HP CIFS Server Administrator Guide Version A.03.01.03 (5900-2006, October 2011)
Table Of Contents
- HP CIFS Server Administrator Guide Version A.03.01.03
- Contents
- About this document
- 1 Introduction to the HP CIFS Server
- 2 Installing and configuring HP CIFS Server
- HP CIFS Server requirements and limitations
- Step 1: Installing HP CIFS Server software
- Step 2: Running the configuration script
- Step 3: Modify the configuration
- Step 4: Starting HP CIFS Server
- Other Samba configuration issues
- 3 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7
- Introduction
- UNIX file permissions and POSIX ACLs
- Using the Windows NT Explorer GUI to create ACLs
- Using the Windows Vista Explorer GUI to create ACLs
- POSIX ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- HP CIFS Server Directory ACLs and Windows 2000, Windows XP, Windows Vista, and Windows 7 clients
- In conclusion
- 4 Windows style domains
- Introduction
- Configure HP CIFS Server as a PDC
- Configure HP CIFS Server as a BDC
- Domain member server
- Create the Machine Trust Accounts
- Configure domain users
- Join a Windows client to a Samba domain
- Roaming profiles
- Configuring user logon scripts
- Home drive mapping support
- Trust relationships
- 5 Windows 2003 and Windows 2008 domains
- 6 LDAP integration support
- Overview
- Network environments
- Summary of installing and configuring
- Installing and configuring your Directory Server
- Installing LDAP-UX Client Services on an HP CIFS Server
- Configuring the LDAP-UX Client Services
- Enabling Secure Sockets Layer (SSL)
- Extending the Samba subschema into your Directory Server
- Migrating your data to the Directory Server
- Configuring the HP CIFS Server
- Creating Samba users in directory
- Management tools
- 7 Winbind support
- 8 Kerberos support
- 9 HP CIFS deployment models
- Introduction
- Samba Domain Model
- Windows Domain Model
- Unified Domain Model
- 10 Securing HP CIFS Server
- 11 Configuring HA HP CIFS
- 12 HP-UX configuration for HP CIFS
- 13 Tool reference
- Glossary
- Index
Figure 4 Windows Special Access permissions
VxFS POSIX ACL file permissions
VxFS POSIX ACLs provide additional functionality over default UNIX file permissions. VxFS POSIX
ACLs extend the concept of UNIX file permissions in three ways.
• VxFS POSIX ACLs allow for more entries than the basic owner, group and other UNIX file
permissions.
• VxFS POSIX ACLs support default Access Control Entry (ACE) for directory permissions. This
means that any files created in that directory will automatically inherit the default ACEs of the
parent directory. It adds an inheritance permission type to directory permissions.
• A special ACE called the class ACE is used. The role of the class ACE is to limit the other
ACEs. The base UNIX permissions are not affected.
For example, if the class ACE for a file is set to read (r--), then even when ACEs grant some
users and groups write and execute access, write and execute access will not be given to
them. The class ACE acts as a mask that filters out the permissions of non-class ACEs. If the
class ACE was set to (---) or no access, other ACEs might exist, but they would not change the
effective permissions.
VxFS POSIX ACLs translated to Windows ACLs
The extra features of VxFS POSIX ACLs affect the translations to and from Windows ACLs in the
following ways:
• The extra VxFS POSIX ACEs show up as Windows ACEs on the Windows client. The permission
mode translates like a UNIX permission mode. With this feature you can also add new user
and group entries from the Windows client. The limitations to this feature will be discussed in
the next section.
• The default ACEs that are supported for inheritance by directories are translated into file
permissions for a directory on Windows. The file permissions displayed on the Windows client
represent the default ACEs on the UNIX file system of the Samba server. If the file permissions
are set on a directory on the Windows client, equivalent default ACEs are set on the directory
on the UNIX file system.
• The class ACE used to limit the other ACEs is ignored. It is not displayed on the Windows
client and there is no way to set it from the client. It would be difficult to support on the client
side, as Windows has nothing similar to a class ACE.
36 Managing HP-UX file access permissions from Windows NT/XP/2000/Vista/Windows 7