Microsoft Services for NFS
148
NAS 2000s Administration Guide
Permissions are granted on a per-export basis; each export has its own permissions,
independent of other exports on the system. For example, file system a can be exported to
allow only the Accounting department access, and file system m can be exported allowing
only the Management department access. If a user in Management needs access to the
Accounting information, the A export permissions can be modified to let that one user's client
machine have access. This modification does not affect other client access to the same export,
nor does it allow the Management user or client access to other exports.
After the client machine has permission to the export, the user logon affects file access. The
client machine presents the UNIX user ID (UID) and group ID (GID) to the server. When the
computer accesses a file, the UID and GID of the client are transferred to a Windows user ID
and group ID by the mapping server. The ACLs of the file or directory object being requested
are then compared against the mapped Windows login or group ID to determine whether the
access attempt should be granted.
Note:
User credentials are not questioned or verified by the NFS server. The server accepts the
presented credentials as valid and correct.
If the NFS server does not have a corresponding UID or GID, or if the administrator has set
other conditions to filter out the user, a process called squashing takes effect. Squashing is the
conversion of an unknown or filtered user to an anonymous user. This anonymous user has
very restricted permissions on the system. Squashing helps administrators manage access to
their exports by allowing them to restrict access to certain individuals or groups and to squash
all others down to restricted (or no) access. Squashing enables the administrator to allow
permissions instead of denying access to all the individuals who are not supposed to have
access. See “NFS User and Group Mappings” later in this chapter for specific information
about creating and maintaining mappings.
Indicating the Computer to Use for the NFS User Mapping Server
During the processes of starting and installing the NAS 2000s, the name localhost is assigned
by default to the computer. It is assumed that the NAS 2000s is the computer that will be used
for user name mapping.
If there are other mapping servers and a machine other than the localhost that will store user
name mappings, the name of that computer must be indicated, as detailed below:
1. Use Remote Desktop to access the NAS Management Console, click File Sharing,
Microsoft Services for Network File System. Click Server for NFS.
is an
example of the Server for NFS user interface.
2. In the Computer name box of the user-mapping screen, type the name of the computer
designated for user mapping and authentication.
3. Localhost is the computer name assigned by default on the NAS 2000s. To control user
mapping from a different computer, enter the name of that computer.
Note:
If a machine other than the localhost is to be used, make sure that the user name mapping
service is installed and running on that machine.
Summary of Contents for 345646-001 - StorageWorks NAS 2000s External Storage Server
Page 16: ...About this Guide 16 NAS 2000s Administration Guide ...
Page 56: ...Storage Management Overview 56 NAS 2000s Administration Guide ...
Page 80: ...Disk Management 80 NAS 2000s Administration Guide ...
Page 110: ...User and Group Management 110 NAS 2000s Administration Guide ...
Page 146: ...Folder Printer and Share Management 146 NAS 2000s Administration Guide ...
Page 186: ...NetWare File System Management 186 NAS 2000s Administration Guide ...