Client access to non-native files
SMB users may access files which have UNIX security information, and NFS users may access files which have Windows security information. The server supports this functionality with mapping tables, set up in NAS Manager, that associate the names of NFS users and groups with their Windows equivalents. For example, when an SMB user tries to access a file that has UNIX-only security information, the server automatically maps the user name to the corresponding NFS name in the mapping table.
- The server automatically translates user security information from UNIX to Windows format, or vice-versa, and caches it for the duration of the session:
UNIX credential NT access token UID User mapping table User SID GID Group mapping table Primary group SID Other groups Group mapping table Other groups - The system automatically converts file security attributes from Windows to UNIX format and stores the result in file metadata, making the files native to both SMB and NFS clients. Although UNIX files are also converted to Windows format, the results are not stored in file metadata:
- Any changes that a user makes to a file’s security attributes are applied equally to Windows and UNIX.
When an SMB user tries to access a file that has UNIX-only security information, the server maps the user to an NFS name and converts the user’s access token to UNIX credentials. It then checks these credentials against the file’s security attributes to determine whether or not the operation is permissible.
Similarly, when an NFS user tries to access a file that has Windows-only security information, the server maps the user to a Windows name and converts the user’s UNIX credentials to a Windows access token. It then checks the token against the file’s security attributes.