File System Security: Secure Network Data Sharing for NT and Unix
Bridget Allison, Rob Hawley, Andrea Borr, Mark Muhlestein, and Dave Hitz, Network Appliance
Sharing network data between
UNIX and NT systems is becoming increasingly important as NT moves into
areas previously serviced entirely by UNIX. One difficulty in sharing data
between UNIX and NT is that their file system security models are quite
different. NT file servers use access control lists (ACLs) that allow permissions
to be specified for an arbitrary number of users and groups, while UNIX
NFS servers use traditional UNIX permissions that provide control only
for owner, group, and other. This paper describes a merged model in which
a single file system can contain both files with NT-style ACLs and files
with UNIX-style permissions. For native file service requests (NFS requests
to UNIX-style files and NT requests to NT-style files) the security model
exactly matches a UNIX or NT fileserver. For non-native requests, heuristics
allow a reasonable level of access without compromising the security guarantees
of the native model.
- View the full text of this paper in
HTML form and
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.