Editorial Information
Editorial
If you need help
Announcements
Physics Computing
Desktop Computing
Internet Services and Network
Scientific Applications and Software Engineering
The Learning Zone
User Documentation
Just For Fun ...
|
File Security on NICE (Windows) Platforms
Ivan Deloose
, IT/IS
Abstract
This article summarizes the Windows 2000 file system permissions model and explains what is important for the user when he needs to change permissions on the NICE servers.
The migration from the Novell file server infrastructure towards
Windows 2000 during the year 2000 has marked an important change in
the way the permissions are set on the file system. Both systems
implement a parent to children inheritance model but the way
effective rights are retrieved is completely different and can
create quite some confusion for the user.
1. The Windows 2000 permissions inheritance model
When the user changes permissions on a given directory, all
underlying objects are explicitly touched at that time. This means
that all these underlying folders and files will receive these new
rights at the time that permissions are set. The rights inherited
from a parent folder are marked as grayed out in the underlying
directories, but they are explicitly set. This is called
"static inheritance".
Important consequences:
- Changing permissions on a complete volume can be very long
since the system has to change the rights on all underlying folders
and files. This is one the reasons we designed the NICE Trustee
Manager in order to push this CPU intensive activity away from the
users' console towards a dedicated server.
- This inheritance model is subject to potential problems with
the permissions between a parent and its children in a directory
tree:
- Imagine a program that sets the permissions on a big volume and
stops in the middle of its activity. A part of the underlying
folders will be set to the new rights and the remaining will
not.
- When a file is moved from one folder to another, it goes with
its initial rights to the new folder. This means that this file can
have different permissions from those
that would be implied by his new parent folder. This can be
very confusing especially when a file is moved between public and
private folders.
- As all rights are explicitly applied to each folder or file,
access to these objects should be faster than static
inheritance.
2. What is important to know when you change permissions on
Windows 2000 servers ?
- Never use Windows NT4 to change permissions on the Windows 2000
servers. NT4 does not understand the Windows 2000 permissions model
and destroys all inherited rights.
- The NICE Trustee Manager is a simplified version of the native
Windows 2000 permissions interface. This is the only NICE
recommended tool for users who are not experienced with the Windows
2000 file security model. The program is available from the
Winservices web site at
http://cern.ch/win/Services/TrusteeManager.
This interface allows the user to change the basic permissions
(read, modify and access control) in an asynchronous way. The
requests are submitted to a database and executed by a task running
on a dedicated server. This explains the fact that it can take
several minutes before the changes are applied on the file system.
The user can check the status of his request from the following URL:
http://cern.ch/win/Services/TrusteeManager/content.asp.
Documentation is available at the chapter "Managing Permissions:
The Trustee Manager" in the document
http://cern.ch/win/docs/DFS
- The native Windows permissions interface should only be used by
experienced users who fully understand the NTFS5 permissions model.
Documentation is available at
http://cern.ch/win/docs/Win2000Intro/#h-011
- Every user is responsible for his own home directory data. He
should protect his files against public access. By default a new
home directory is only accessible by the user himself and the
domain administrators, except the "public" folder where
everyone has read access. In case of problems with the security
settings of a users' home directory, the following web page is
available from the Winservices site to reset the home directory
permissions:
http://cern.ch/win/Services/ResetPermissions
- Divisional space administrators are fully responsible for their
data. IT can only provide the disk space with an initial security
setup agreed between the two parties.
- It is important that the "Administrators" have full control on
all folders and files, otherwise the backup and data migration
services cannot be guaranteed anymore. Never deny access to
"Administrators" or "Domain Admins".
- When a file is moved between two folders on the same physical
disk (which is the case when you move a file within your home
directory), be aware that the file moves with its initial
permissions. Example: When you move a file from your public towards
one of your private folders in your home directory, the file will
remain public. Therefore we recommended that you copy the file and
delete the original one. In this case, the new file will take the
permissions of his new parent folder which is private.
- The home directory itself (and not its sub-folders and files)
is visible by everybody (so that the public sub-folder can be
accessed). The contents of the files of the home directory and
non-public sub-folders are however only accessible by the
owner of the documents.
|
