usenix conference policies
File System Security: An Integrated Model for NT and UNIX File Service
Dave Hitz, Bridget Allison, Andrea Borr, Rob Hawley, Mark Muhlestein, Network Appliance, Inc.
Sharing network data between NT and UNIX systems is becoming increasingly important as NT moves into areas previously serviced entirely by UNIX. One difficulty in sharing data is that the two filesystem security models are quite different. NT file servers use access control lists (ACLs) that allow permissions to be specified for an arbitrary number of users and groups, while UNIX NFS servers use traditional UNIX permissions that provide control only for owner, group, and other. This paper describes an integrated security model in which a single filesystem can contain both files with NT-style ACLs and files with UNIX-style permissions. For native file service requests (NT requests to NT-style files and NFS requests to UNIX-style files) the security model exactly matches an NT or UNIX fileserver. For non-native requests, heuristics allow a reasonable level of access without compromising the security guarantees of the native model.
author = {Dave Hitz and Bridget Allison and Andrea Borr and Rob Hawley and Mark Muhlestein},
title = {File System Security: An Integrated Model for {NT} and {UNIX} File Service},
booktitle = {2nd USENIX Windows NT Symposium (2nd USENIX Windows NT Symposium)},
year = {1998},
address = {Seattle, WA},
url = {https://www.usenix.org/conference/2nd-usenix-windows-nt-symposium/file-system-security-integrated-model-nt-and-unix-file},
publisher = {USENIX Association},
month = aug
}
connect with us