Network and Storage Protocols

security and user mapping

AaronHolt
5,136 Views

Hi all,

Sorry if this is going to be an obvious answer but I’m having a few difficulties in understanding the permissions within clustered mode.

I’m just trying to clarify something with regards to security at volume level. If I set up vol1 with Unix style security (all permissions eg read/write and so on) and vol2 with NTFS security (again all permission), if I set up user mappings (windows to unix and unix to windows), essentially the security style doesn’t matter as my windows mapped account can still access vol1 (unix) and my unix account can still access vol2 (ntfs security)…

Is that correct?

Thanks
Aaron

1 ACCEPTED SOLUTION

richard_payne
4,918 Views

Yes, you're right and I should have spelled that out instead of making the assumtion. I shoud have really said something like - provided your AD username match up to your Unix usernames provided through NIS/LDAP etc...

 

--rdp

View solution in original post

4 REPLIES 4

richard_payne
5,002 Views

It is true that both systems will be able to access data on both volumes (assuming you have licenses for both protocols and both are configured) provided your user mapping is correct. Just keep in mind that the unix volume will always have unix permissions and the NTFS volume will have windows permissions setup. You can't add NT ACLs to the unix partition etc...

 

Note that by default the filer will map usernames that match on both systems so you only need usermap entries when they don't match.

 

--rdp

aborzenkov
4,970 Views
It's not enough to have common names - filer also must be able to map Unix user name to Unix UID. That usually requires using network (NIS, LDAP) backend for Unix user database.

richard_payne
4,919 Views

Yes, you're right and I should have spelled that out instead of making the assumtion. I shoud have really said something like - provided your AD username match up to your Unix usernames provided through NIS/LDAP etc...

 

--rdp

scottgelb
4,899 Views

If a smaller environment many use /etc/passwd (7-Mode) or unix-user create (cDOT) if they don't have ldap or nis for name to id mapping.

Public