HP CIFS Server 3.0f Administrator's Guide verison A.02.03
The VxFS POSIX ACL File Permissions
VxFS POSIX ACLs are a superset of UNIX file permissions. VxFS POSIX ACLs extend the concept of UNIX
file permissions in three ways.
• VxFS POSIX ACLs allow for more entries than the basic owner, group and other UNIX file permissions.
• VxFS POSIX ACLs support default Access Control Entry (ACE) for directory permissions. This means that
any files created in that directory will automatically inherit the default ACEs of the parent directory. It
adds an inheritance permission type to directory permissions.
• A special ACE called the
class
ACE is used. The role of the class
ACE
is to limit the other ACEs. The
base UNIX permissions are not affected.
For example, if the
class ACE
for a file is set to read (
r--
), then even when ACEs grant some users and
groups
write
and
execute
access,
write
and
execute
access will not be given to them. The
class ACE
acts as a mask that filters out the permissions of non-class ACEs. If the
class ACE
was set to (
---
) or no
access, other ACEs might exist, but they would not change the effective permissions.
VxFS POSIX ACLs translated to NT ACLs
The extra features of VxFS POSIX ACLs affect the translations to and from NT ACLs in the following ways:
• The extra
VxFS POSIX ACEs
show up as
NT ACEs
on the Windows NT client. The permission mode
translates like a UNIX permission mode. With this feature you can also add new user and group entries
from the Windows NT client. The limitations to this feature will be discussed in the next section.
• The
default ACEs
that are supported for inheritance by directories are translated into
file permissions
for a directory on NT. The file permissions displayed on the Windows NT client represent the
default
ACEs
on the UNIX file system of the Samba server. If the file permissions are set on a directory on the
NT client, equivalent
default ACEs
are set on the directory on the UNIX file system.
• The
class ACE
used to limit the other ACEs is ignored. It is not displayed on the Windows NT client
and there is no way to set it from the NT client. It would be difficult to support on the client side, as
Windows NT has nothing similar to a
class ACE
.
Using the NT Explorer GUI to Create ACLs
Use the Windows NT Explorer GUI to set new ACLs.
This section describes how to add new entries to the ACE list:
• Click the add button in the File/Directory Permissions dialog box of the Windows NT GUI to bring up
the Add Users and Groups dialog box.
Figure 3-3 Windows NT Explorer File Permissions
44 Managing HP-UX File Access Permissions from Windows NT/XP/2000