HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
For example, if a file on the UNIX file system is owned by UNIX user john and john has read and
write (rw-) permissions on that file, the Windows client will display the same permissions for user
john as:
Special Access(RWDPO)
You can also display the UNIX owner in the Windows Explorer interface. If you are in the File
Properties dialog box with the Security tab selected and you press the Ownership button, the
owning UNIX user's name will be displayed.
UNIX owning group translation in Windows ACL
The owning group on a UNIX file system is represented on the Windows client with the take
ownership (O) permission. While the meaning of the take ownership permission on Windows
doesn't exactly match the meaning of an owning group on the UNIX file system, this permission
is still translated into the take ownership permission.
This representation becomes even more significant when translating VxFS POSIX ACLs, as there
can be many groups with different permissions on an individual file in this file system. Without this
permission type, you would not be able to tell the owning group entry from other group entries.
For example, if an owning group named sales on the UNIX file system has read and execute (r-x)
permissions on a file, the Windows client will display the permissions for group sales as:
Special Access(RXO)
UNIX other permission translation in Windows ACL
In UNIX, the other permission entry represents permissions for any user or group that is not the
owner, and doesn't belong to the owning group. This entry maps to the everyone access control
entry on the Windows client.
Windows directory and file permission translations
Windows clients display two sets of permissions for directory entries: directory permissions and
file permissions. Directory Permissions are the permissions for the directory itself. File Permissions
are the permissions inherited by the files and subdirectories created in the directory. Samba
translates UNIX permissions for a directory into Windows directory permissions and vice versa.
Windows file permissions are not supported when the translation is to/from UNIX permissions.
Windows file permissions, however, are supported with VxFS POSIX ACLs (as described in the
next section).
Setting UNIX permissions from Windows
With one exception, reversing the UNIX to Windows translations described above will always
work. You cannot, however, change the owner or owning group by adding Special Access(DPO)
or Special Access(O) to a user or group from the client.
All Windows permissions, except read, write and execute, are disregarded when applied to files
on the Samba server. These include delete (D), change permissions (P) and take ownership (O).
The table below shows how Windows access types map to UNIX permissions:
Table 6 Windows access type maps to UNIX permission
UNIX permissionWindows access type
r--Special Access(R)
-w-Special Access(W)
--xSpecial Access(X)
rw-Special Access(RW)
r-xRead(RX)
34 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7