Sun Microsystems 5310 NAS Server User Manual


 
Chapter 2 NAS Head 2-53
Primary Group: The group name or SID of the group owner.
Discretionary Access Control List (DACL):A list of users who have access to the
file, by SID.
A SID is a number that uniquely identifies a user or group. The data to the right of
the final dash identifies the user within the domain; the rest of the number indicates
domain and type of account information. This user information is known as the RID
(relative ID). The RID is the number used for user mapping. It can be cross-
referenced with the StorEdge user or group mapping data determine the user/group
name and NFS UID/GID.
From there, it is simply a matter of assigning appropriate rights to the user
attempting to access the directory. Set security as desired using a Windows Domain
Admin account.
Can’t set Windows security at the root of a volume or at the base of
a share.
Windows security is set by right clicking on an object, and then selecting the security
tab. If you wish to do this for the root of a volume, first map a drive to the share,
then right click on the mapped drive within “My Computer”. You will then be able
to access the security tab as normal.
Cannot see the security tab from Windows clients.
Current versions of Windows do not display the security tab unless you have the
right to view or change security.
File and directory security can be checked at the StorEdge CLI.
1. To access the StorEdge CLI, connect to the StorEdge via Telnet, and type “admin”
at the [menu] prompt and enter the administrator password.
2. At the CLI, enter “cacls <path>”. The path must include the volume name. If the
path includes spaces, enclose the argument in double quotes, as in cacls “/vol1/my
directory/my file”.
Cacls output contains the following information:
First, the basic mode information and UID/GID of the owner is displayed. Here is
an example:
drwxrw---- 34 22 /vol1/data
In this case, we can see that the item is a directory, with 750 permissions:
Read/write/execute (7) for the owner (UID 34), Read/write for members of the
owner’s group (GID 22), and no permissions (0) for everyone else.