Home » Adaptec Manuals » Network Storage Servers » Adaptec 5325301656 » Manual Viewer

Adaptec 5325301656 Administration Guide - Page 95

File and Directory Permissions, Share Level Permissions, Where to Place Shares

UPC - 753253016563

Add to My Manuals
Save this manual to your list of manuals

Page 95 highlights

Configuring Share and Folder Security Overview File and Directory Permissions GuardianOS supports two "personalities" of file system security on files and directories: • UNIX: Traditional UNIX permissions (rwx) for owner, group owner, and other. • Windows ACLs: Windows NTFS-style file system permissions. Introduced in GuardianOS 5.0, Windows ACLs fully support the semantics of NTFS ACLs, including configuration, enforcement, and inheritance models (not including the behaviour of some built-in Windows users and groups). The security personality of a file or directory is dependent on the security model of the SnapTree or Volume in which the file or directory exists (see "SnapTrees and Security Models" on page 84). Note Files and directories created pre-GuardianOS 5.0 will continue to have the same permissions they had before, and will continue to be enforced as they were. This includes both UNIX permissions and POSIX ACLs. When a Windows user changes permissions on a file or directory created pre-GuardianOS 5.0 with a POSIX ACL, the file will be updated to the new Windows security personality. Share Level Permissions Share-level permissions on GuardianOS are applied cumulatively. For example, if the user "j_doe" has Read-Only share access and belongs to the group "sales", which has Read/Write share access, the result is that the user "j_doe" will have Read/Write share access. Note Share-level permissions only apply to non-NFS protocols. NFS access is configured independently by navigating to the Security > Shares page, selecting a share, and clicking the NFS Access button. Where to Place Shares For security and backup purposes, it is recommended that administrators restrict access to shares at the root of a volume to administrators only. All Snap Servers are shipped with a default share named SHARE1 that points to the root of the default volume vol0. The share to the root of the volume should only be used by administrators as a "door" into the rest of the directory structure so that, in the event that permissions on a child directory are inadvertently altered to disallow administrative access, access from the root share is not affected. This also allows one root share to be targeted when performing backups of the server. If it is necessary to have the root of the volume accessible, using the Hidden option helps ensure only those that need access to that share can access it. Chapter 6 Share and File Access 81

