10400455-002
©2008-14 Overland Storage, Inc.
252
SnapScale/RAINcloudOS 4.1 Administrator’s Guide
B - Security and Access
behave just as they would on a Windows server. Clients can use the standard Windows
Explorer interface to set directory and file permissions for local and Windows domain users
and groups on the SnapScale.
Permissions are enforced for the specified users in the same manner for all client protocols,
including non-SMB clients that normally have the Unix security personality. However, if a
non-SMB client changes permissions or ownership on a Windows personality file or directory
(or deletes and recreates it) inside a Windows/Unix security model, the personality will change
to Unix with the Unix permissions specified by the client.
NOTE: Group membership of NFS clients is established by configuring the local client’s user account
or the LDAP or NIS domain. Group membership of RAINcloudOS local users or users ID-
mapped to domain users is not observed by NFS clients. Therefore, ACL permissions applied
to groups may not apply as expected to NFS clients.
Default File and Folder Permissions
When a file or directory is created by an SMB client, the owner of the file is the user who
created the file (except for files created by local or domain administrators, in which case the
owner will be the
Administrators
group, mapped to the local
admingrp
). The ACL is inherited
per the inheritance ACEs on the parent directory’s ACL. The owner of a file or directory
always implicitly has the ability to change permissions, regardless of the permissions
established in the ACL. In addition, members of the SnapScale local admin group, as well as
members of Domain Admins (if the cluster is configured to belong to a domain) always
implicitly have
take ownership
and
change ownership
permissions.
Setting File and Directory Access Permissions and Inheritance (Windows)
Access permissions for files and directories with the Windows security personality are set
using the standard Windows Explorer interface. RAINcloudOS supports:
•
All standard generic and advanced access permissions that can be assigned by Windows
clients.
•
All levels of inheritance that can be assigned to an ACE in a directory ACL from a
Windows client.
•
Automatic inheritance from parent directories, as well as the ability to disable
automatic inheritance from parents.
•
Special assignment and inheritance of the CREATOR OWNER, CREATOR GROUP,
Users, Authenticated Users, and Administrators built-in users and groups.
Procedure to set file and directory access permissions and inheritance in Windows:
1.
Using a Windows client,
map a drive
to the SnapScale cluster, logging in as a user with
change permissions for the target file or directory.
2.
Right-click the file or directory, choose
Properties
and then select the
Security
tab.
3.
Use the
Windows security tools
to add or delete users and groups, to modify their
permissions, and to set inheritance rules.