Presentation of security attributes

Security attributes (ownership and permission) for objects created on a platform are translated to allow presentation, but this translation is limited in several ways. Object ownership is translated according to the user map. Permissions are translated for the owner of the object and for the permission bits on UNIX® or Everyone on Windows®. The identity of the user requesting the translation does not affect presentation; all users use the same translation.

Permissions for the "owner" and "" are presented after translation such that they reflect the access check behavior. For example, a UNIX SAN File System client shows the "w" bit for the owner on a UNIX client if and only if the Windows file grants its owner both WRITE and APPEND permission.

There is no mapping of group information. The creating or owning group is not translated. Permissions for individual groups are not translated. The group is always shown as 999999 on UNIX for files created on Windows.

To satisfy the needs of some UNIX-based systems, the group EXECUTE permission is translated specially for presentation on UNIX. Whenever a user or group is granted EXECUTE permission for a file created on Windows, the group EXECUTE bit will be shown on UNIX.

Note: The difference in meaning between UNIX other permissions and Windows Everyone permissions is reflected during translation. The UNIX other permissions only apply when the requestor is not the owner and not a member of the group associated with the object. On Windows, permissions granted to Everyone apply to the owner and group members; when viewed from UNIX, they are translated to both the owner and permission bits. When UNIX object permissions are viewed on Windows:

Permissions that are not translated for access may still be translated for presentation. In particular, a UNIX object will appear to have READ_ATTRIBUTES and READ_EXTENDED_ATTRIBUTES permissions in its ACL for the owner and for Everyone, as UNIX does not restrict these operations.

Parent topic: Heterogeneous file sharing

Library | Support | Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.
IBM TotalStorage SAN File System v2.2