Manualshelf

HP CIFS Server 3.0i Administrator's Guide version A.02.03.03

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
41424344454647484950
Figure 3-2 Windows NT Special Access Permissions
The VxFS POSIX ACL File Permissions
VxFS POSIX ACLs are a superset of UNIX file permissions. VxFS POSIX ACLs extend the concept
of UNIX file permissions in three ways.
VxFS POSIX ACLs allow for more entries than the basic owner, group and other UNIX file
permissions.
VxFS POSIX ACLs support default Access Control Entry (ACE) for directory permissions.
This means that any files created in that directory will automatically inherit the default ACEs
of the parent directory. It adds an inheritance permission type to directory permissions.
A special ACE called the class ACE is used. The role of the class ACE is to limit the other
ACEs. The base UNIX permissions are not affected.
For example, if the class ACE for a file is set to read (r--), then even when ACEs grant some
users and groups write and execute access, write and execute access will not be given to them.
The class ACE acts as a mask that filters out the permissions of non-class ACEs. If the class
ACE was set to (---) or no access, other ACEs might exist, but they would not change the
effective permissions.
VxFS POSIX ACLs translated to NT ACLs
The extra features of VxFS POSIX ACLs affect the translations to and from NT ACLs in the
following ways:
The extra VxFS POSIX ACEs show up as NT ACEs on the Windows NT client. The permission
mode translates like a UNIX permission mode. With this feature you can also add new user
and group entries from the Windows NT client. The limitations to this feature will be
discussed in the next section.
The default ACEs that are supported for inheritance by directories are translated into file
permissions for a directory on NT. The file permissions displayed on the Windows NT client
represent the default ACEs on the UNIX file system of the Samba server. If the file permissions
are set on a directory on the NT client, equivalent default ACEs are set on the directory on
the UNIX file system.
The class ACE used to limit the other ACEs is ignored. It is not displayed on the Windows
NT client and there is no way to set it from the NT client. It would be difficult to support
on the client side, as Windows NT has nothing similar to a class ACE.
Using the NT Explorer GUI to Create ACLs
Use the Windows NT Explorer GUI to set new ACLs.
42 Managing HP-UX File Access Permissions from Windows NT/XP/2000