Siemens V4.0 manual Unix System Group Permissions and Advanced Server

11.3.1.1UNIX System Group Permissions and Advanced Server

The effect of setting UNIX system group permissions on Advanced Server files is limited. In the UNIX system, the group field is used for storing information about file attributes. When a file is accessed from a client computer, its group may change to reflect its attributes (for example, to DOS----). Therefore, it is inadvisable to rely on UNIX system group permis- sions to restrict access to Advanced Server files.

11.3.1.2UNIX System Permissions on Directories

UNIX system permissions on all directories in the path leading to a file must be at least read and execute (RX) for users to access files on Advanced Server successfully.

11.3.1.3Turning Off UNIX System Permission Checking

If the protection of Advanced Server files provided by UNIX system permissions can be ignored, and if it is appropriate to rely solely on Advanced Server permissions to manage file access, you can set the IgnoreUnixPermissions keyword to 1 (ignore UNIX system permissions) in the Advanced Server Registry. This keyword is in the following key:

\SYSTEM\CurrentControlSet\Services\AdvancedServer\FileServiceParameters

This will cause Advanced Server to ignore all UNIX system permissions on files except for read-only permissions, which are translated into read-only file attributes when client computers attempt to access files.

For more information about the Advanced Server Registry, see the “Advanced Server Registry” chapter.

11.3.1.4UNIX System File and Directory Permissions

UNIX system file and directory permissions are assigned by a default set of access permis- sions on the system upon creation of files and directories. The UNIX system distinguishes the following three types of users with respect to access permissions:

1.User — If you own a UNIX system file or directory, you can assign it access permissions for yourself. For example, to prevent unauthorized users from executing a program, you can assign execute permissions to yourself only.

2.Group — You can assign permissions for other users in your group to files and direc- tories that you own. When your administrator creates your home directory, you are automatically assigned to the UNIX system group other, as are all others with home directories. This assignment enables you to share data easily with other network users, but prevents UNIX system users in different groups from reading or changing your files.