Configuring Share and Folder Security Overview
80
Snap Server Administrator Guide
Configuring Share and Folder Security Overview
Snap Servers support file access in Windows, UNIX, and Apple networks, as well as
access via FTP and HTTP. Although the GuardianOS runs on an optimized Linux
kernel and has many Linux characteristics, the cross-platform features make it very
different than a pure Linux distribution. Systems running GuardianOS are storage
appliances dedicated to file services. Administrators should not expect the same
behavior as a pure Linux system when administering the Snap Server.
By default, volumes are created with the Windows/Mixed security model
(Windows-style ACLs for files created by SMB clients and UNIX-style permissions
for files created by other protocols and processes), and allow all users to create,
delete, and configure permissions on their own files and to access files and
directories created by other users.
New shares are created by default with full read-write access to all users, subject to
the file system permissions on the share target directory. The first step to securing a
Snap Server is to specify access at the individual share level. Administrators can
assign Read/Write or Read-Only share access to individual Windows (and local)
users and groups.
Hidden Shares
There are three ways a share can be hidden in GuardianOS:
• Name the share with a dollar-sign ($) at the end. This is the traditional Windows
method of hiding shares; however, it does not truly hide the share since
Windows clients themselves filter the shares from share lists. Other protocols can
still see dollar-sign shares.
• Hide the share from all protocols (except NFS) by navigating to the
Security >
Shares > New > Advanced
page
and selecting the
Hide this Share
check box, or by
selecting a share, clicking
Properties > Advanced
, and selecting the
Hide this Share
check box. When a share is hidden this way, the share is invisible to clients, and
must be explicitly specified to gain access.
Note
Hidden shares are not hidden from NFS, which cannot access invisible
shares. To hide shares from NFS, consider disabling NFS access to the hidden
shares.
• Disable individual protocol access to certain shares by navigating to the
Security
> Shares > New > Advanced
page and enabling/disabling specific protocols, or by
selecting a share, clicking
Properties > Advanced
, and enabling/disabling specific
protocols.
Содержание 5325301656 - Snap Server 14000 NAS
Страница 2: ......
Страница 76: ...Disks and Units 62 Snap Server Administrator Guide ...
Страница 92: ...Creating iSCSI Disks 78 Snap Server Administrator Guide ...
Страница 108: ...Security Guides 94 Snap Server Administrator Guide ...
Страница 144: ...Unicode and Expansion Arrays 130 Snap Server Administrator Guide ...
Страница 164: ...Off the Shelf Backup Solutions for the Snap Server 150 Snap Server Administrator Guide ...
Страница 172: ...Scripts in SnapCLI 158 Snap Server Administrator Guide ...
Страница 206: ...192 Snap Server Administrator Guide ...
Страница 224: ...210 Snap Server Administrator Guide ...