HP CIFS Server 3.0f Administrator's Guide verison A.02.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software

UNIX Owning Group Translation in NT ACL

The

owning group

on a UNIX file system is represented on the Windows NT client with the

take ownership

(O) permission. While the meaning of the

take ownership

permission on NT doesn't exactly match the

meaning of an owning group on the UNIX file system, this permission is still translated into the

take

ownership

permission.

This representation becomes even more significant when translating VxFS POSIX ACLs, as there can be many

groups with different permissions on an individual file in this file system. Without this permission type, you

would not be able to tell the owning group entry from other group entries.

For example, if an owning group named

sales

on the UNIX file system has.

read

and

execute

(r-x) permissions

on a file, the Windows NT client will display the permissions for group

sales

as:

Special Access

(RXO)

UNIX Other Permission Translation in NT ACL

In UNIX, the other permission entry represents permissions for any user or group that is not the

owner

, and

doesn't belong to the

owning group

. This entry maps to the

everyone

access control entry on the Windows

NT client.

NT Directory and File Permission Translations

Windows NT clients display two sets of permissions for directory entries:

directory

permissions and

file

permissions. Directory Permissions are the permissions for the directory itself. File Permissions are the

permissions inherited by the files and subdirectories created in the directory. Samba translates UNIX

permissions for a directory into Windows NT directory permissions and vice versa. Windows NT

file

permissions

are not supported when the translation is to/from UNIX permissions.

file permissions

, however, are supported with VxFS POSIX ACLs (as described in the next section).

Setting UNIX Permissions from Windows NT

With one exception, reversing the UNIX to NT translations described above will always work. You cannot,

however, change the

owner

owning group

by adding

Special Access(DPO)

Special Access(O

) to a

user or group from the client.

All NT permissions, except read, write and execute, are disregarded when applied to files on the Samba

server. These include delete (D), change permissions (P) and take ownership (O).

The table below shows how NT access types map to UNIX permissions:

Table 3-2 NT Access Type Maps to UNIX Permission

UNIX PermissionNT access type

r--Special Access(R)

-w-Special Access(W)

--xSpecial Access(X)

rw-Special Access(RW)

r-xRead(RX)

-wxSpecial Access(WX)

rwxSpecial Access(RWX)

r--Special Access

When mapping to UNIX file permissions from NT, you will not be able to add new NT ACL entries because

only the

owner

owning group

and

other

ACL entries are supported by UNIX permissions. UNIX ignores

unrecognized entries. Conversely, you cannot delete any of the three entries listed above as these entries

are required by UNIX.

Pre-defined NT Permissions

The Windows NT Explorer ACL interface allows you to choose predefined permissions like

Change

and

Full

Control

in addition to creating custom Special Access permissions.

42 Managing HP-UX File Access Permissions from Windows NT/XP/2000