Home » Adaptec Manuals » Network Storage Servers » Adaptec 5325301507 » Manual Viewer

Adaptec 5325301507 Administration Guide - Page 113

File and Directory Permissions, Share Level Permissions, Where to Place Shares

UPC - 753253015740

Add to My Manuals
Save this manual to your list of manuals

Page 113 highlights

Configuring Share and Folder Security Overview • Disable individual protocol access to certain shares by navigating to Security > Shares > Create Share > Advanced Share Properties and enabling/ disabling specific protocols, or by selecting a share, clicking to expand Advanced Share Properties, and enabling/disabling specific protocols. File and Directory Permissions GuardianOS supports two "personalities" of file system security on files and directories: • UNIX: Traditional UNIX permissions (rwx) for owner, group owner, and other. • Windows ACLs: Windows NTFS-style file system permissions. Introduced in GuardianOS 5.0, Windows ACLs fully support the semantics of NTFS ACLs, including configuration, enforcement, and inheritance models (not including the behaviour of some built-in Windows users and groups). The security personality of a file or directory is dependent on the security model of the SnapTree or Volume in which the file or directory exists (see "SnapTrees and Security Models" on page 100). Note Files and directories created pre-GuardianOS 5.0 will continue to have the same permissions they had before, and will continue to be enforced as they were. This includes both UNIX permissions and POSIX ACLs. When a Windows user changes permissions on a file or directory created pre-GuardianOS 5.0 with a POSIX ACL, the file will be updated to the new Windows security personality. Share Level Permissions Share-level permissions on GuardianOS are applied cumulatively. For example, if the user "j_doe" has Read-Only share access and belongs to the group "sales", which has Read/Write share access, the result is that the user "j_doe" will have Read/Write share access. Note Share-level permissions only apply to non-NFS protocols. NFS access is configured independently by navigating to the Security > Shares page, selecting from the table the NFS Access level for the share, and modifying the client access as desired. Where to Place Shares For security and backup purposes, it is recommended that administrators restrict access to shares at the root of a volume to administrators only. All SnapServers are shipped with a default share named SHARE1 that points to the root of the default volume vol0. The share to the root of the volume should only be used by administrators as a "door" into the rest of the directory structure so that, in the Chapter 6 Share and File Access 97

