Native client file-system security

For UNIX-based clients, SAN File System uses the POSIX definition of three sets of three file mode bits—one set for each user, group, and other. The bits in each group represent read, write, and execute or search permissions. It also uses the SETUID and SETGID bits, and the X/Open-specified restricted deletion mode (also known as "sticky") bit used for directories. SAN File System supports UNIX commands such as ls and du when they are run against the global namespace.

If a file created by an UNIX-based client has the read and write bits set for user "other," all UNIX and Windows users can read and write to the file.

For Windows-based clients, SAN File System uses access control lists (ACLs), which are lists that define permissions for users and groups. An entry in an ACL is called an access control entry (ACE). If a Windows file creates an ACE for user "everyone," all UNIX and Windows users can access that file.

Parent topic: Clients

Related concepts
Global namespace
Metadata server
Filesets
Clients

Related tasks
Granting root privileges to a client

Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.