Allion Ingrasys Europe. NAStorage. Security policy under a UNIX/LINUX environment. Version 2.01



Similar documents
NAStorage. Administrator Guide. Security Policy Of NAStorage Under UNIX/LINUX Environment

ONEFS MULTIPROTOCOL SECURITY UNTANGLED

Migrating Your Windows File Server to a CTERA Cloud Gateway. Cloud Attached Storage. February 2015 Version 4.1

USING USER ACCESS CONTROL LISTS (ACLS) TO MANAGE FILE PERMISSIONS WITH A LENOVO NETWORK STORAGE DEVICE

Using Network Attached Storage with Linux. by Andy Pepperdine

Unifying Authorization Models

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

CONFIGURING ACTIVE DIRECTORY IN LIFELINE

Worksheet 3: Distributed File Systems

Configuring the Active Directory Plug-in

Avatier Identity Management Suite

How to Tunnel Remote Desktop using SSH (Cygwin) for Windows XP (SP2)

CA and SSL Certificates

Remote Unix Lab Environment (RULE)

TEL2821/IS2150: INTRODUCTION TO SECURITY Lab: Operating Systems and Access Control

NAS 109 Using NAS with Linux

Insecure IP Storage Networks. Presenter: Himanshu Dwivedi Regional Technical Inc.

Configuring User Identification via Active Directory

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Distributed File Systems Part I. Issues in Centralized File Systems

Clustered Data ONTAP 8.2

Load Balancing/High Availability Configuration for neoninsight Server

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Integrating LANGuardian with Active Directory

Lucid Key Server v2 Installation Documentation.

How To Manage File Access On Data Ontap On A Pc Or Mac Or Mac (For A Mac) On A Network (For Mac) With A Network Or Ipad (For An Ipad) On An Ipa (For Pc Or

SAMBA VI: As a Domain Controller

Chapter 7: Unix Security. Chapter 7: 1

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

actinas Cube RDX FAQ

How To Set Up A Macintosh With A Cds And Cds On A Pc Or Macbook With A Domain Name On A Macbook (For A Pc) For A Domain Account (For An Ipad) For Free

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Configuring and Using the TMM with LDAP / Active Directory

Server Account Management

Using LDAP Authentication in a PowerCenter Domain

SYMANTEC BACKUPEXEC2010 WITH StorTrends

Configuring Sponsor Authentication

How to share folders on Windows 7 and Windows 8

IDENTITIES, ACCESS TOKENS, AND THE ISILON ONEFS USER MAPPING SERVICE

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

Active Directory integration with CloudByte ElastiStor

Centralized Mac Home Directories On Windows Servers: Using Windows To Serve The Mac

Active Directory Management. Agent Deployment Guide

Active Directory Management. Agent Deployment Guide

How To Use Directcontrol With Netapp Filers And Directcontrol Together

etoken Enterprise For: SSL SSL with etoken

Bitten by The NAS Bug

Linksys Business Series Network Storage System

Ciphermail Gateway Separate Front-end and Back-end Configuration Guide

Quick Start Guide of Hikvision IP Camera & Synology NAS Connection v1.1

Installing a Symantec Backup Exec Agent on a SnapScale Cluster X2 Node or SnapServer DX1 or DX2. Summary

TEL 500. Voice Communications. Week 1 Write Up. Session Initiation Protocol Lab. Submitted To: Prof Ronny Bull. By: Sai Sharan Korvi

Secure Shell Demon setup under Windows XP / Windows Server 2003

How to Backup XenServer VM with VirtualIQ

SCADA Security. Enabling Integrated Windows Authentication For CitectSCADA Web Client. Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.

Secure Messaging Server Console... 2

Configure NFS Staging for ACS 5.x Backup on Windows and Linux

Connecting to SQL server

EMC ISILON MULTIPROTOCOL DATA ACCESS WITH A UNIFIED SECURITY MODEL

How to use FTP Commander

StorHouse/CIFS Installation and Configuration Guide

How To - Implement Single Sign On Authentication with Active Directory

Managing Access Control in PresSTORE

EMC ViPR Controller. Version 2.4. User Interface Virtual Data Center Configuration Guide REV 01 DRAFT

Univention Corporate Server. Operation of a Samba domain based on Windows NT domain services

Manual Password Depot Server 8

Configuration Guide. Follow the simple steps given in this document when you are going to run Lepide Active Directory Cleaner for the first time.

Introduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist.

