Manualshelf

6.3 HP StoreAll Storage File System User Guide (TA768-96093, June 2013)

ManualsBrandsHP ManualsStorageHP X9320 IB 21.6TB Network Storage System
919293949596979899100
SMB shadow copy support. StoreAll software does not have any control over the behavior of other
clients.
NOTE: HP recommends that the share root is not at the same level as the file system root, and is
instead a subdirectory of the file system root. This configuration reduces access and other
permissions-related issues, as there are many system files (such as lost+found, quota subsystem
files, and so on) at the root of the file system.
SMB shadow copy restore during node failover
If a node fails over while an SMB shadow copy restore is in progress, the user may see a disruption
in the restore operation.
After the failover is complete, the user must skip the file that could not be accessed. The restore
operation then proceeds. The file will not be restored and can be manually copied later, or the
user can cancel the restore operation and then restart it.
Permissions in a cross-protocol SMB environment
The manner in which the SMB server handles permissions affects the use of files by both Windows
and Linux clients. Following are some considerations.
How the SMB server handles UIDs and GIDs
The SMB server provides a true Windows experience for Windows users. Consequently, it must
be closely aligned with Windows in the way it handles permissions and ownership on files.
Windows uses ACLs to control permissions on files. The SMB server puts a bit-for-bit copy of the
ACLs on the Linux server (in the files on the StoreAll file system), and validates file access through
these permissions.
ACLs are tied to Security Identifiers (SIDs) that uniquely identify users in the Windows environment,
and which are also stored on the file in the Linux server as a part of the ACLs. SIDs are obtained
from the authenticating authority for the Windows client (in StoreAll software, an Active Directory
server). However, Linux does not understand Windows-style SIDs; instead, it has its own permissions
control scheme based on UID/GID and permissions bits (mode bits, sticky bits). Since this is the
native permissions scheme for Linux, the SMB server must make use of it to access files on behalf
of a Windows client; it does this by mapping the SID to a UID/GID and impersonating that UID/GID
when accessing files on the Linux file system.
From a Windows standpoint, all of the security for the StoreAll software-resident files is self-consistent;
Windows clients understand ACLs and SIDs, and understand how they work together to control
100 Using SMB