Manualshelf

White Paper - File Sharing Security

ManualsBrandsHP ManualsStorageHP NetStorage 6000
12345678910
Copyright © 2000 Hewlett-Packard Company Page 8 of 28
All Rights Reserved
host pattern This field has the name of a host or group of hosts that have access rights. Host names must be
resolvable through the local /etc/hosts file, the NIS hosts file, or through DNS. Groups of
hosts are specified in the /etc/hostgrps file. If the host pattern is the name of a group, then it
must be preceded by the @ symbol. The wildcard character ( * ) may be used to specify all
hosts.
rights This field specifies the access limits to apply. The entry in this field can be one of the following:
access=rw Allow read and write access to the resources
access=ro Allow read only access to the resources
access=none Deny all access to the resource
Following is a list of example entries in the /etc/approve file:
#class specifier host pattern rights
files /acct/usr @executive access=rw
files /acct/etc it1 access=rw
files /acct/etc it2 access=rw
files / @untrusted access=none
files /acct/usr/theList.txt guest access=ro
The first entry allows read/write access to all client systems defined in the ‘executive’ group (listed in the
/etc/hostgrps file) to all files and directories under the /acct/usr directory. The second and third entry allows
read/write access to the machines ‘it1’ and ‘it2’ to all files and directories in the /acct/etc directory. The fourth
entry denies all access on all file systems to any machine in the ‘untrusted’ group. The last entry grants specific
read only access to a single file for any user on the ‘guest’ machine.
Note that the file is searched sequentially for a match. Once an entry is found that matches the host and the
resource to restrict, then all other entries are ignored.
3 Security on Windows Networks
3.1 General Overview
Two distinct mechanisms are used on Windows networks to provide security for resources. They are known as
“Share Level Security” and “User Level Security”.
The simplest and least secure mechanism is known as Share Level Security. This security mode allows each
network share to be protected with a password. Although the mechanism is very limited, it is useful on small
networks that utilize peer-to-peer networking. Share Level Security is the default security mode of Windows for
Workgroups, Windows 95 and Windows 98.
User Level Security is more complex to implement, but is easier for the end user, and more flexible in terms of
what can be protected and how. In this mode, each user is provided a logon account, and must be
authenticated on that account before gaining access to resources on a computer. This security mode is most
appropriate in client-server based networks. User Level Security is the default security mode of Windows NT and
Windows 2000.