Creating an LDAP Directory

LDAP User Service Guide 30 June 2006

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Cloud Services ADM. Agent Deployment Guide

EVault for Data Protection Manager. Course 361 Protecting Linux and UNIX with EVault

Windows Logging Configuration: Audit Policy Configuration

Identity and Access Management Integration with PowerBroker. Providing Complete Visibility and Auditing of Identities

Operating Systems File system mounting, sharing, and protection. File System Mounting

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Implementing a Weblogic Architecture with High Availability

Procedure to Create and Duplicate Master LiveUSB Stick

CDEX Checklist for JEDMICS Release 3.2. Prepared by: AMCOM Engineering Data Management System Program Office Redstone Arsenal, Alabama (256)

Managed Devices - Web Browser/HiView

Knowledge Base Article: Article 218 Revision 2 How to connect BAI to a Remote SQL Server Database?

Configuring Renoir to Drive Simulation on Remote Machines

Integrating Lustre with User Security Administration. LAD 15 // Chris Gouge // 2015 Sep

System Administration and Log Management

Active Directory Authentication Integration

Setting Up Scan to SMB on TaskALFA series MFP s.

Managing Identities and Admin Access

RPM Utility Software. User s Manual

IIS, FTP Server and Windows

Parallels Plesk Panel

NT Authentication Configuration Guide

Unit objectives IBM Power Systems

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

System Security Fundamentals

Transcription:

Allion Ingrasys Europe NAStorage Security policy under a UNIX/LINUX environment Version 2.01

Security policy under a UNIX/LINUX environment Start Enabling a Unix/Linux Network (NFS Protocol) Adding a UNIX host IP address into the host list Exporting a share resource in a NFS environment Setting security to share resources in a NFS environment Accessing data for a NFS client Multiple UIDs on a particular IP for read/write access to share resources 1

1. Enabling the Unix/Linux Network (NFS Protocol) For file accessing, users can access the NAStorage using the NFS(UNIX/Linux) protocol. You just need to enable the Unix/Linux Network (NFS protocol). Configuration flow: Network UNIX/Linux => Select check box Enable Unix/Linux Network (NFS Protocols)=> then click Apply. Enabling of the Unix/Liunx Network (NFS protocol) so that the NAStorage will accept any file access using the NFS protocol. If you do not enable the Unix/Linux (NFS protocol), the NAStorage will not accept any file access using the NFS protocol, meaning you cannot use the showmount command to list the share resources for the NAStorage or use the rpcinfo command to check the NAStorage s nfs service status; You will receive a Port mapper failure message. 2

- If you disable the Unix/Linux (NFS protocol) you will not be able to export any share resource into the NFS environment. You can not export any shared resources into the NFS environment, because the Unix/Linux (NFS protocol) is disabled 3

2. Adding a UNIX host IP address into the host list The NAStorage supports the local authentication policy for the NFS protocol, meaning if someone wants to mount a share resource from the NAStorage, the IP address of the UNIX/Linux host must be first added to the Local User Database. Configuration flow: Security Manager Account => UNIX Host => Add Host. The candidates of the UNIX hosts, who can access data from the NAStorage - If you do not add any host IP address in the UNIX Host table, the default setting will be Specify privileged hosts, meaning no UNIX host can mount the resource from the NAStorage contents, only the UNIX host can see the available shared resources using the showmount command but does not have permission to mount. No UNIX/Linux host No UNIX host can mount the resource from the NAStorage contents if no privileged host has been specified 4

3. Exporting a share resource into the NFS environment The NAStorage supports the NFS v3 network file protocol. If someone want to export a share resource from the NAStorage into a NFS environment, just enable UNIX/Linux Network (NFS) to share the resources. Configuration flow: Security Manager File/Folder => click create" => enable UNIX/Linux Network (NFS) and then click Apply. 5

Export a shared resource in the NFS environment (?) Use the showmount command to list the available shared resources under the NAStorage server Available shared resource list under the NAStorage 4. Setting security for shared resourced in the NFS environment The NAStorage will trust the UNIX host (mounting volumes from the NAStorage) to check UID, GID of logon user with the permission of mounted NAStorage shared resources and files/folders. The permission (Owner User & Group, and access right rwx rwx rwx) configured in the NAStorage s web admin page will be set as the default permission of the mount point while the NFS client mounts it. Share Permission: Specify privileged hosts The NAStorage will count on the settings here to determine which UNIX hosts can access data from the NAStorage with certain read/write permissions. Configuration flow: Security Manager Share => click Permission" => UNIX Host => Add the UNIX host IP address from the left to the right window and select the permission => then click Apply 6

