在Celerra Access-Checking Policy选项,能否有专家帮解释一下?

转到解答

Access-Checking Policy能否有专家帮解释一下?什么情况下用这些选项呢?选项请见附件图片。

标签 (1)
标记 (1)
0 项奖励
1 个已接受解答

已接受的解答
SteveZhou
3 Argentium

Re: 在Celerra Access-Checking Policy选项,能否有专家帮解释一下?

转到解答

由于Celerra文件系统支持多种协议同时访问,因此系统需要确定如何做访问授权。

对于Windows用户,系统会比对ACL进行授权

对于UNIX用户,系统会比对mode bits进行授权

具体采用哪种方式授权取决于access-checking policy。Access-checking policy是在mount 文件系统的时候指定的,默认是NATIVE。

一般来说无法特别指定,除非同一个文件系统即需要被Windows用户访问,又要被UNIX/LINUX用户访问。

详见如下文档:

http://powerlink.emc.com/km/live1/en_US/Offering_Technical/Technical_Documentation/300-009-945_a01.p...__

0 项奖励
3 条回复3
Jeffey1
4 Germanium

Re: 在Celerra Access-Checking Policy选项,能否有专家帮解释一下?

转到解答

在多协议环境中,Celerra使用Access-checking policy管理文件系统的接入,只在文件系统同时使用NFS和CIFS时才需要使用。一共有六种类型:NATIVE, NT, UNIX, SECURE, MIXED和MIXED_COMPAT,系统默认NATIVE模式,即CIFS客户端访问文件系统使用ACL认证,NFS客户端访问文件系统使用UNIX认证。

0 项奖励
SteveZhou
3 Argentium

Re: 在Celerra Access-Checking Policy选项,能否有专家帮解释一下?

转到解答

由于Celerra文件系统支持多种协议同时访问,因此系统需要确定如何做访问授权。

对于Windows用户,系统会比对ACL进行授权

对于UNIX用户,系统会比对mode bits进行授权

具体采用哪种方式授权取决于access-checking policy。Access-checking policy是在mount 文件系统的时候指定的,默认是NATIVE。

一般来说无法特别指定,除非同一个文件系统即需要被Windows用户访问,又要被UNIX/LINUX用户访问。

详见如下文档:

http://powerlink.emc.com/km/live1/en_US/Offering_Technical/Technical_Documentation/300-009-945_a01.p...__

0 项奖励
Jeffey1
4 Germanium

Re: 在Celerra Access-Checking Policy选项,能否有专家帮解释一下?

转到解答

这个表解释了Access-checking Policy六种类型的区别:

 

Access-checking policy

 

CIFS clients

 

NFS clients

 

Change in one permission set reflected in other set?

 

NATIVE (default)

 

ACL is checked.

 

UNIX rights are checked.

 

No

 

UNIX

 

ACL and UNIX rights are checked.

 

NT

 

ACL is checked.

 

ACL and UNIX rights are checked.

 

SECURE

 

ACL and UNIX rights are checked.

 

MIXED

 

ACL is checked. If there is no ACL, one is created based on the UNIX mode bits. Access is also determined by the ACL.

 

NFSv4 clients can manage the ACL.

 

yes

 

An ACL modification rebuilds the UNIX mode bits but the UNIX rights are not checked.

 

A modification to the UNIX mode bits rebuilds the ACL permissions but the UNIX rights are not checked.

 

MIXED_COMPAT

 

If the permissions of a file or directory were last set or changed by a CIFS client, the ACL is checked and the UNIX rights are rebuilt but are not checked. If the permissions of a file or directory were last set or changed by an NFS client, the UNIX rights are checked and the ACL is rebuilt but is not checked.

 

NFSv4 clients can manage the ACL.

 

If the permissions of a file or directory were last set or changed by an NFS client, the UNIX rights are checked and the ACL is rebuilt but is not checked. If the permissions of a file or directory were last set or changed by a CIFS client, the ACL is checked and the UNIX rights are rebuilt but are not checked.

 

NFSv4 clients can manage the ACL.