Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Technical Instruction Sure Solution 1013073.1 : Sun StorageTek[TM] 5000 Series NAS: How to configure CIFS Security in Workgroup Mode
PreviouslyPublishedAs 217910 Description Description Symptoms:
Purpose/Scope: Resources are accessed as a particular UID/GID combination assigned to each share. Shares are secured by password only, rather than by a username/password combination. This document describes how to configure shares and security for this environment. Only NFS-style permissions are possible. Workgroup mode is intended only for use with a small number of Windows clients with very low security requirements, such as temporary file transfer or a small number of physically secure Windows servers in an NFS environment. If there is a requirement for secure storage of individual user data, Windows domain mode is strongly recommended. A single samba or Windows Domain Controller will enhance security significantly. NOTE: Workgroup mode on the Sun StorageTek[TM] 5000 Series NAS also implies the use of share level security. In this mode, user tokens are not used and ACL data cannot be written or read. Steps to Follow In Workgroup mode, all security is assigned at the share creation/editing screen. To configure security, proceed as follows:
* User ID: When a user successfully connects to this share, they will assume the identity of this UID. All reads, writes, deletes and other operations will be done as this UID. The Windows username that is used to connect is ignored. The default setting for this field is UID 0. This is the root user, and has unlimited rights for all file operations within the share. If this is not desired, be sure to change this to another UID. * Group ID: Same as above, but they assume the identity of this group. Again, consider changing the default of GID 0 to prevent unwanted access. * Umask: A umask is a file creation mask. It defines the permission bits to turn off when creating a file. Bits that are set in the umask are cleared in the mode of a newly created file. For example: setting a umask of 200 will cause the write bits to be stripped from new files, so that a file written with 777 permission, would be set to 555. For a complete explanation of the umask field, see the Sun StorageTek[TM] Admin Guide. * R/W Password and R/O Password: Users attempting to connect to the share will be prompted for a username and password. As noted above, the username is ignored. The password is compared to these two passwords. If the password matches the R/W password, the user will be granted read/write access. If the password matches the R/O password, the user will be granted read-only access. It is possible to leave either or both passwords blank, which grants access regardless of the password entered. * Confirm R/W Password and R/O Password: The password is entered a second time to verify that it was entered correctly. WARNING: Configuring UID 0 access to a share at the root level of the volume will give unrestricted access to the entire volume. Product Sun StorageTek 5320 NAS Gateway/Cluster System Sun StorageTek 5320 NAS Appliance Sun StorageTek 5320 Sun StorageTek 5310 NAS Gateway/Cluster System Sun StorageTek 5310 NAS Gateway System Sun StorageTek 5310 NAS Appliance Sun StorageTek 5220 NAS Appliance Sun StorageTek 5210 NAS Appliance Internal Comments This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below: storage-nas-domain@sun.com NAS, normalized, CIFS, workgroup, audited Previously Published As 90649 Change History Date: 2010-04-14 User Name: 79977 Action: Currency check Comment: Verified still current by CL william.harper@oracle.com Date: 2007-09-24 User Name: 71396 Action: Approved Comment: Performed final review of article. Updated trademarking. Publishing. Version: 3 Date: 2007-09-24 User Name: 71396 Action: Accept Comment: Version: 0 Product_uuid ef8d4cb2-9cd6-11da-85b4-080020a9ed93 | Sun StorageTek 5320 NAS Gateway/Cluster System 27ca3082-cb13-11da-857a-080020a9ed93 | Sun StorageTek 5320 NAS Appliance 9d23ea64-a8be-11da-85b4-080020a9ed93 | Sun StorageTek 5320 Attachments This solution has no attachment |
||||||||||||
|