Folder, Printer, and Share Management
125
NAS 2000s Administration Guide
Integrating Local File System Security into Windows Domain Environments
ACLs include properties specific to users and groups from a particular workgroup server or
domain environment. In a multidomain environment, user and group permissions from several
domains can apply to files stored on the same device. Users and groups local to the NAS 2000s
can be given access permissions to shares managed by the device. The domain name of the
NAS 2000s supplies the context in which the user or group is understood. Permission
configuration depends on the network and domain infrastructure where the server resides.
File-sharing protocols (except NFS) supply a user and group context for all connections over
the network. (NFS supplies a machine based context.) When new files are created by those
users or machines, the appropriate ACLs are applied.
Configuration tools provide the ability to share permissions out to clients. These shared
permissions are propagated into a file system ACL and when new files are created over the
network, the user creating the file becomes the file owner. In cases where a specific
subdirectory of a share has different permissions from the share itself, the NTFS permissions
on the subdirectory apply instead. This method results in a hierarchical security model where
the network protocol permissions and the file permissions work together to provide
appropriate security for shares on the device.
Note:
Share permissions and file level permissions are implemented separately. It is possible for files
on a file system to have different permissions from those applied to a share. When this situation
occurs, the file level permissions override the share permissions.
Comparing Administrative (Hidden) and Standard Shares
CIFS supports both administrative shares and standard shares. Administrative shares are
shares with a last character of $. Administrative shares are not included in the list of shares
when a client browses for available shares on a CIFS server. Standard shares are shares that do
not end in a $ character. Standard shares are listed whenever a CIFS client browses for
available shares on a CIFS server.
The NAS 2000s supports both administrative and standard CIFS shares. To create an
administrative share, end the share name with the $ character when setting up the share. Do not
type a $ character at the end of the share name when creating a standard share.
Planning for Compatibility between File Sharing Protocols
When planning for cross-platform share management on the NAS 2000s, it is important to
understand the different protocols and their associated constraints. Each additional protocol
that is supported adds another level of constraints and complexity.
Содержание 345646-001 - StorageWorks NAS 2000s External Storage Server
Страница 16: ...About this Guide 16 NAS 2000s Administration Guide ...
Страница 56: ...Storage Management Overview 56 NAS 2000s Administration Guide ...
Страница 80: ...Disk Management 80 NAS 2000s Administration Guide ...
Страница 93: ...Shadow Copies 93 NAS 2000s Administration Guide Figure 46 Accessing shadow copies from My Computer ...
Страница 110: ...User and Group Management 110 NAS 2000s Administration Guide ...
Страница 146: ...Folder Printer and Share Management 146 NAS 2000s Administration Guide ...
Страница 151: ...Microsoft Services for NFS 151 NAS 2000s Administration Guide Figure 83 Server for NFS screen Server Settings tab ...
Страница 186: ...NetWare File System Management 186 NAS 2000s Administration Guide ...
Страница 200: ...Index 200 NAS 2000s Administration Guide ...