[. . . ] HP SureStore NetStorage 6000 User's Guide © 2000 - 2001 Hewlett-Packard Company. The information contained in this document is subject to change without notice. This document contains proprietary information which is protected by copyright. No part of this document may be photocopied, reproduced or translated to another language without the prior written consent of Hewlett-Packard Company. [. . . ] The NetStorage 6000 does not support the concept of the /etc/exports file for managing mount points. Instead, the server automatically creates a single mount point at the root of all volumes created on the system. Since the server is specifically designed to share files, the exporting of mount points has been automated. The root directory of the mount points on the NetStorage 6000 is given special permissions to facilitate appropriate access to users. The owner and group of this directory are root (UID = 0, GID = 0), and the permissions are read, write, and execute to owner, group and other (rwxrwxrwx). One 8-1 Securing Data HP NetStorage 6000 Security in a UNIX-only Environment consequence of this setting is that all users can delete any file in the root of the mount point. Therefore, administrators are encouraged to avoid storing files in the root of the mount point. The group assignment to files created in a file volume on UNIX can be performed in a variety of ways. On the NetStorage 6000, when a new file is created, the group assignment is inherited from the directory where the file is created. For example, if the group owner for directory /acct/usr is accountants (GID = 501), then all files created in that directory will be assigned a group owner of accountants (GID = 501). Trusted Hosts All UNIX clients that mount to file systems on the NetStorage 6000 use the UID and GID of their account when accessing files. In UNIX, the root user is a Super User, with full access to all files and directories in the file system. Due to the extensive rights provided to the root user, and the extensive damage that can be done by a malicious root user, the NetStorage 6000 does not trust them by default. Clients that attach with root privilege are given access as user nobody (UID = 60001), with no special rights or privileges. The administrator can override this default behavior by declaring a particular client to be a Trusted Host. A root user mounting a NetStorage 6000 file system from a client that is a Trusted Host is given root privilege (UID = 0) to the file system. This feature allows administration of the file system by a root user, while at the same time, protecting the file system from other root users that should not have privileged access to the NetStorage 6000 file systems. The administrator may declare Trusted Hosts using the web based administration tool, or the telnet administration tool of the NetStorage 6000. 8-2 Securing Data HP NetStorage 6000 Security in a UNIX-only Environment The /etc Directory It is necessary to maintain a number of system files on the NetStorage 6000 in an accessible place for administrative purposes. Some of the more common files found in this directory are: Filename hosts hostgrps approve users. map group. map Resolves host names Description Defines groups of host computers Restricts host access Maps Windows user accounts to UNIX user accounts Maps Windows group accounts to UNIX group accounts All of these files are stored in the /etc directory on the first volume created on the system. The files in the /etc directory are for system management purposes and cannot be deleted. If the volume that stores the /etc directory is ever deleted, then the system moves the contents of this directory to another available volume. Most of the files in the /etc directory may be edited through the web based user interface, or the telnet interface of the HP NetStorage 6000. In some cases, it is necessary to edit these files directly using a text editor. [. . . ] Server Message Block (SMB) protocol A network protocol designed and implemented by Microsoft and used by Windows clients to communicate file access requests to Windows servers. This has been replaced by CIFS. Glossary-7 Glossary Share To make a portion of a file system on a remote computer accessible to a local (client) computer. Share mode may be password-protected and may limit your access (read-only, read/write, no access) to a share. Simple Network Management Protocol (SNMP) The protocol governing network management and the monitoring of network devices and their functions. [. . . ]