12.2 File System Access Controls


Perhaps the most important recognition to be made is the simple fact that MS Windows NT4/200x/XP implement a totally divergent file system technology from what is provided in the UNIX operating system environment. First we consider what the most significant differences are, then we look at how Samba helps to bridge the differences.

12.2.1 MS Windows NTFS Comparison with UNIX File Systems

Samba operates on top of the UNIX file system. This means it is subject to UNIX file system conventions and permissions. It also means that if the MS Windows networking environment requires file system behavior that differs from UNIX file system behavior then somehow Samba is responsible for emulating that in a transparent and consistent manner.

It is good news that Samba does this to a large extent and on top of that provides a high degree of optional configuration to override the default behavior. We look at some of these over-rides, but for the greater part we will stay within the bounds of default behavior. Those wishing to explore the depths of control ability should review the smb.conf man page.

The following compares file system features for UNIX with those of Microsoft Windows NT/200x:

Name Space ” MS Windows NT4/200x/XP files names may be up to 254 characters long, and UNIX file names may be 1023 characters long. In MS Windows, file extensions indicate particular file types, in UNIX this is not so rigorously observed as all names are considered arbitrary.

What MS Windows calls a folder, UNIX calls a directory.

Case Sensitivity ” MS Windows file names are generally upper case if made up of 8.3 (8 character file name and 3 character extension. File names that are longer than 8.3 are case preserving and case insensitive.

UNIX file and directory names are case sensitive and case preserving. Samba implements the MS Windows file name behavior, but it does so as a user application. The UNIX file system provides no mechanism to perform case insensitive file name lookups. MS Windows does this by default. This means that Samba has to carry the processing overhead to provide features that are not native to the UNIX operating system environment.

Consider the following. All are unique UNIX names but one single MS Windows file name:

 
 MYFILE.TXT MyFile.txt myfile.txt 

So clearly, in an MS Windows file name space these three files cannot co-exist, but in UNIX they can.

So what should Samba do if all three are present? That which is lexically first will be accessible to MS Windows users, the others are invisible and unaccessible ” any other solution would be suicidal.

Directory Separators ” MS Windows and DOS uses the backslash \ as a directory delimiter , and UNIX uses the forward-slash / as its directory delimiter. This is handled transparently by Samba.

Drive Identification ” MS Windows products support a notion of drive letters , like C: to represent disk partitions. UNIX has no concept of separate identifiers for file partitions, each such file system is mounted to become part of the overall directory tree. The UNIX directory tree begins at / just like the root of a DOS drive is specified as C: \.

File Naming Conventions ” MS Windows generally never experiences file names that begin with a dot ( . ) while in UNIX these are commonly found in a user's home directory. Files that begin with a dot ( . ) are typically either start-up files for various UNIX applications, or they may be files that contain start-up configuration data.

Links and Short-Cuts ” MS Windows make use of " links and short-cuts " that are actually special types of files that will redirect an attempt to execute the file to the real location of the file. UNIX knows of file and directory links, but they are entirely different from what MS Windows users are used to.

Symbolic links are files in UNIX that contain the actual location of the data (file or directory). An operation (like read or write) will operate directly on the file referenced. Symbolic links are also referred to as " soft links ." A hard link is something that MS Windows is not familiar with. It allows one physical file to be known simultaneously by more than one file name.

There are many other subtle differences that may cause the MS Windows administrator some temporary discomfort in the process of becoming familiar with UNIX/Linux. These are best left for a text that is dedicated to the purpose of UNIX/Linux training and education.

12.2.2 Managing Directories

There are three basic operations for managing directories: create, delete, rename .

Table 12.1. Managing Directories with UNIX and Windows

Action

MS Windows Command

UNIX Command

create

md folder

mkdir folder

delete

rd folder

rmdir folder

rename

rename oldname newname

my oldname newname

12.2.3 File and Directory Access Control

The network administrator is strongly advised to read foundational training manuals and reference materials regarding file and directory permissions maintenance. Much can be achieved with the basic UNIX permissions without having to resort to more complex facilities like POSIX Access Control Lists (ACLs) or Extended Attributes (EAs).

UNIX/Linux file and directory access permissions involves setting three primary sets of data and one control set. A UNIX file listing looks as follows :

 
 $ ls -la total 632 drwxr-xr-x 13 maryo gnomes 816 2003-05-12 22:56 . drwxrwxr-x 37 maryo gnomes 3800 2003-05-12 22:29 .. dr-xr-xr-x 2 maryo gnomes 48 2003-05-12 22:29 muchado02 drwxrwxrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado03 drw-rw-rw- 2 maryo gnomes 48 2003-05-12 22:29 muchado04 d-w--w--w- 2 maryo gnomes 48 2003-05-12 22:29 muchado05 dr--r--r-- 2 maryo gnomes 48 2003-05-12 22:29 muchado06 drwsrwsrwx 2 maryo gnomes 48 2003-05-12 22:29 muchado08 ---------- 1 maryo gnomes 1242 2003-05-12 22:31 mydata00.lst --w--w--w- 1 maryo gnomes 7754 2003-05-12 22:33 mydata02.lst -r--r--r-- 1 maryo gnomes 21017 2003-05-12 22:32 mydata04.lst -rw-rw-rw- 1 maryo gnomes 41105 2003-05-12 22:32 mydata06.lst $ 

The columns above represent (from left to right): permissions, number of hard links to file, owner, group , size (bytes), access date, access time, file name.

An overview of the permissions field can be found in Figure 12.1.

Figure 12.1. Overview of UNIX permissions field.

graphics/12fig01.gif

Any bit flag may be unset. An unset bit flag is the equivalent of " cannot " and is represented as a "_" character.

Example 12.1 Example File
 -rwxr-x--- Means: The owner (user) can read, write, execute the group can read and execute everyone else cannot do anything with it. 

Additional possibilities in the [type] field are: c = character device, b = block device, p = pipe device, s = UNIX Domain Socket.

The letters rwxXst set permissions for the user, group and others as: read (r), write (w), execute (or access for directories) (x), execute only if the file is a directory or already has execute permission for some user (X), set user or group ID on execution (s), sticky (t).

When the sticky bit is set on a directory, files in that directory may be unlinked (deleted) or renamed only by root or their owner. Without the sticky bit, anyone able to write to the directory can delete or rename files. The sticky bit is commonly found on directories, such as /tmp , that are world-writable.

When the set user or group ID bit (s) is set on a directory, then all files created within it will be owned by the user and/or group whose 'set user or group' bit is set. This can be helpful in setting up directories for which it is desired that all users who are in a group should be able to write to and read from a file, particularly when it is undesirable for that file to be exclusively owned by a user whose primary group is not the group that all such users belong to.

When a directory is set drw-r----- this means that the owner can read and create (write) files in it, but because the (x) execute flags are not set, files cannot be listed (seen) in the directory by anyone. The group can read files in the directory but cannot create new files. If files in the directory are set to be readable and writable for the group, then group members will be able to write to (or delete) them.



Official Samba-3 HOWTO and Reference Guide
The Official Samba-3 HOWTO and Reference Guide, 2nd Edition
ISBN: 0131882228
EAN: 2147483647
Year: 2005
Pages: 297

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net