Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP CIFS Server 3.0g Administrator's Guide version A.02.03.01: HP-UX 11i v1, v2 and v3 > Chapter 3 Managing HP-UX File Access Permissions from Windows NT/XP/2000

Using the NT Explorer GUI to Create ACLs
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

Use the Windows NT Explorer GUI to set new ACLs.

This section describes how to add new entries to the ACE list:

  • Click the add button in the File/Directory Permissions dialog box of the Windows NT GUI to bring up the Add Users and Groups dialog box.

    Figure 3-3 Windows NT Explorer File Permissions

    Windows NT Explorer File Permissions
    NOTE: The List Names From field displays the source of the list of group names. It may also show the name of your domain. Do not use the domain list to add new ACLs.

    Figure 3-4 Windows NT Explorer List Names From Field

    Windows NT Explorer List Names From Field

    Instead, what you need is a list of groups and users that can be recognized by the underlying UNIX file system.

    Since the actual ACLs will be UNIX file permissions or VxFS POSIX ACLs in their final form, the only valid groups and users are UNIX groups and users that the Samba server knows about.

  • Go to the List Names From dropdown list in the Add Users and Groups dialog box. One screen choice is to list names on your Samba server. This is the list HP recommends.

    Figure 3-5 Windows NT Explorer Add Users and Groups Dialog Box

    Windows NT Explorer Add Users and Groups Dialog Box

  • Select any name on the list that is labelled local UNIX group. Those groups are actually UNIX groups on the Samba server.

  • Optionally, click the Show Users button and all the UNIX users on the Samba server will be added to the list as well. You will always be able to add an ACE for the local Unix groups and the users in this list.

    Figure 3-6 Add UNIX Groups and Users

    Add UNIX Groups and Users

  • You can type user and group names into the Add Names text field to add users and groups. If the names are valid UNIX group or user names, the users and groups will be added.

  • Optionally, add the Samba server name and a backslash to the beginning of the user or group name and it will be added (for example, server1\users1). When you select names off the name list, the GUI will put that name in the text list and automatically add the server name as well.

  • Optionally use the user name mapping feature to define a mapping of NT user names (or domain names) to UNIX user names. For example, you could map the NT user names administrator and admin to the UNIX user name root. The mapping can be either one-to-one or many-to-one.

    Samba supports the creation of ACEs with NT user names that are mapped to UNIX user names.

    To continue the example above, you could create an ACE for the administrator user on the NT client and, on the Samba server, the ACE would be created for the root user. The client will display the corresponding ACE as being for the root user, not the administrator user.

    If you add an ACE for one user name, like administrator and then display the list of ACEs and see a new ACE for a different user name (root), it maybe confusing. As many NT user names can be mapped to one UNIX user name, Samba only displays the one UNIX user name. It cannot display the NT name that was mapped to the UNIX user name.

You also have to be careful not to create multiple conflicting ACEs for one UNIX user. For example, in the NT GUI you might add an ACE for the user administrator, admin and root. But when you apply these changes, Samba maps administrator and admin to the UNIX user root and the result is that Samba tries to add three different ACEs, all for the user root, to one file. That is not valid and Samba ignores two of the three ACEs.

Selecting Names From the Samba Name List

The NT user names mapped to UNIX users will also be displayed when you press the Show Users button in the Add Users and Groups dialog box. Every valid name that you add to an ACE is in the name list on the Samba server (after you hit the Show Users button). You do not need to type in names or select names from the NT domain list. If, however, you pick a name from the NT domain list and it happens to be a UNIX user name on the Samba server, it will be added. This also applies to names that have a user name mapping in Samba.

There is another reason HP recommends selecting names from the Samba server's list of names instead of typing names in manually. There might be a UNIX group and a UNIX user with the same name. If you select a name from the list, Samba knows whether you mean the user or the group. If you type the name in, there is no way for you to specify the user or the group and Samba may add the ACE for a user when you meant the UNIX group with the same name.



UNIX File Permissions and POSIX ACLs
  		 


POSIX ACLs and Windows 2000/XP Clients  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.