Manualshelf

HP CIFS Server Administrator's Guide (5900-1282, April 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Common Internet File System (CIFS) Client/Server Software
31323334353637383940
3 Managing HP-UX File Access Permissions from Windows
NT/XP/2000/Vista/Windows 7
Introduction
This chapter describes how to use Windows NT, Windows 2000, Windows XP, Windows Vista
and Windows 7 clients to view and change standard UNIX file permissions and VxFS POSIX
Access Control Lists (ACL) on a HP CIFS server. A new configuration option, acl_schemes, is also
introduced.
UNIX File Permissions and POSIX ACLs
The HP CIFS Server enables the manipulation of UNIX file permissions or VxFS POSIX ACLs from
Windows NT, Windows 2000, Windows XP, Windows Vista and Windows 7 clients. With this
capability most management of UNIX file permissions or POSIX ACLs can be done from the familiar
Windows Explorer interface.
NOTE: Although concepts of file ACLs are similar across the Windows and HP-UX platforms,
there are sufficient differences in functionality that one cannot substitute UNIX ACLs for Windows
ACLs (i.e. full emulation is not provided). For example, a Windows application that changes the
ACL data of a file may behave unexpectedly if that file resides on a HP CIFS Server.
Viewing UNIX Permissions From Windows
As a result of the ACL data differences in Windows and UNIX file permissions and VxFS POSIX,
Samba must map data from UNIX to Windows and Windows to UNIX.
The table below shows how UNIX file permissions translate to Windows ACL access types:
Table 5 UNIX File Permission Maps Windows ACL
Windows access typeUNIX Permission
Special Access(R)r--
Special Access(W)-w-
Special Access(X)--x
Special Access(RW)rw-
Read(RX)r-x
Special Access(WX)-wx
Special Access(RWX)rwx
Special Accessr--
In addition to the permission modes shown above, UNIX file permissions also distinguish between
the file owner, the owning group of the file, and other (all other users and group).
UNIX File Owner Translation in Windows ACL
A UNIX file system owner has additional permissions that others users do not have. For example,
the owner can give away his ownership of the file, delete the file, rename the file, or change the
permission mode on the file. These capabilities are similar to the delete (D), change permissions
(P) and take ownership (O) permissions on the Windows client. Samba adds the DPO permissions
to represent UNIX file ownership in the Windows explorer interface.
Introduction 33