分享
 
 
 

用NT的安全对话框来观察和改变UNIX权限

王朝system·作者佚名  2006-11-24
窄屏简体版  字體: |||超大  

Viewing and changing UNIX permissions using the NT security dialogs in Samba

2.0.4

在samba中用NT的安全对话框来观察和改变UNIX权限。

Jeremy Allison, Samba Team

12th April 1999

Table of Contents

------------------------------------------------------------------------------

--

Viewing and changing UNIX permissions using the NT security dialogs

用NT的安全对话框来观察和改变UNIX权限

-------------------------------------------------------------------

New in the Samba 2.0.4 release is the ability for Windows NT clients to use

their native security settings dialog box to view and modify the underlying

UNIX permissions.

这项smba 2.0.4版本提出的新功能可以使NT客户用他们本地的安全设定对话框来观察和修

改根本的UNIX权限。

Note that this ability is careful not to compromise the security of the UNIX

host Samba is running on, and still obeys all the file permission rules that

a Samba administrator can set.

注意小心使用这项功能不会危及正在运行samba的UNIX主机安全,它仍然服从所有的samba

管理员设定的文件权限规则。

In Samba 2.0.4 and above the default value of the parameter "nt acl support"

has been changed from "false" to "true", so manipulation of permissions is

turned on by default.

samba 2.0.4及以上版本已经把"nt acl support"参数的默认值从“false”改成了“true

”,所以说默认情况下权限操作已经被允许了。

How to view file security on a Samba share

如何来观察samba共享文件的安全性

------------------------------------------

From an NT 4.0 client, single-click with the right mouse button on any file

or directory in a Samba mounted drive letter or UNC path. When the menu

pops-up, click on the Properties entry at the bottom of the menu. This brings

up the normal file properties dialog box, but with Samba 2.0.4 this will have

a new tab along the top marked Security. Click on this tab and you will see

three buttons, Permissions, Auditing, and Ownership. The Auditing button will

cause either an error message "A requested privilege is not held by the

client" to appear if the user is not the NT Administrator, or a dialog which

is intended to allow an Administrator to add auditing requirements to a file

if the user is logged on as the NT Administrator. This dialog is

non-functional with a Samba share at this time, as the only useful button,

the Add button will not currently allow a list of users to be seen.

方法是:NT客户用鼠标右键单击任何位于samba共享设备符或UNC路径上的文件或目录,在

弹出的菜单底部点击“属性”项,这时会出现普通文件属性对话框,而samba 2.0.4会在

安全性标记的顶部给出一个新的表项。单击这个表项可以看到三个按钮,Permissions,

Auditing, 和 Ownership。点击Auditing按钮,如果用户并不是NT管理员的话将会出现一

个错误信息:“客户没有足够权限”;如果用户以管理员身份登录的话会出现一个对话框

允许管理员对文件加入审核信息。此时,对话框中关于samba共享资源的部分将无效,因

为仅有的可用按钮“Add”会不允许查看一份用户列表。

Viewing file ownership

查看文件属主

----------------------

Clicking on the "Ownership" button brings up a dialog box telling you who

owns the given file. The owner name will be of the form :

点击“Ownership”按钮你可以查看给出文件的属主。属主名称以下面的形式列出:

"SERVERuser (Long name)"

Where SERVER is the NetBIOS name of the Samba server, user is the user name

of the UNIX user who owns the file, and (Long name) is the discriptive string

identifying the user (normally found in the GECOS field of the UNIX password

database). Click on the Close button to remove this dialog.

此处的SERVER是samba服务器的NetBIOS名,user是拥有这个文件的UNIX用户名,而(Long

name)是用来识别用户的描述字串(通常这部分内容可以在UNIX口令数据库的GECOS字段找

到)。这时在Close按钮上点击可以关闭这个对话框。

If the parameter "nt acl support" is set to "false" then the file owner will

be shown as the NT user "Everyone".

如果把"nt acl support"参数设为“false”则文件属主将以NT用户“Everyone”来显示

The Take Ownership button will not allow you to change the ownership of this

file to yourself (clicking on it will display a dialog box complaining that

the user you are currently logged onto the NT client cannot be found). The

reason for this is that changing the ownership of a file is a privilaged

operation in UNIX, available only to the root user. As clicking on this

button causes NT to attempt to change the ownership of a file to the current

user logged into the NT client this will not work with Samba at this time.