Section	Page
Title Page	1
Contents	7
Preface	13
1 - Administrative Overview	17
GuardianOS Specifications	18
What’s New in GuardianOS	22
SnapServer Manager	28
Connecting to the Server for the First Time	30
Using the Initial Setup Wizard	32
Determining Capacity	33
Scheduling Data Protection Tasks	34
Migrating Data from Legacy Servers to the SnapServer	35
Configuring the SnapServer as a Print Server	35
Configuring the SnapServer as a Simple Web Server	35
Configuring an APC-Brand UPS	35
SnapExtensions	36
Wake-on-LAN Support	36
2 - Network Access to the Server	37
Viewing Current Network Settings	38
TCP/IP Options	39
Configuring TCP/IP Settings	41
Default Network Protocol Settings	44
Windows Networking Configuration	45
Support for Windows Networking (SMB)	45
Support for Windows Network Authentication	46
NFS Access	49
Apple Networking Configuration	50
FTP/FTPS Access	52
HTTP/HTTPS Access	53
Web View	54
DHCP Server	55
Print Server	55
3 - User & Group Management	59
Default User and Group Settings	60
UID and GID Assignments	60
Local Users and Groups	61
NIS Domain	63
4 - Storage Configuration and Expansion	65
Default Storage Configuration	66
Changing the Default Storage Configuration	67
RAIDs	67
RAID Groups	70
Volumes	72
Quotas	76
Setting User Quotas	76
Data Migration	77
Preserving Permissions	77
Expansion Arrays	79
SnapServer EXP E2000	79
Snap Expansion S50	80
Managing Expansion Array Storage	81
Integrating Orphan Expansion Units	82
Disks and Units	83
Replacing Disk Drives on a RAID	83
Adding Disk Drives to a RAID	84
Adding New Disk Drives to Increase Capacity	84
Hot Swapping Disk Drives	86
5 - iSCSI Disks	93
Configuring iSCSI Initiators	94
iSCSI Configuration for Microsoft Windows using MS Initiator	95
Configuring the QLogic QLA4010 and QLA4050/52c iSCSI Initiators for Microsoft Windows	100
iSCSI Configuration for Linux and UNIX	101
iSCSI Configuration for Novell NetWare	102
iSCSI Configuration for VMware	102
iSCSI Configuration for Mac	103
iSCSI Configuration on the SnapServer	104
Creating iSCSI Disks	107
Configuring VSS/VDS for iSCSI Disks	109
6 - Share and File Access	111
Configuring Share and Folder Security Overview	112
Components and Options	115
SnapTrees and Security Models	116
ID Mapping	118
Shares	119
Configuring Share Access	121
Share Access Behaviors	121
Setting User-based Share Access Permissions	122
Creating Home Directories	122
Windows ACLs	123
Setting File and Directory Access Permissions and Inheritance (Windows)	124
Security Guides	125
7 - Snapshots	127
Snapshot Management and Usage	128
Estimating Snapshot Pool Requirements	129
Adjusting Snapshot Pool Size	130
Accessing Snapshots	130
Coordinating Snapshot and Backup Operations	131
8 - Disaster Recovery	133
Backing Up Server and Volume Settings	133
Backing Up the NetVault Database Directory	136
Recovering the NetVault Database	137
Disaster Recovery Procedural Overview	139
Cloning a Server	140
9 - CA eTrust Antivirus Software	141
Antivirus Dependencies	142
Launching the CA eTrust Antivirus GUI	143
The Local Scanner View	143
Scan Job Configuration and Scheduling	144
Defining Scan Jobs	144
Running a Manual Scan Job	146
Scheduling a Scan Job	146
Signature Updates	147
Updating SnapServers that have Internet Access	148
Updating a SnapServer that does not have Internet Access	148
Distributing Updates from One Server to Another	149
Verifying Download Events	151
Alert Options	151
The Move Directory	152
Log View	153
10 - Unicode	155
What is Unicode?	155
Converting to Unicode	155
Unicode and Protocol Interaction	157
How Snapshots Interact with Unicode	159
Backing Up Unicode Servers	159
Unicode and Expansion Arrays	161
A - Backup and Replication Solutions	163
Integrated Backup Solutions for the SnapServer	164
BakBone Netvault	164
Snap Enterprise Data Replicator (Snap EDR)	165
Off-the-Shelf Backup Solutions for the SnapServer	167
Preparing to Install a Backup Solution	167
Preinstallation Tasks	168
Installing the CA BrightStor ARCserve Agent	169
Installing the Symantec Backup Exec RALUS Agent	172
Installing the Symantec NetBackup v6.5 Client	175
Installing the EMC Legato NetWorker Client	177
Backup of iSCSI Disks	182
B - Command Line Interface	183
SnapCLI Syntax	183
SnapCLI Commands	186
Scripts in SnapCLI	193
C - Troubleshooting SnapServers	197
The Meaning of LED Indicators	198
SnapServer NAS N2000 and EXP E2000 Status and Drive Light Behavior	198
SnapServer 110/210 Status and Drive Light Behavior	201
SnapServer 410 Status and Drive Light Behavior	202
SnapServer 500/600 Series Status and Drive Light Behavior	204
SnapServer 4200/4500 Status and Drive Light Behavior	207
SnapServer 18000 Status and Drive Light Behavior	209
Snap Expansion S50 Enclosure, Disk Drive, APC Module, and Controller Behavior	212
Snap Disk 10 Disk Drive and Power Supply Module LEDs	214
Snap Disk 30SA Disk Drive and Power/Fan Module Behavior	216
System Reset Options	219
Resetting the SnapServer to Factory Defaults	219
Performing System Resets Without Network Access	220
Networking Issues	221
Miscellaneous Issues	224
Phone Home Support	226
D - GuardianOS Ports	229
Glossary	233

Match case Limit results 1 per page

Configuring Share and Folder Security Overview

Chapter 6

Share and File Access

•

Disable individual protocol access to certain shares by navigating to

Security > Shares > Create Share

> Advanced Share Properties

and enabling/

disabling specific protocols, or by selecting a share, clicking to expand

Advanced

Share Properties

, and enabling/disabling specific protocols.

File and Directory Permissions

GuardianOS supports two “personalities” of file system security on files and

directories:

•

UNIX: Traditional UNIX permissions (rwx) for owner, group owner, and other.

•

Windows ACLs: Windows NTFS-style file system permissions. Introduced in

GuardianOS 5.0, Windows ACLs fully support the semantics of NTFS ACLs,

including configuration, enforcement, and inheritance models (not including the

behaviour of some built-in Windows users and groups).

The security personality of a file or directory is dependent on the security model of

the SnapTree or Volume in which the file or directory exists (see “SnapTrees and

Security Models” on page 100).

Note

Files and directories created pre-GuardianOS 5.0 will continue to have the

same permissions they had before, and will continue to be enforced as they were.

This includes both UNIX permissions and POSIX ACLs. When a Windows user

changes permissions on a file or directory created pre-GuardianOS 5.0 with a POSIX

ACL, the file will be updated to the new Windows security personality.

Share Level Permissions

Share-level permissions on GuardianOS are applied cumulatively. For example, if

the user “j_doe” has Read-Only share access and belongs to the group “sales”,

which has Read/Write share access, the result is that the user “j_doe” will have

Read/Write share access.

Note

Share-level permissions only apply to non-NFS protocols. NFS access is

configured independently by navigating to the

Security > Shares

page, selecting

from the table the NFS Access level for the share, and modifying the client access as

desired.

Where to Place Shares

For security and backup purposes, it is recommended that administrators restrict

access to shares at the root of a volume to administrators only. All SnapServers are

shipped with a default share named

SHARE1

that points to the root of the default

volume

vol0

. The share to the root of the volume should only be used by

administrators as a “door” into the rest of the directory structure so that, in the