HP CIFS Server 3.0i Administrator's Guide version A.02.03.03
administrator and admin to the UNIX user name root. The mapping can be either one-to-one
or many-to-one.
Samba supports the creation of ACEs with NT user names that are mapped to UNIX user
names.
To continue the example above, you could create an ACE for the administrator user on the
NT client and, on the Samba server, the ACE would be created for the root user. The client
will display the corresponding ACE as being for the root user, not the administrator user.
If you add an ACE for one user name, like administrator and then display the list of ACEs
and see a new ACE for a different user name (root), it maybe confusing. As many NT user
names can be mapped to one UNIX user name, Samba only displays the one UNIX user
name. It cannot display the NT name that was mapped to the UNIX user name.
You also have to be careful not to create multiple conflicting ACEs for one UNIX user. For
example, in the NT GUI you might add an ACE for the user administrator, admin and root. But
when you apply these changes, Samba maps administrator and admin to the UNIX user root and
the result is that Samba tries to add three different ACEs, all for the user root, to one file. That is
not valid and Samba ignores two of the three ACEs.
Selecting Names From the Samba Name List
The NT user names mapped to UNIX users will also be displayed when you press the Show Users
button in the Add Users and Groups dialog box. Every valid name that you add to an ACE is in
the name list on the Samba server (after you hit the Show Users button). You do not need to type
in names or select names from the NT domain list. If, however, you pick a name from the NT
domain list and it happens to be a UNIX user name on the Samba server, it will be added. This
also applies to names that have a user name mapping in Samba.
There is another reason HP recommends selecting names from the Samba server's list of names
instead of typing names in manually. There might be a UNIX group and a UNIX user with the
same name. If you select a name from the list, Samba knows whether you mean the user or the
group. If you type the name in, there is no way for you to specify the user or the group and
Samba may add the ACE for a user when you meant the UNIX group with the same name.
POSIX ACLs and Windows 2000/XP Clients
The HP CIFS Server A.01.07, and subsequent versions, allow Windows 2000/XP clients to view
and set POSIX ACL permissions. The information in this section assumes you are familiar with
Windows 2000/XP permissions. The purpose of this section is to explain how the HP CIFS Server
interprets Windows 2000/XP permissions, and how Windows 2000/XP clients interpret and
display HP-UX permissions.
Windows 2000/XP clients interact with POSIX ACLs similar to Windows NT clients, except for
the minor differences covered in the following sections. Learn more about ACLs and Windows
2000/XP clients in the folowing sections in this chapter. You can also learn more about POSIX
ACLs with man aclv.
Viewing UNIX Permissions from Windows 2000/XP Clients
The following table shows how the UNIX permissions on the HP CIFS Server are mapped to
permissions on Windows 2000/XP clients' Basic and Advanced ACL views:
Table 3-4 UNIX Permission Maps Windows 2000/XP Client Permissions
Permission Shown on Windows 2000/XP ClientsUNIX Permission
Advanced ViewBasic View
Read Attributes, Read Extended Attributes,
Read Data, Read Permissions
Readr--
POSIX ACLs and Windows 2000/XP Clients 45