Securing data, About hp netstorage 6000 security, Chapter 8 securing data – HP NetStorage 6000 User Manual

Securing Data
About HP NetStorage 6000 Security

8-1

Chapter 8

Securing Data

About HP NetStorage 6000 Security

This section explains the details of security as it applies to the user data
stored on the HP NetStorage 6000. The NetStorage 6000 utilizes most of
the security features found on Microsoft Windows, as well as all of the
security features found on UNIX platforms. It is not the intent of this
section to review the specifics of those security architectures. Instead, this
section highlights the special features and differences that distinguish the
security on the HP NetStorage 6000 from the security on traditional
Windows or UNIX file servers.

Since the HP NetStorage 6000 is designed to serve files over both NFS and
CIFS/SMB protocols, it is necessary to establish a mapping of the security
architectures from one platform to the other. “Mapping NT and UNIX
Users” on page 8-12 explains how that mapping is accomplished.

HP NetStorage 6000 Security in a UNIX-only Environment

The NetStorage 6000 utilizes an internal file system that is native to UNIX
environments. As such, it has UNIX security mechanisms built-in that are
leveraged when serving files over the NFS protocol. All resources stored
on the file system contain the security metadata commonly found in UNIX
systems.

The NetStorage 6000 does not support the concept of the

/etc/exports

file for managing mount points. Instead, the server automatically creates a
single mount point at the root of all volumes created on the system. Since
the server is specifically designed to share files, the exporting of mount
points has been automated.

The root directory of the mount points on the NetStorage 6000 is given
special permissions to facilitate appropriate access to users. The owner and
group of this directory are root (UID = 0, GID = 0), and the permissions are
read, write, and execute to owner, group and other (rwxrwxrwx). One