Hewlett-Packard NetStorage 6000 Manual

Download Manual  of HP NetStorage 6000 Storage for Free or View it Online on All-Guides.com.

Brand: HP

Category: Storage

Type: Manual  for HP NetStorage 6000

Pages: 28 (0.13 Mb)

Download HP NetStorage 6000 Manual 

HP NetStorage 6000 Manual  - Page 1
1
HP NetStorage 6000 Manual  - Page 2
2
HP NetStorage 6000 Manual  - Page 3
3
HP NetStorage 6000 Manual  - Page 4
4
HP NetStorage 6000 Manual  - Page 5
5
HP NetStorage 6000 Manual  - Page 6
6
HP NetStorage 6000 Manual  - Page 7
7
HP NetStorage 6000 Manual  - Page 8
8
HP NetStorage 6000 Manual  - Page 9
9
HP NetStorage 6000 Manual  - Page 10
10
HP NetStorage 6000 Manual  - Page 11
11
HP NetStorage 6000 Manual  - Page 12
12
HP NetStorage 6000 Manual  - Page 13
13
HP NetStorage 6000 Manual  - Page 14
14
HP NetStorage 6000 Manual  - Page 15
15
HP NetStorage 6000 Manual  - Page 16
16
HP NetStorage 6000 Manual  - Page 17
17
HP NetStorage 6000 Manual  - Page 18
18
HP NetStorage 6000 Manual  - Page 19
19
HP NetStorage 6000 Manual  - Page 20
20
HP NetStorage 6000 Manual  - Page 21
21
HP NetStorage 6000 Manual  - Page 22
22
HP NetStorage 6000 Manual  - Page 23
23
HP NetStorage 6000 Manual  - Page 24
24
HP NetStorage 6000 Manual  - Page 25
25
HP NetStorage 6000 Manual  - Page 26
26
HP NetStorage 6000 Manual  - Page 27
27
HP NetStorage 6000 Manual  - Page 28
28
Copyright © 2000 Hewlett-Packard Company Page 6 of 28
All Rights Reserved
2.3 Restricting Host Access
Since NFS servers do not distinguish between computers that are part of a secure network infrastructure (complete
with NIS centralized administration), and computers that exist outside of the sphere of administrator control, a
mechanism is needed to protect servers from unauthorized access. In typical UNIX installations, NFS mount
points on servers are listed in the /etc/exports file. The mount points listed in the /etc/exports file may also
contain restrictions on the clients that can mount the file system. This mechanism can be used to supply added
protection to resources on NFS servers.
2.4 Considerations for the HP NetStorage 6000
The HP NetStorage 6000 utilizes an internal file system that is native to UNIX environments. As such, it has
UNIX security mechanisms built-in, that may be leveraged when serving files over the NFS protocol. All resources
stored on the file system contain the security metadata noted in the previous sections.
The HP NetStorage 6000 does not support the concept of the /etc/exports file for managing mount points.
Instead, the NAS device automatically creates a single mount point at the root of all volumes created on the
system. Since the NAS device is specifically designed to share files, the exporting of mount points has been
automated.
The root directory of the mount points on the HP NetStorage 6000 are given special permissions to facilitate
appropriate access to users. The owner and group of this directory are root (UID = 0, GID = 0), and the
permissions are read, write, and execute to owner, group and other (rwxrwxrwx). One consequence of this
setting is that all users can delete any file in the root of the mount point. Therefore, administrators are
encouraged to avoid storing files in the root of the mount point.
The group assignment to files created in a file volume on UNIX can be performed in a variety of ways. On the
HP NetStorage 6000, when a new file is created, the group assignment is inherited from the directory where the
file is created. For example, if the group owner for directory /acct/usr is accountants (GID = 501), then all files
created in that directory will be assigned a group owner of accountants (GID = 501).
2.4.1 Trusted Hosts
All UNIX clients that mount to file systems on the HP NetStorage 6000 use the UID and GID of their account,
when accessing files. A special case is the root user (UID = 0). In UNIX, the root user is a Super User, with full
access to all files and directories in the file system. Due to the extensive rights provided to the root user, and the
extensive damage that can be done by a malicious root user, the HP NetStorage 6000 does not trust them by
default. Clients that attach with root privilege are given access as user ‘nobody’ (UID = 60001), with no special
rights or privileges.
The administrator can override this default behavior by declaring a particular client to be a Trusted Host. A root
user mounting a HP NetStorage 6000 file system from a client that is a Trusted Host will be given root privilege
(UID = 0) to the file system. This feature allows administration of the file system by a root user, while at the same
time, protecting the file system from other root users that should not have privileged access to the HP NetStorage
6000 file systems.