beautypg.com

6 configuring file and folder security and acl – PLANET NAS-7450 User Manual

Page 57

background image

56

4. Assign the UID, GID and Permission of this share. It will overwrite the ownership and

permission of the mount point once the share is mounted by the NFS client. If the NIS

support is enabled, the UID and GID pull-down menus will list all NIS users for you to

choose.

5. You can allow all hosts to access the share with read/write or read only permission. Then go

to Step 9.

6. Or, you can specify privileged hosts by highlight the host IP from the left hand windows.

7. Select the appropriate permission from the pull down menu at the bottom of the left hand

windows.

8. Assign which UID/GID the root account of the UNIX host should be converted into when

accessing the share. This is the ‘root squash’ function.

9. Click the >> button to join the privileged list.

10. You can modify the permission of the hosts in the privileged list by first highlight the

privileged host and then select the appropriate permission from the pull down menu at the

bottom of the right hand windows.

11. Click “Apply” to save the setting.

12. If you want to remove shares, check the corresponding checkbox located at the end of the

row and click

.

You can assign the following share permission to UNIX/Linux Hosts on NAS system:

Read Only (RO) –The host is allowed to read the share.

Read Write (RW) –The host is allowed to read and write to the share.

6.6 Configuring File and Folder Security and ACL

Access Control Lists (ACL) are associated with each file and folder, as well as the list of users

and groups permitted to use that file or folder. When a user is granted access to the file or

folder, an ACL node is created and added to the ACL for the file or folder. If you assign

permissions to a local user, a Security ID (SID) created by NAS system will be referred by the

ACL for the file and folder security. If the local user is then deleted, and the same name is

created as the previous one, the new user does not have permissions to the file or folder,

because the SID will not be the same. The administrator will have to re-configure all the group

memberships and access rights to the files and folders.

Since the Security ID (SID) for domain user is issued and maintain by the domain controller on

the network. Administrator do not need to re-configure all the group memberships and access

rights to the files and folders if the domain user is deleted from the local user database and the

same name is created as the previous one.

Note:

If the administrator changes the permission on a file or folder that a user is

This manual is related to the following products:
See also other documents in the category PLANET Communication: