Security attributes (ownership and permission) for objects created on a platform are translated to allow presentation, but this translation is limited in several ways. Object ownership is translated according to the user map. Permissions are translated for the owner of the object and for the permission bits on UNIX® or Everyone on Windows®. The identity of the user requesting the translation does not affect presentation; all users use the same translation.
Permissions for the "owner" and "" are presented after translation such that they reflect the access check behavior. For example, a UNIX SAN File System client shows the "w" bit for the owner on a UNIX client if and only if the Windows file grants its owner both WRITE and APPEND permission.
There is no mapping of group information. The creating or owning group is not translated. Permissions for individual groups are not translated. The group is always shown as 999999 on UNIX for files created on Windows.
To satisfy the needs of some UNIX-based systems, the group EXECUTE permission is translated specially for presentation on UNIX. Whenever a user or group is granted EXECUTE permission for a file created on Windows, the group EXECUTE bit will be shown on UNIX.
Permissions that are not translated for access may still be translated for presentation. In particular, a UNIX object will appear to have READ_ATTRIBUTES and READ_EXTENDED_ATTRIBUTES permissions in its ACL for the owner and for Everyone, as UNIX does not restrict these operations.
Parent topic: Heterogeneous file sharing