Trusted hosts – HP NetStorage 6000 User Manual

Securing Data

HP NetStorage 6000 Security in a UNIX-only Environment

8-2

consequence of this setting is that all users can delete any file in the root of
the mount point. Therefore, administrators are encouraged to avoid storing
files in the root of the mount point.

The group assignment to files created in a file volume on UNIX can be
performed in a variety of ways. On the NetStorage 6000, when a new file
is created, the group assignment is inherited from the directory where the
file is created. For example, if the group owner for directory

/acct/usr

is accountants (GID = 501), then all files created in that directory will be
assigned a group owner of accountants (GID = 501).

Trusted Hosts

All UNIX clients that mount to file systems on the NetStorage 6000 use the
UID and GID of their account when accessing files. A special case is the
root user (UID = 0). In UNIX, the root user is a Super User, with full access
to all files and directories in the file system. Due to the extensive rights
provided to the root user, and the extensive damage that can be done by a
malicious root user, the NetStorage 6000 does not trust them by default.
Clients that attach with root privilege are given access as user nobody
(UID = 60001), with no special rights or privileges.

The administrator can override this default behavior by declaring a
particular client to be a Trusted Host. A root user mounting a NetStorage
6000 file system from a client that is a Trusted Host is given root privilege
(UID = 0) to the file system. This feature allows administration of the file
system by a root user, while at the same time, protecting the file system
from other root users that should not have privileged access to the
NetStorage 6000 file systems.

The administrator may declare Trusted Hosts using the web based
administration tool, or the telnet administration tool of the NetStorage
6000.