HP CIFS Server 3.0f Administrator's Guide verison A.02.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

3 Managing HP-UX File Access Permissions from Windows

NT/XP/2000

Introduction

This chapter describes how to use Windows NT, XP and 2000 clients to view and change standard UNIX

file permissions and VxFS POSIX Access Control Lists (ACL) on a HP CIFS server. A new configuration option,

acl_schemes, is also introduced.

UNIX File Permissions and POSIX ACLs

The HP CIFS Server enables the manipulation of UNIX file permissions or VxFS POSIX ACLs from Windows

NT, XP or Windows 2000 clients. With this capability most management of UNIX file permissions or POSIX

ACLs can be done from the familiar Windows Explorer interface.

NOTE: Although concepts of file ACLs are similar across the Windows and HP-UX platforms, there are

sufficient differences in functionality that one cannot substitute UNIX ACLs for Windows ACLs (i.e. full emulation

is not provided). For example, a Windows application that changes the ACL data of a file may behave

unexpectedly if that file resides on a HP CIFS Server.

Viewing UNIX Permissions From Windows NT

As a result of the ACL data differences in NT and UNIX file permissions and VxFS POSIX, Samba must map

data from UNIX to NT and NT to UNIX.

The table below shows how UNIX file permissions translate to Windows NT ACL access types:

Table 3-1 UNIX File Permission Maps Windows NT ACL

NT access typeUNIX Permission

Special Access(R)r--

Special Access(W)-w-

Special Access(X)--x

Special Access(RW)rw-

Read(RX)r-x

Special Access(WX)-wx

Special Access(RWX)rwx

Special Accessr--

In addition to the permission modes shown above, UNIX file permissions also distinguish between the file

owner, the owning group of the file, and other (all other users and group).

UNIX File Owner Translation in NT ACL

A UNIX file system owner has additional permissions that others users do not have. For example, the owner

can give away his ownership of the file, delete the file, rename the file, or change the permission mode on

the file. These capabilities are similar to the delete (D), change permissions (P) and take ownership (O)

permissions on the Windows NT client. Samba adds the

DPO

permissions to represent UNIX file ownership

in the Windows NT explorer interface.

For example, if a file on the UNIX file system is owned by UNIX user

john

and

john

has read and write (rw-)

permissions on that file, the Windows NT client will display the same permissions for user

john

as:

Special Access(RWDPO)

You can also display the UNIX owner in the Windows NT Explorer interface. If you are in the

File Properties

dialog box with the Security tab selected and you press the

Ownership button

, the owning UNIX user's name

will be displayed.

Introduction 41