HP NetStorage 6000 User Manual

Securing Data

HP NetStorage 6000 Security in an NT-only Environment

8-8

This security mechanism protects the object from unauthorized access,
regardless of whether the user attempts to access the object on the local
machine, or over the network from a client system.

The Discretionary Access Control List (DACL), is by far the most common
form of access control list, and is often abbreviated simply as the ACL of
an object. The ACL is what is used to establish a security policy on every
file and directory within a file system. Using this mechanism, users can
restrict access to objects from other users or groups of users.

Although the HP NetStorage 6000 does not use the NTFS file system as it’s
local file system, it does support having NT Security Descriptors for every
object in the file system. Thus, users can set security policies for files and
directories as though the file system were NTFS.

By default, all files and directories created via the NFS protocol (from a
UNIX or Linux client) do not contain security descriptors. Such files are
known as UNIX files. All files and directories that are created from
Windows clients, or UNIX files that are modified from a Windows client,
are automatically assigned a security descriptor. Files and directories that
have security descriptors are known as Windows files. The main functional
distinction between UNIX files and Windows files is that UNIX users
cannot change the ownership (chown) or permissions (chmod) of Windows
files.