Adaptec 5325301507 Administration Guide - Page 124

Windows ACLs Windows personality file or directory (or deletes and recreates it), the personality will change to UNIX with the UNIX permissions specified by the client. Note Group membership of NFS clients is established by configuring the local client's user account or the NIS domain. Group membership of SnapServer local users or users ID-mapped to domain users is not observed by NFS clients. Therefore, ACL permissions applied to groups may not apply as expected to NFS clients. Default File and Folder Permissions When a file or directory is created by an SMB client, the owner of the file will be the user who created the file (except for files created by local or domain administrators, in which case the owner will be the "Administrators" group, mapped to the local admingrp), and the ACL will be inherited per the inheritance ACEs on the parent directory's ACL. The owner of a file or directory always implicitly has the ability to change permissions, regardless of the permissions established in the ACL. In addition, members of the SnapServer's local admin group, as well as members of Domain Admins (if the server is configured to belong to a domain) always implicitly have take ownership and change ownership permissions. Setting File and Directory Access Permissions and Inheritance (Windows) Access permissions for files and directories with the Windows security personality are set using standard Windows NT, 2000, 2003, XP, Vista, 2008, or 7 security tools. GuardianOS supports: • All standard generic and advanced access permissions that can be assigned by Windows clients. • All levels of inheritance that can be assigned to an ACE in a directory ACL from a Windows client. • Automatic inheritance from parent directories, as well as the ability to disable automatic inheritance from parents. • Special assignment and inheritance of the CREATOR OWNER, CREATOR GROUP, Users, Authenticated Users, and Administrators built-in users and groups. 108 SnapServer Administrator Guide