User's Guide

Securing Data

HP NetStorage 6000 Security in a UNIX-only Environment

8-3

The /etc Directory

It is necessary to maintain a number of system files on the NetStorage 6000

in an accessible place for administrative purposes. Some of the more

common files found in this directory are:

All of these files are stored in the /etc directory on the first volume

created on the system. The files in the /etc directory are for system

management purposes and cannot be deleted. If the volume that stores the

/etc directory is ever deleted, then the system moves the contents of this

directory to another available volume.

Most of the files in the /etc directory may be edited through the web

based user interface, or the telnet interface of the HP NetStorage 6000. In

some cases, it is necessary to edit these files directly using a text editor. By

default, all files in the /etc directory are owned by the root user, and may

only be edited by the root user. Therefore, the only way to edit these files

directly (using a text editor) is to mount the file system as the root user from

a Trusted Host. See “Trusted Hosts” on page 8-2.

The /etc/approve File

Since the NetStorage 6000 does not support the /etc/exports file,

support has been added for a file named /etc/approve. This file can

be used to restrict NFS access to particular clients on the network.

In order to restrict individual clients and groups of clients to specific

resources on the NetStorage server, the /etc/approve file must be

edited. The file may be edited manually, or from the web based user

interface, under the Host Access section of the Storage tab. Entries in the

/etc/approve file have four fields. These fields are defined as follows:

Filename Description

hosts Resolves host names

hostgrps Defines groups of host computers

approve Restricts host access

users.map Maps Windows user accounts to UNIX user accounts

group.map Maps Windows group accounts to UNIX group accounts