Manualshelf

HP CIFS Server 3.0b Administrator's Guide version A.02.01.01

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
61626364656667686970
Managing HP-UX File Access Permissions from Windows NT/XP/2000
UNIX File Permissions and POSIX ACLs
Chapter 350
The VxFS POSIX ACL File Permissions
VxFS POSIX ACLs are a superset of UNIX file permissions. VxFS
POSIX ACLs extend the concept of UNIX file permissions in three ways.
VxFS POSIX ACLs allow for more entries than the basic owner,
group and other UNIX file permissions.
VxFS POSIX ACLs support default Access Control Entry (ACE) for
directory permissions. This means that any files created in that
directory will automatically inherit the default ACEs of the parent
directory. It adds an inheritance permission type to directory
permissions.
A special ACE called the class ACE is used. The role of the class ACE
is to limit the other ACEs. The base UNIX permissions are not
affected.
For example, if the class ACE for a file is set to read (r--), then even
when ACEs grant some users and groups write and execute access,
write and execute access will not be given to them. The class ACE acts
as a mask that filters out the permissions of non-class ACEs. If the
class ACE was set to (---) or no access, other ACEs might exist, but
they would not change the effective permissions.
VxFS POSIX ACLs translated to NT ACLs
The extra features of VxFS POSIX ACLs affect the translations to and
from NT ACLs in the following ways:
The extra VxFS POSIX ACEs show up as NT ACEs on the Windows
NT client. The permission mode translates like a UNIX permission
mode. With this feature you can also add new user and group entries
from the Windows NT client. The limitations to this feature will be
discussed in the next section.
The default ACEs that are supported for inheritance by directories
are translated into file permissions for a directory on NT. The file
permissions displayed on the Windows NT client represent the
default ACEs on the UNIX file system of the Samba server. If the file
permissions are set on a directory on the NT client, equivalent
default ACEs are set on the directory on the UNIX file system.
The class ACE used to limit the other ACEs is ignored. It is not
displayed on the Windows NT client and there is no way to set it from
the NT client. It would be difficult to support on the client side, as
Windows NT has nothing similar to a class ACE.