Manualshelf

HP ProLiant Storage Server User Guide (440584-003, September 2007)

ManualsBrandsHP ManualsStorageHP ProLiant DL380 G5 1.8TB SAS Storage Server
61626364656667686970
creating too many shares also has its drawbacks. For example, if it is sufcient to create a single share
for user home directories, create a “homes share rather than creating separate shares for each user.
By keeping the number of shares and other resources low, the performance of the storage server is
optimized. For example, instead of sharing out each individual user's home directory as its own share,
share out the top-level directory and let the users map personal drives to their own subdirectory.
Dening Access Control Lists
TheAccessControlList(ACL)containstheinformationthatdictateswhichusersandgroupshaveaccess
to a share, as well as the type of access that is permitted. Each share on an NTFS le system has one
ACL with multiple associated user permissions. For example, an ACL can dene that User1 has re ad
and write acc
ess to a share, User2 h as read only access, and User3 has no access to the share. The
ACL also includes group access information that applies to every user in a congured group. ACLs are
also referred to as permissions.
Integrating local le system security into Windows domain environments
ACLs include properties specic to users and groups from a particular workgroup server or domain
environment. In a multidomain environment, user and group permissions from several domains can apply
to les stored on the same device. Users and groups local to the storage server can be given access
permissions to shares managed by the device. The domain name of the storage server supplies the
context in which the user or group is understood. Permission conguration depends on the network a nd
domain infrastructure where the server resides.
File-sharing protocols (except NFS) supply a user and group context for all connections over the net work.
(NFS supplies a machine-based context.) When new les are created by those users or machines, the
appropriate ACLs are applied.
Conguration tools provide the ability to share permissions o ut to clients. These shared permissions are
propagated into a le system ACL, and when new les are created over the network, the user creating the
le becomes the le owner. In cases where a specic subdire ctory of a share has different permissions
from the share itself, the N TFS permissions on the subdirectory apply instead. This method results in a
hierarchical security model where the net work protocol permissions and the le permissions work together
to provide appropriate security for shares on the device.
NOTE:
Share permissions and le-level permissions are implemented separately. It is possible for les on a
le system to have different permissions from those applied to a share. When this situation occurs, the
le-level permissions override the share permissions.
Comparing administrative (hidden) and standard shares
CIFS supports both administrative shares a nd standard shares.
Administrative shares are shares with a last character of $. Administrative shares are not included
in the list of shares when a client browses for available shares on a CIFS server.
Standard s hares are shares that do not end in a $ character. Standard shares are listed whenever
a CIF S client browses for available shares on a CIF S server.
The stora ge server supports both administrative and standard CIFS shares. To create an administrative
share, end the share name with the $ character when setting up the share. Do not type a $ character at
the end of the share name when creating a standard share.
Managing shares
Shares can be managed using the HP Storage Server M anag em ent Console. Tasks include:
Creating a new share
Deleting a share
66
File server management