| Skip Navigation Links | |
| Exit Print View | |
|
Sun QFS and Sun Storage Archive Manager 5.3 Security Guide Sun QFS and Sun Storage Archive Manager 5.3 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Sun QFS and Sun Storage Archive Manager 5.3 Security Guide Sun QFS and Sun Storage Archive Manager 5.3 Information Library |
1. Sun QFS and Sun Storage Archive Manager Overview
2. Secure Installation and Configuration
3. Sun QFS and Sun Storage Archive Manager Security Features
The critical security features that provide protections against security threats are:
Authentication – Ensures that only authorized individuals are granted access to the system and data.
Authorization – Access control to system privileges and data. This feature builds on authentication to ensure that individuals get only appropriate access.
Audit – Enables administrators to detect attempted breaches of the authentication mechanism and attempted or successful breaches of access control.
SAM-QFS uses host-based user authentication to control who can perform administration tasks. Administration using the SAM-QFS Manager is mainly controlled by roles which are assigned to various users. Administration using the command line is limited to the root user.
Access control in SAM-QFS is divided into two parts:
Administrative access control – Controls who can take administrative actions for SAM-QFS. The controls are based on roles that are assigned to users through SAM-QFS Manager. For command-line operations, controls are based on root permissions. For more information about SAM-QFS Manager, see Chapter 6, Installing and Configuring SAM-QFS Manager, in Sun QFS and Sun Storage Archive Manager 5.3 Installation Guide.
File/directory access control – SAM-QFS implements a POSIX compliant file system that has a rich set of access controls. See the SAM-QFS documentation for more details.
Developers generally do not interface directly with SAM-QFS. The two exceptions are the libsam API and the libsamrpc API. These two APIs provide the same functionality. libsam is for a local machine only, while libsamrpc communicates to the MDS through rpc(3) to implement the requested actions. Authentication of requests made by either method is based on the UID and GID of the calling process. They have the same permissions as the requests made through the command line. Make sure you have a common UID and GID space for MDS and the client systems.
For more information, see intro_libsam(3) and intro_libsamrpc(3) in Sun QFS and Sun Storage Archive Manager Reference Manual.
|