File permissions

Newly created filesets are initially attached with a special dedicated user ID and group ID that lock out access to all clients. These are:
UNIX® platforms
File permissions 000, userID/groupID 1000000/1000000
Windows® platforms
Owner S-1-0-0

For clients to be able to access a fileset, a client must first take ownership of the fileset, by changing the fileset's owner to a valid user that can provide the required access. The take-ownership operation is only performed once for each file system, and can only be done by a privileged client. A privileged client is a client machine on which root or Administrator users have the same privileges on the global namespace as they have on other file systems available on their system. A root user logged in to a privileged client is granted full control over directories, files, and other file system objects created by clients.

The concept of root squashing means that by default, when a root or Administrator user logs into a client that is not a privileged client, the user's privileges for the global namespace are reduced to that of "Other" in UNIX or "Everyone" in Windows. Therefore, in order to change the ownership and permissions on a fileset, one or more privileged clients must be created. Have at least one privileged client of each client OS type.

In the current release of SAN File System, client files should be separated in filesets for each operating system — that is, a Windows client should create files only within filesets dedicated to Windows files, and an AIX® client should create files only within filesets dedicated to AIX. This is referred to as the primary allegiance of a fileset — that is, either Windows or UNIX. The different client platforms can, however, share files in a common fileset if the permissions allow. Therefore, it is important to set up your access control list (ACLs) on the clients to accomplish this goal. You should limit your use of cross-platform or heterogeneous file sharing.

To be able to take ownership and change permission on a new fileset, turn off root squashing for the client — that is, enable it as a privileged client to SAN File System.

Parent topic: Clients

Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.