The access permission of this share resource. When the NFS client mount this share resource, the permission of the mount point will be replaced with this one. The NAStorage will count on the settings here to determine which Unix hosts can access data from the NAStorage with certain read/write permissions For example: (UNIX/Linux host 192.168.120.198) you assign a Read/Write permission for the 192.168.120.198 host in the NAStorage. Therefore this host can mount the share resource from the NAStorage and can also create a file/folder in the mount point. 7

This host has Read/Write permission for the share resource point from the NAStorage and also can create files/folders in the mount point. You can check this mount point permission already changed to UID:root GID:root Permission:755. If the UNIX host has R/W permission for this share, root user also can issue chown / chmod command to change the owner/permission for this mount point. - If you change the permission for this mount point, the admin page share permission will also be changed. 8

9

If you change the permission Read/Write to Read-Only for the 192.168.120.198 host, you can mount this share resource but you do not have write permission in the mount point. This host has Read-Only permission for the share resource point from the NAStorage and cannot create files/folders in the mount point. Share Permission: All hosts are permitted The NAStorage will allow set the permission (Read-Only/Read-Write) for all hosts, meaning if someone wants to share 10

a shared resource for all hosts and assign all hosts the Read-Only/Read-Write permission in the NFS environment, just select All host are permitted and assign the Read-Only/Read-Write permission. 5. For NFS client to access data from NAStorage In a UNIX-like network environment, we can use the mount command to mount a share resource from the NAStorage. 11

For example, if the IP address of NAStorage is 192.168.120.44 : First of all, login onto the UNIX/Linux host in the Root permission, because only the root user can use the mount command. Use the showmount command to list the available shared resources under the NAStorage: Available shared resource list under the NAStorage Make an empty directory /nastorage as a mounting point under /root directory: mount point: /root/nastorage; the original permission 755, root:root Use the mount command mounting /NFS001 to the mounting point /root/nastorage. Please be aware of the case sensitivity of the shared resource, because NFS001 is totally different fromh nfs001 in the NFS file system. -The permission (Owner User & Group, and access right rwx rwx rwx) configured in the NAStorage web admin page will be set as the default permission of the mount point while the NFS client mounts it. The permission of mount point /root/nastorage has been changed from 755 to 700. Change to the directory /nastorage and use the ls command to see the contents. You will find the contents of /NFS001 already being mounted under /root/nastorage 12

Use the mount command to check all the mounting points of this local machine. Use the UNIX command: chmod & chown to change file/folder permissions Un-mount a volume from the NAStorage. 6. Multiple UIDs on a particular IP for read/write access to a share resource. In the NAStorage (NFS environment) design, we only assigned UID, GID and Access right to the mounting directory as its default permission. If you want multiple UIDs to haveread/write access rights, it should be handled by the 13

UNIX/Linux machine, not by the NAStorage. But anyway, we still make an example for you if you want to reach this purpose. First of all, login onto the UNIX/Linux host in the Root permission, create a group nasuser. You can check this new group ID (GID) by checking the file /etc/group. Greating a group: nasuser and assigning an ID number : 200. Then move it to the NAStorage as underlying picture shows. If the ID of the group "nasuser" is 200, type GID "200" and change the default permission from 755 to 775, meaning this group has read/write permission (group attribute = 7) to access shared resources. The access permission of this share resource. When an NFS client mounts this share resource, the permission of the mount point will be replaced with this one. Use the mount command to mount a shared resource from the NAStorage to the mounting point /root/nastorage in the Unix host. Basically, you will see the permission of the mounting point being 775, UID root, GID nasuser. 14

The permission of the mount poin /root/nastorage has been change from 755 to 775. UID root/0, GI nasuser/200. In a UNIX host you can assign the multiple UIDs (based on your choice) to GID "nasuser", meaning these UIDs have read/write access to this volume. Because the second bit already changed to 7 (755 to 775). Creating users (nfs001, nfs002 and nfs003) and assigning them into the nasuser group. Login the UNIX/Linux host in these UIDs permission. For example: nfs001 user. You will find the contents of /NFS to be already mounted under /root/nastorage with the UID root, the GID nasuser with 775 permission. That means you have Read/Write permission to access share resources, because you belong to the nasuser group. User nfs001 can Read/Write onto this mount point and the created file belongs to user nfs001. 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information