For Windows personality directories,
the owner will be the local admingrp ("Administrators").
Security models and permissions differ according to the method used to create the security
model directory:
• From the client: If SMB, permissions will either be according to ACL inheritance (if
the parent volume root directory has the Windows security model) or Full Access to the
owning user only. Permissions for directories created by all other protocols will be set
by the client (per the client's umask).
• From the Web Management Interface:
• If created in a UNIX volume, permissions are 777 (rwxrwxrwx).
• If created in a Windows/Mixed volume, permissions allows all users to create,

Security Model Management

Changes to a security model can optionally be propagated with the corresponding
personality and default permission to all files and directories underneath the security model.
10400317-003 05/2012
delete, and change permissions on files created inside the security model, and
grants full control to administrators.
©2010-12 Overland Storage, Inc.
Security Model Directories
 C-2