Sun Storage 5320 NAS Gateway/Cluster System
 
Sun Storage 5320 NAS Appliance
 

GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
 

Symptoms:

• Configure CIFS

Purpose/Scope:

Resources are accessed as a particular UID/GID combination assigned to each share. Shares are secured by password only, rather than by a username/password combination. This document describes how to configure shares and security for this environment.

Only NFS-style permissions are possible. Workgroup mode is intended only for use with a small number of Windows clients with very low security requirements, such as temporary file transfer or a small number of physically secure Windows servers in an NFS environment.

If there is a requirement for secure storage of individual user data, Windows domain mode is strongly recommended. A single samba or Windows Domain Controller will enhance security significantly.

NOTE: Workgroup mode on the Sun StorageTek[TM] 5000 Series NAS also implies the use of share level security. In this mode, user tokens are not used and ACL data cannot be written or read.

1. Use a browser to access the Web Admin, enter http://NAS_IP_address.
2. Enter the administrator password.
3. Navigate to Windows Configuration > Configure Shares.
4. Click New to see the New Share screen, or double click an existing share to see the Edit Share screen. The fields are identical in either case.
5. Security is configured on the lower portion of the screen, beginning with the User ID field. Configure the fields as follows:

 * User ID: When a user successfully connects to this share, they will assume the identity of this UID. All reads, writes, deletes and other operations will be done as this UID. The Windows username that is used to connect is ignored. The default setting for this field is UID 0. This is the root user, and has unlimited rights for all file operations within the share. If this is not desired, be sure to change this to another UID.

 * Group ID: Same as above, but they assume the identity of this group. Again, consider changing the default of GID 0 to prevent unwanted access.

 * Umask: A umask is a file creation mask. It defines the permission bits to turn off when creating a file. Bits that are set in the umask are cleared in the mode of a newly created file. For example: setting a umask of 200 will cause the write bits to be stripped from new files, so that a file written with 777 permission, would be set to 555. For a complete explanation of the umask field, see the Sun StorageTek[TM] Admin Guide.

 * R/W Password and R/O Password: Users attempting to connect to the share will be prompted for a username and password. As noted above, the username is ignored. The password is compared to these two passwords. If the password matches the R/W password, the user will be granted read/write access. If the password matches the R/O password, the user will be granted read-only access. It is possible to leave either or both passwords blank, which grants access regardless of the password entered. 

 * Confirm R/W Password and R/O Password: The password is entered a second time to verify that it was entered correctly.

WARNING: Configuring UID 0 access to a share at the root level of the volume will give unrestricted access to the entire volume.

This solution has no attachment