Merging NT and UNIX Filesystem Permissions
نویسندگان
چکیده
Sharing network data between NT and UNIX systems is becoming increasingly important as NT moves into areas previously serviced entirely by UNIX. One difficulty in sharing data is that the two filesystem security models are quite different. NT file servers use access control lists (ACLs) that allow permissions to be specified for an arbitrary number of users and groups, while UNIX NFS servers use traditional UNIX permissions that provide control only for owner, group, and other. This paper describes an integrated security model in which a single filesystem can contain both files with NT-style ACLs and files with UNIX-style permissions. For native file service requests (NT requests to NT-style files and NFS requests to UNIX-style files) the security model exactly matches an NT or UNIX fileserver. For non-native requests, heuristics allow a reasonable level of access without compromising the security guarantees of the native model.
منابع مشابه
File System Security: Secure Network Data Sharing for NT and Unix
Sharing network data between UNIX and NT systems is becoming increasingly important as NT moves into areas previously serviced entirely by UNIX. One difficulty in sharing data between UNIX and NT is that their file system security models are quite different. NT file servers use access control lists (ACLs) that allow permissions to be specified for an arbitrary number of users and groups, while ...
متن کاملPorting the Arla file system to Windows NT
This paper describes how we ported the Arla filesystem to Windows NT/2000. Windows is very different from the platforms (different flavors of Unix) that Arla was written for before. Arla consists of a complex userland daemon (arlad) and a rather simple kernel-module (xfs). Arlad needed very little work to be able to work on Windows because we used Cygwin. The Windows kernel-module was written f...
متن کاملAn Object Base for Attributed Software Objects
The UNIX filesystem supports a fixed set of attributes for filesystem objects, stored in inodes and directory entries. The (path-)name attribute is the sole means to identify and access a filesystem object. This turns out to be a rather severe limitation for certain complex applications such as large scale software development, where software objects typically evolve in a considerable number of...
متن کاملTo ward a Compatible Filesystem Interface
As network or remote filesystems have been implemented for UNIX,† several stylized interfaces between the filesystem implementation and the rest of the kernel have been developed. Notable among these are Sun Microsystems’ Virtual Filesystem interface (VFS) using vnodes, Digital Equipment’s Generic File System (GFS) architecture, and AT&T’s File System Switch (FSS). Each design attempts to isola...
متن کاملUSENIX Association Proceedings of the FREENIX Track : 2002 USENIX Annual Technical Conference
The ext2 filesystem was designed with the goal of expandability while maintaining compatibility. This paper describes ways in which advanced filesystem features can be added to the ext2 filesystem while retaining forwards and backwards compatibility as much as possible. Some of the filesystem extensions that are discussed include directory indexing, online resizing, an expanded inode, extended ...
متن کامل