beautypg.com

Share-level security – HP NetStorage 6000 User Manual

Page 100

background image

Securing Data
HP NetStorage 6000 Security in an NT-only Environment

8-5

Share-Level Security

Share-level security is the simplest CIFS security mode to use, but offers
the least security. In this mode, each share is protected by a password.
When the server administrator defines a new share, a password is specified
to protect the share from unauthorized access. When a user first accesses
the share they are prompted for the password. Once the password is entered
and verified, then the user has full access to all files on the share. Share-
Level security is the default security mode for Windows for Workgroups
and Windows 95.

Share-Level security may be implemented to allow both Read/Write
access, as well as Read Only access to shares. Each share may be protected
by a Read/Write password and a Read Only password. The access allowed
on the share (Read/Write or Read Only) is dictated by the password entered
by the user.

By default, the NetStorage 6000 accepts encrypted passwords for
verification. In these cases, Windows NT (also known as NT LM 0.12)
password encryption is used. The NetStorage 6000 also accepts plaintext
passwords from older clients, for backward compatibility.

Since the native file system on the NetStorage 6000 is UNIX based, all files
must have a UID and GID associated with them. However, since Share-
Level security does not support the concept of users or groups, a single UID
and GID is assigned to each share, such that all files created in the share
from Windows clients are assigned the UID and GID of the share. When
shares are managed through the web based administration tool, shares are
automatically assigned a UID and GID of zero (UID = 0, GID = 0). For
administrators with special needs, the default UID and GID of zero may be
changed for a given share. The telnet interface of the NetStorage 6000
allows the user to specify the UID and the GID to be used for a particular
share. In this case, ALL directories and files created in the share are
assigned the UID and GID specified by the administrator.

Since Share-Level security allows the user full access to all files regardless
of the UNIX permission settings, it is up to the administrator to ensure that
the Windows shares are created in such places so as not to expose sensitive
system files, or the resources of other UNIX users.

See also other documents in the category HP Storage: