HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
3 Managing HP-UX file access permissions from Windows
NT/XP/2000/Vista/Windows 7
Introduction
This chapter describes how to use Windows NT, Windows 2000, Windows XP, Windows Vista
and Windows 7 clients to view and change standard UNIX file permissions and VxFS POSIX
Access Control Lists (ACL) on a HP CIFS server. A new configuration option, acl_schemes, is also
introduced.
UNIX file permissions and POSIX ACLs
The HP CIFS Server enables the manipulation of UNIX file permissions or VxFS POSIX ACLs from
Windows NT, Windows 2000, Windows XP, Windows Vista and Windows 7 clients. With this
capability most management of UNIX file permissions or POSIX ACLs can be done from the familiar
Windows Explorer interface.
NOTE: Although concepts of file ACLs are similar across the Windows and HP-UX platforms,
there are sufficient differences in functionality that one cannot substitute UNIX ACLs for Windows
ACLs (i.e. full emulation is not provided). For example, a Windows application that changes the
ACL data of a file may behave unexpectedly if that file resides on a HP CIFS Server.
Viewing UNIX permissions from Windows
As a result of the ACL data differences in Windows and UNIX file permissions and VxFS POSIX,
Samba must map data from UNIX to Windows and Windows to UNIX.
The table below shows how UNIX file permissions translate to Windows ACL access types:
Table 5 UNIX file permission maps Windows ACL
Windows access typeUNIX Permission
Special Access(R)r--
Special Access(W)-w-
Special Access(X)--x
Special Access(RW)rw-
Read(RX)r-x
Special Access(WX)-wx
Special Access(RWX)rwx
Special Accessr--
In addition to the permission modes shown above, UNIX file permissions also distinguish between
the file owner, the owning group of the file, and other (all other users and group).
UNIX file owner translation in Windows ACL
A UNIX file system owner has additional permissions that others users do not have. For example,
the owner can give away his ownership of the file, delete the file, rename the file, or change the
permission mode on the file. These capabilities are similar to the delete (D), change permissions
(P) and take ownership (O) permissions on the Windows client. Samba adds the DPO permissions
to represent UNIX file ownership in the Windows explorer interface.
Introduction 33