By keeping the number of shares and other resources low, the performance of the storage system is
optimized. For example, instead of sharing out each individual user's home directory as its own share,
share out the top-level directory and let the users map personal drives to their own subdirectory.
Defining Access Control Lists
The Access Control List (ACL) contains the information that dictates which users and groups have
access to a share, as well as the type of access that is permitted. Each share on an NTFS file system
has one ACL with multiple associated user permissions. For example, an ACL can define that User1
has read and write access to a share, User2 has read only access, and User3 has no access to the
share. The ACL also includes group access information that applies to every user in a configured
group. ACLs are also referred to as permissions.
Integrating local file system security into Windows domain environments
ACLs include properties specific to users and groups from a particular workgroup server or domain
environment. In a multidomain environment, user and group permissions from several domains can
apply to files stored on the same device. Users and groups local to the storage system can be given
access permissions to shares managed by the device. The domain name of the storage system supplies
the context in which the user or group is understood. Permission configuration depends on the network
and domain infrastructure where the server resides.
File-sharing protocols (except NFS) supply a user and group context for all connections over the
network. (NFS supplies a machine-based context.) When new files are created by those users or
machines, the appropriate ACLs are applied.
Configuration tools provide the ability to share permissions out to clients. These shared permissions
are propagated into a file system ACL, and when new files are created over the network, the user
creating the file becomes the file owner. In cases where a specific subdirectory of a share has different
permissions from the share itself, the NTFS permissions on the subdirectory apply instead. This method
results in a hierarchical security model where the network protocol permissions and the file permissions
work together to provide appropriate security for shares on the device.
NOTE:
Share permissions and file-level permissions are implemented separately. It is possible for files on a file
system to have different permissions from those applied to a share. When this situation occurs, the file-level
permissions override the share permissions.
Comparing administrative (hidden) and standard shares
CIFS supports both administrative shares and standard shares.
•
Administrative shares are shares with a last character of $. Administrative shares are not included
in the list of shares when a client browses for available shares on a CIFS server.
•
Standard shares are shares that do not end in a $ character. Standard shares are listed whenever
a CIFS client browses for available shares on a CIFS server.
The storage system supports both administrative and standard CIFS shares. To create an administrative
share, end the share name with the $ character when setting up the share. Do not type a $ character
at the end of the share name when creating a standard share.
HP StorageWorks All-in-One Storage System
163
Summary of Contents for AK373A - StorageWorks All-in-One Storage System 1200r 5.4TB SAS Model NAS Server
Page 14: ...14 ...
Page 34: ...Installing and configuring the server 34 ...
Page 48: ...Storage system components 48 ...
Page 56: ...Storage management overview 56 ...
Page 96: ...Managing data protection 96 ...
Page 100: ...Managing storage 100 ...
Page 134: ...System recovery 134 ...
Page 184: ...Microsoft Services for Network File System MSNFS 184 ...
Page 216: ...Index 216 ...