Shares - Root Directory Access
Controls basic acess control for the root of the filesystem. These settings can be managed
in-band via whatever protocols are being used, but they can also be specified here for convenience.
These properties cannot be changed on a read-only filesystem, as they require changing metadata for
the root directory of the filesystem.
Shares - User
The owner of the root directory. This can be specified as a user ID or user name. For more
information on mapping Unix and Windows users, see the Identity Mapping service. For
Unix-based NFS access, this can be changed from the client using the chown
command.
Shares - Group
The group of the root directory. This can be specified as a group ID or group name. For more
information on mapping Unix and Windows groups, see the Identity Mapping service. For
Unix-based NFS access, this can be changed from the client using the chgrp
command.
Shares - Permissions
Standard Unix permissions for the root directory. For Unix-based NFS access, this can be
changed from the client using the chmod command. The permissions are divided into
three types.
Table 12-14 Shares Users
|
|
|
User
|
User that is the current owner of the directory.
|
|
Group
|
Group that is the current group of the directory.
|
|
Other
|
All other accesses.
|
|
For each access type, the following permissions can be granted.
Table 12-15 Shares Permissions
|
|
|
|
Read
|
R
|
Permission to list the contents of the directory.
|
|
Write
|
W
|
Permission to create files in the directory.*
|
|
Execute
|
X
|
Permission to look up entries in the directory. If users have execute permissions but not read
permissions, they can access files explicitly by name but not list the contents of the
directory.
|
|
-
As of the 2011.1 software release, the following additional behavior is associated with the
"write" permission for all directories:
-
Child files within the directory can be deleted (same as the ACL D permission), unless the
sticky bit is set on the directory, in which case the child files can be deleted only if requested
by the owner of the file
-
Times associated with a file or directory can be changed (same as the ACL A
permission)
-
Extended attributes can be created, and writes are allowed to the extended attributes
directory (same as the ACL W permission)
In the BUI, selecting permissions is done by clicking on individual boxes. Alternatively,
clicking on the label ("user," "group," or "other) will select (or deselect) all permissions within
the label. In the CLI, permissions are specified as a standard Unix octal value, where each digit
corresponds to (in order) user, group, and other. Each digit is the sum of read (4), write (2), and
execute (1). So a permissions value of 743 would be the equivalent of user RWX,
group R, other WX.
As an alternative to setting POSIX permission bits at share creation time, administrators may
instead select the "Use Windows Default Permissions" option, which will apply an ACL as described in
the root directory ACL section
below. This is a shortcut to simplify administration in environments that are exclusively or
predominately managed by users with Windows backgrounds and is intended to provide behaviour similar
to share creation on a Windows server.
