← Back to branch summary

~jspashett/+junk/sossnt-trunk

1 by jason.spashett
Initial import from sourceforge 
1
 
Some FAQ and bugfixes:

2
 









3



1. fixed two bugs regarding long names, thanks to Nathaniel Mishkin










4












5



2. The source for the NTFS authentication is provided










6












7



3. Missing WST.DLL fixed, had to do with tuning parameter










8












9



4. fixed missing _penter(), was compiled with SDK. not VC++










10



	source code now provided, option /GH was the bady










11












12



5. How security works:










13












14



>NFS security is like UNIX security, you have the owner, group, world,










15



>	each of them can have read/write/execute access.










16



>ie.   testfile.txt	2000 3000 rwx-rw-r--










17



>which means for










18



>	file 	testfile.txt










19



>	owner 	user ID 2000	(ie `rruther`)










20



>	owner access r/w/execute










21



>	group    group ID is 3000 (ie. developer)










22



>	group access is r/w










23



>	world access read only










24



>










25



>










26



>sossnt config file `user`:










27



>--------------------------










28



>	2000	rruther










29



>	2001	brianmo










30



>--------------------------










31



>










32



>  "	   "	   `group`:










33



>---------------------------










34



>	3000	developer










35



>	3001	users










36



>---------------------------










37



>










38



>   "        "	    `world':










39



>----------------------------










40



>	1	everyone










41



>----------------------------










42



>










43



>NTFS file










44



>	file	testfile.txt










45



>	Owner	rruther










46



>	access 	for rruther: 	full










47



>	access  for developer: 	rw










48



>	access  for everyone:	r










49



>	access	for dummygroup:	full (not mapped)










50



>










51



>










52



>When I NFS calls get attribute, owner gets translated to the id










53



>the first matching group in the access list with a mapping list










54



>(see above group file), similar with world access.










55



>The appropiate access rights from the access list are translated into










56



>UNIX/NFS rights.










57



>










58



>Similar with set rigths.










59



>










60



>The security enforcment is done by UNIX, in our case at least.










61



>This means, if you have controll over the client environemt










62



>and or the network you can access all exported files.










63



>










64



>The whole purpose was to make life for admins easier.










65



>










66












67



Ralf Rutherford Telecom Aust   | MHSnet: rruther@cssc-melb.tansu.com.au










68



Network Services               | Snail:  700 Blackburn Rd, Clayton Vic 3168 










69



Customised Software Solutions  | 	 Australia










70



   Center Melbourne            | Phone:  +61 3 253 8910 FAX: +61 3 265 6669










71












72