JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Sun ZFS Storage 7000 System Administration Guide
search filter icon
search icon

Document Information

Preface

1.  Introduction

2.  Status

3.  Configuration

4.  Services

Services

Introduction

Data

Directory

System

Remote Access

Security

BUI

Selecting a Service

Enabling a Service

Disabling a Service

Setting Properties

Viewing Service Logs

CLI

Selecting a Service

Viewing Service State

Enabling a Service

Disabling a Service

Setting Properties

Viewing Service Logs

Service Help

NFS

Introduction

Properties

Kerberos realms

Logs

Analytics

CLI

Tasks

NFS Tasks

iSCSI

Introduction

Properties

Authentication

Authorization

Targets and Initiators

CLI

Tips

Troubleshooting

SMB

Introduction

Properties

Share Properties

NFS/SMB Interoperability

DFS Namespaces

Autohome Rules

Local Groups

Local Accounts

MMC Integration

Event Viewer

Share Management

Users, Groups and Connections

Services

CLI

Adding autohome rules

Adding a user to a local group

Tasks

SMB Tasks

FTP

Introduction

Properties

FTP Properties

General Settings

Security Settings

Logs

Tasks

FTP Tasks

HTTP

Introduction

Properties

Authentication and Access Control

Logs

Tasks

HTTP Tasks

NDMP

Introduction

Local vs. Remote Configurations

Backup Formats and Types

Backing up with "dump" and "tar"

Backing up with "zfs"

Incremental backups

Properties

Logs

SFTP

Introduction

Properties

SFTP Port

Logs

Tasks

SFTP Tasks

Virus Scan

Introduction

Properties

File Extensions

Scanning Engines

Logs

Tasks

Virus Scan Tasks

NIS

Introduction

Properties

Logs

Tasks

NIS Tasks

LDAP

Introduction

Properties

Custom Mappings

Logs

Tasks

LDAP Tasks

Active Directory

Introduction

Properties

Join Domain

Join Workgroup

Domains and Workgroups

LDAP Signing

Windows Server 2008 Support

Section A: Kerberos issue (KB951191)

Section B: NTLMv2 issue (KB957441)

Section C: Note on NTLMv2

BUI

CLI

Tasks

Active Directory Tasks

Identity Mapping

Concepts

Identity Mapping Concepts

Mapping Modes

IDMU

Directory-based Mapping

Identity Mapping Directory-based Mapping

Properties

Name-based Mapping

Identity Mapping Name-based Mapping

Name-based Mapping Rules

Case Sensitivity

Mapping Persistence

Domain-Wide Rules

Deny Mappings

Mapping Rule Directional Symbols

Ephemeral Mapping

Best Practices

Testing Mappings

Examples

Tasks

Identity Mapping Tasks

DNS

Introduction

Properties

CLI

Logs

Active Directory and DNS

Non-DNS Resolution

DNS-Less Operation

IPMP

Introduction

Properties

Logs

Tasks

NTP

Introduction

Properties

Validation

Authentication

BUI

CLI

BUI Clock

Tips

Tasks

NTP Tasks

Remote Replication

Introduction

Dynamic Routing

RIP and RIPng Dynamic Routing Protocols

Logs

Phone Home

Introduction

Oracle Single Sign-On Account

Properties

Web Proxy

Registration

Status

Service state

Logs

SNMP

Introduction

Properties

MIBs

Sun FM MIB

Sun AK MIB

Tasks

SNMP Tasks

SMTP

Introduction

Properties

Logs

Service Tags

Introduction

Properties

System Identity

Introduction

Properties

Logs

SSH

Introduction

Properties

Logs

Tasks

SSH Tasks

Shadow Migration

Introduction

Properties

Managing Shadow Migration

Syslog

Introduction

Properties

Classic Syslog: RFC 3164

Updated Syslog: RFC 5424

Message Format

Alert Message Format

Receiver Configuration Examples

Configuring a Solaris Receiver

Configuring a Linux Receiver

5.  Shares

6.  Analytics

7.  Application Integration

Glossary

Index

HTTP

Introduction

The HTTP service provides access to filesystems using the HTTP and HTTPS protocols and the HTTP extension WebDAV (Web based Distributed Authoring and Versioning). This allows clients to access shared filesystems through a web browser, or as a local filesystem if their client software supports it. The URL to access these HTTP and HTTPS shares have the following formats respectively:

http://hostname/shares/mountpoint/share_name

https://hostname/shares/mountpoint/share_name

The HTTPS server uses a self-signed security certificate.

Properties

Property
Description
Require client login
Clients must authenticate before share access is allowed, and files they create will have their ownership. If this is not set, files created will be owned by the HTTP service with user "nobody". See the section on authentication below.
Protocols
Select which access methods to support HTTP, HTTPS, or both.
HTTP Port (for incoming connections)
HTTP port, default is 80
HTTPS Port (for incoming secure connections)
HTTP port, default is 443

Changing services properties is documented in the BUI and CLI sections of services.

Authentication and Access Control

If the "Require client login" option is enabled, then the appliance will deny access to clients that do not supply valid authentication credentials for a local user, a NIS user, or an LDAP user. Active Directory authentication is not supported.

Only basic HTTP authentication is supported. Note that unless HTTPS is being used, this transmits the username and password unencrypted, which may not be appropriate for all environments.

Normally, authenticated users have the same permissions with HTTP that they would have with NFS or FTP. Files and directories created by an authenticated user will be owned by that user, as viewed by other protocols. Privileged users (those having a uid less than 100) will be treated as "nobody" for the purposes of access control. Files created by privileged users will be owned by "nobody".

If the "Require client login" option is disabled, then the appliance will not try to authenticate clients (even if they do supply credentials). Newly created files are owned by "nobody", and all users are treated as "nobody" for the purposes of access control.

Regardless of authentication, no permissions are masked from created files and directories. Created files have Unix permissions 666 (readable and writable by everyone), and created directories have Unix permissions 777 (readable, writable, and executable by everyone).

Logs

Log
Description
network-http:apache22
HTTP service log

To view service logs, refer to the Logs section from Services.

Tasks

HTTP Tasks

Allowing HTTP access to a share

  1. Go to Configuration->Services
  2. Check that the HTTP service is enabled and online. If not, enable the service.
  3. Select or add a share in the Shares screen.
  4. Go to the "Protocols" section, and check that HTTP access is enabled. This is also where the mode of access (read/read+write) can be set.