Manualshelf

HP CIFS Server 3.0i Administrator's Guide version A.02.03.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
31323334353637383940
3 Managing HP-UX File Access Permissions from Windows
NT/XP/2000
Introduction
This chapter describes how to use Windows NT, XP and 2000 clients to view and change standard
UNIX file permissions and VxFS POSIX Access Control Lists (ACL) on a HP CIFS server. A new
configuration option, acl_schemes, is also introduced.
UNIX File Permissions and POSIX ACLs
The HP CIFS Server enables the manipulation of UNIX file permissions or VxFS POSIX ACLs
from Windows NT, XP or Windows 2000 clients. With this capability most management of UNIX
file permissions or POSIX ACLs can be done from the familiar Windows Explorer interface.
NOTE: Although concepts of file ACLs are similar across the Windows and HP-UX platforms,
there are sufficient differences in functionality that one cannot substitute UNIX ACLs for Windows
ACLs (i.e. full emulation is not provided). For example, a Windows application that changes the
ACL data of a file may behave unexpectedly if that file resides on a HP CIFS Server.
Viewing UNIX Permissions From Windows NT
As a result of the ACL data differences in NT and UNIX file permissions and VxFS POSIX, Samba
must map data from UNIX to NT and NT to UNIX.
The table below shows how UNIX file permissions translate to Windows NT ACL access types:
Table 3-1 UNIX File Permission Maps Windows NT ACL
NT access typeUNIX Permission
Special Access(R)r--
Special Access(W)-w-
Special Access(X)--x
Special Access(RW)rw-
Read(RX)r-x
Special Access(WX)-wx
Special Access(RWX)rwx
Special Accessr--
In addition to the permission modes shown above, UNIX file permissions also distinguish between
the file owner, the owning group of the file, and other (all other users and group).
UNIX File Owner Translation in NT ACL
A UNIX file system owner has additional permissions that others users do not have. For example,
the owner can give away his ownership of the file, delete the file, rename the file, or change the
permission mode on the file. These capabilities are similar to the delete (D), change permissions
(P) and take ownership (O) permissions on the Windows NT client. Samba adds the DPO
permissions to represent UNIX file ownership in the Windows NT explorer interface.
For example, if a file on the UNIX file system is owned by UNIX user john and john has read and
write (rw-) permissions on that file, the Windows NT client will display the same permissions
for user john as:
Introduction 39