Section	Page
Contents	7
Administrative Overview	15
GuardianOS Specifications	16
What’s New in GuardianOS	19
Snap Server Manager	23
Connecting to the Server for the First Time	26
Using the Initial Setup Wizard	28
Determining Capacity	29
Scheduling Data Protection Tasks	30
Migrating Data from Legacy Servers to the Snap Server	30
Configuring the Snap Server as a Print Server	31
Configuring an APC-Brand UPS	31
SnapExtensions	31
Network Access to the Server	33
Viewing Current Network Settings	34
TCP/IP Options	35
Configuring TCP/IP Settings	37
Default Network Protocol Settings	39
Windows Networking Configuration	40
Support for Windows Networking (SMB)	40
Support for Windows Network Authentication	41
NFS Access	44
Apple Networking Configuration	45
FTP Access	47
HTTP/HTTPS Access (Web View)	47
DHCP Server	48
Print Server	48
User & Group Management	51
Default User and Group Settings	52
UID and GID Assignments	52
Local Users and Groups	53
NIS Domain	54
Storage Configuration and Expansion	55
Default Storage Configuration	56
Changing the Default Storage Configuration	56
RAIDs	57
RAID Groups	59
Volumes	61
Quotas	63
Setting User Quotas	64
Data Migration	64
Preserving Permissions	65
Expansion Arrays	66
The SANbloc S50	66
Managing Expansion Array Storage	67
Disks and Units	69
Replacing Disk Drives on a RAID	69
Adding Disk Drives to a RAID	70
Hot Swapping Disk Drives	70
iSCSI Disks	77
Configuring iSCSI Initiators	78
iSCSI Configuration for Microsoft Windows using MS Initiator	79
Configuring the QLogic QLA4010 and QLA4050 iSCSI Initiators for Microsoft Windows	84
iSCSI Configuration for Linux and UNIX	84
iSCSI Configuration for Novell NetWare	86
iSCSI Configuration for VMware	86
iSCSI Configuration on the Snap Server	87
Creating iSCSI Disks	90
Share and File Access	93
Configuring Share and Folder Security Overview	94
Components and Options	96
SnapTrees and Security Models	98
ID Mapping	100
Creating Shares	101
Configuring Share Access	102
Share Access Behaviors	102
Setting Share Access Permissions	103
Creating Home Directories	104
Windows ACLs	104
Setting File and Directory Access Permissions and Inheritance (Windows)	105
Security Guides	106
Snapshots	109
Snapshot Management and Usage	110
Estimating Snapshot Pool Requirements	111
Adjusting Snapshot Pool Size	112
Accessing Snapshots	112
Coordinating Snapshot and Backup Operations	113
Disaster Recovery	115
Backing Up Server and Volume Settings	115
Backing Up the NetVault Database Directory	118
Recovering the NetVault Database	119
Disaster Recovery Procedural Overview	121
CA eTrust Antivirus Software	123
Antivirus Dependencies	124
Launching the CA eTrust Antivirus GUI	125
The Local Scanner View	126
Scan Job Configuration and Scheduling	127
Defining Scan Jobs	127
Running a Manual Scan Job	128
Scheduling a Scan Job	128
Signature Updates	129
Updating Snap Servers that have Internet Access	130
Updating a Snap Server that does not have Internet Access	131
Distributing Updates from One Server to Another	131
Verifying Download Events	133
Alert Options	134
The Move Directory	134
Log View	135
Unicode	137
What is Unicode?	137
Converting to Unicode	137
Unicode and Protocol Interaction	139
How Snapshots Interact with Unicode	141
Backing Up Unicode Servers	141
Unicode and Expansion Arrays	143
Backup and Replication Solutions	145
Integrated Backup Solutions for the Snap Server	146
BakBone Netvault	146
Snap Enterprise Data Replicator (Snap EDR)	147
Off-the-Shelf Backup Solutions for the Snap Server	149
Preparing to Install a Backup Solution	149
Preinstallation Tasks	150
Installing the CA BrightStor ARCserve Agent	151
Installing the Symantec Backup Exec RALUS Agent	154
Installing the Symantec NetBackup v6.5 Client	157
Installing the EMC Legato NetWorker Client	159
Command Line Interface	165
SnapCLI Syntax	165
Scripts in SnapCLI	168
Troubleshooting Snap Servers	173
The Meaning of LED Indicators	174
Snap Server 110/210 Status and Drive Light Behavior	174
Snap Server 410 Status and Drive Light Behavior	176
Snap Server 500 Series/600 Series Status and Drive Light Behavior	177
Snap Server 4200/4500 Status and Drive Light Behavior	180
Snap Server 18000 Status and Drive Light Behavior	182
SANbloc S50 Enclosure, Disk Drive, APC Module, and Controller Behavior	185
Snap Disk 10 Disk Drive and Power Supply Module LEDs	188
Snap Disk 30SA Disk Drive and Power/Fan Module Behavior	189
System Reset Options	192
Resetting the Snap Server to Factory Defaults	192
Performing System Resets Without Network Access	193
Networking Issues	194
Miscellaneous Issues	198
Phone Home Support	200
GuardianOS Ports	201
Glossary	207

Match case Limit results 1 per page

Configuring Share and Folder Security Overview

Chapter 6

Share and File Access

File and Directory Permissions

GuardianOS supports two “personalities” of file system security on files and

directories:

•

UNIX: Traditional

UNIX permissions (rwx) for owner, group owner, and other.

•

Windows ACLs: Windows NTFS-style file system permissions. Introduced in

GuardianOS 5.0, Windows ACLs fully support the semantics of NTFS ACLs,

including configuration, enforcement, and inheritance models (not including the

behaviour of some built-in Windows users and groups).

The security personality of a file or directory is dependent on the security model of

the SnapTree or Volume in which the file or directory exists (see “SnapTrees and

Security Models” on page 84).

Note

Files and directories created pre-GuardianOS 5.0 will continue to have the

same permissions they had before, and will continue to be enforced as they were.

This includes both UNIX permissions and POSIX ACLs. When a Windows user

changes permissions on a file or directory created pre-GuardianOS 5.0 with a POSIX

ACL, the file will be updated to the new Windows security personality.

Share Level Permissions

Share-level permissions on GuardianOS are applied cumulatively. For example, if

the user “j_doe” has Read-Only share access and belongs to the group “sales”,

which has Read/Write share access, the result is that the user “j_doe” will have

Read/Write share access.

Note

Share-level permissions only apply to non-NFS protocols. NFS access is

configured independently by navigating to the

Security > Shares

page, selecting a

share, and clicking the

NFS Access

button.

Where to Place Shares

For security and backup purposes, it is recommended that administrators restrict

access to shares at the root of a volume to administrators only. All Snap Servers are

shipped with a default share named

SHARE1

that points to the root of the default

volume

vol0

. The share to the root of the volume should only be used by

administrators as a “door” into the rest of the directory structure so that, in the

event that permissions on a child directory are inadvertently altered to disallow

administrative access, access from the root share is not affected. This also allows one

root share to be targeted when performing backups of the server. If it is necessary to

have the root of the volume accessible, using the Hidden option helps ensure only

those that need access to that share can access it.