Windows ACLs
Chapter 6 Share and File Access
91
Permissions are enforced for the specified users in the same manner for all client
protocols, including non-SMB clients that normally have the UNIX security
personality. However, if a non-SMB client changes permissions or ownership on a
Windows personality file or directory (or deletes and recreates it), the personality
will change to UNIX with the UNIX permissions specified by the client.
Note
Group membership of NFS clients is established by configuring the local
client’s user account or the NIS domain. Group membership of Snap Server local
users or users ID-mapped to domain users is not observed by NFS clients.
Therefore, ACL permissions applied to groups may not apply as expected to NFS
clients.
Default File and Folder Permissions
When a file or directory is created by an SMB client, the owner of the file will be the
user who created the file (except for files created by local or domain administrators,
in which case the owner will be the “Administrators” group, mapped to the local
admingrp), and the ACL will be inherited per the inheritance ACEs on the parent
directory’s ACL. The owner of a file or directory always implicitly has the ability to
change permissions, regardless of the permissions established in the ACL. In
addition, members of the Snap Server’s local admin group, as well as members of
Domain Admins (if the server is configured to belong to a domain) always
implicitly have
take ownership
and
change ownership
permissions.
Setting File and Directory Access Permissions and Inheritance
(Windows)
Access permissions for files and directories with the Windows security personality
are set using standard Windows NT, 2000, 2003, XP, or Vista security tools.
GuardianOS supports:
• All standard generic and advanced access permissions that can be assigned by
Windows clients.
• All levels of inheritance that can be assigned to an ACE in a directory ACL from a
Windows client.
• Automatic inheritance from parent directories, as well as the ability to disable
automatic inheritance from parents.
• Special assignment and inheritance of the CREATOR OWNER, CREATOR
GROUP, Users, Authenticated Users, and Administrators built-in users and
groups.
Summary of Contents for 5325301656 - Snap Server 14000 NAS
Page 2: ......
Page 76: ...Disks and Units 62 Snap Server Administrator Guide ...
Page 92: ...Creating iSCSI Disks 78 Snap Server Administrator Guide ...
Page 108: ...Security Guides 94 Snap Server Administrator Guide ...
Page 144: ...Unicode and Expansion Arrays 130 Snap Server Administrator Guide ...
Page 164: ...Off the Shelf Backup Solutions for the Snap Server 150 Snap Server Administrator Guide ...
Page 172: ...Scripts in SnapCLI 158 Snap Server Administrator Guide ...