|
Merging NT and UNIX Filesystem Permissions
Dave Hitz, Bridget Allison, Andrea Borr, Rob Hawley, and Mark Muhlestein
Network Appliance
Abstract
Sharing network data between NT and UNIX systems is becoming
increasingly important as NT moves into areas previously serviced entirely by UNIX. One
difficulty in sharing data is that the two filesystem security models are quite different.
NT file servers use access control lists (ACLs) that allow permissions to be specified for
an arbitrary number of users and groups, while UNIX NFS servers use traditional UNIX
permissions that provide control only for owner, group, and other. This paper describes an
integrated security model in which a single filesystem can contain both files with
NT-style ACLs and files with UNIX-style permissions. For native file service requests (NT
requests to NT-style files and NFS requests to UNIX-style files) the security model
exactly matches an NT or UNIX fileserver. For non-native requests, heuristics allow a
reasonable level of access without compromising the security guarantees of the native
model.
- View the full text of this paper in
HTML form and
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|