Take Ownership按钮并不能把文件的属主改变成你自己(在这个按钮上点击的话将显示一

个对话框通知你当前登录的身份并没有找到,也就是和文件属主身份不匹配)。原因是在

UNIX中只有root有权进行改变文件属主的操作。点击这个按钮将使NT尝试把文件的属主改

成当前登录的用户身份,此时samba并不会进行这样的操作。

There is an NT chown command that will work with Samba and allow a user with

Administrator privillage connected to a Samba 2.0.4 server as root to change

the ownership of files on both a local NTFS filesystem or remote mounted NTFS

or Samba drive. This is available as part of the Seclib NT security library

written by Jeremy Allison of the Samba Team, available from the main Samba

ftp site.

有一个chown命令可以和samba一起使用使用户可以管理员权限联接到samba 2.0.4并用

root身份改变位于本地NTFS文件系统或可映射的远程NTFS及samba资源设备上的文件属主

。当然这个由samba开发组成员Jeremy Allison写的Seclib NT安全库部件可以从samba的

主FTP站点获得。

Viewing file or directory permissions

查看文件或目录的权限

-------------------------------------

The third button is the "Permissions" button. Clicking on this brings up a

dialog box that shows both the permissions and the UNIX owner of the file or

directory. The owner is displayed in the form :

对话框中第三个按钮是“Permissions”按钮。点击它可以显示文件或目录的权限及UNIX

属主。属主的显示形式象下面这样:

"SERVERuser (Long name)"

Where SERVER is the NetBIOS name of the Samba server, user is the user name

of the UNIX user who owns the file, and (Long name) is the discriptive string

identifying the user (normally found in the GECOS field of the UNIX password

database).

此处的SERVER是samba服务器的NetBIOS名,user是拥有这个文件的UNIX用户名,而(Long

name)是用来识别用户的描述字串(通常这部分内容可以在UNIX口令数据库的GECOS字段找

到)。

If the parameter "nt acl support" is set to "false" then the file owner will

be shown as the NT user "Everyone" and the permissions will be shown as NT

"Full Control".

如果把"nt acl support"参数设为“false”则文件属主将以NT用户“Everyone”来显示

,同时权限将显示NT的“Full Control”。

The permissions field is displayed differently for files and directories, so

I'll describe the way file permissions are displayed first.

文件和目录显示的权限字段有些区别。所以我先介绍一下文件权限的情况。

File Permissions

文件权限

----------------

The standard UNIX user/group/world triple and the correspinding "read",

"write", "execute" permissions triples are mapped by Samba into a three

element NT ACL with the 'r', 'w', and 'x' bits mapped into the corresponding

NT permissions. The UNIX world permissions are mapped into the global NT

group Everyone, followed by the list of permissions allowed for UNIX world.

The UNIX owner and group permissions are displayed as an NT user icon and an

NT local group icon respectively followed by the list of permissions allowed

for the UNIX user and group.

UNIX标准的user/group/world三项和“read”,“write”,“execute”三个权限可以由

samba映射到NT存取控制表ACL中相应的“r”,“w”“x”位以对应NT的标准权限项。

UNIX的world权限被映射到NT全局组Everyone以跟接UNIX的world对应的权限列表。UNIX的

owner和group权限在NT中分别以用户图标及本地组图标来显示并跟接UNIX中user和group

对应的权限列表。

As many UNIX permission sets don't map into common NT names such as "read",

"change" or "full control" then usually the permissions will be prefixed by

the words "Special Access" in the NT display list.

由于很多UNIX权限设置不能映射到NT中称为“read”“change”“full control”的常用

属性,所以通常情况下这些权限将在NT显示列表中被加上关键字“Special Access”。

But what happens if the file has no permissions allowed for a particular UNIX

user group or world component ? In order to allow "no permissions" to be seen

and modified then Samba overloads the NT "Take Ownership" ACL attribute

(which has no meaning in UNIX) and reports a component with no permissions as

having the NT "O" bit set. This was chosen of course to make it look like a

zero, meaning zero permissions. More details on the decision behind this will

be given below.

但是在文件对于一些特殊的属于user,group或者world的UNIX成员来说并没有访问权限的

情形下将发生什么样的状况呢?为了允许查看和修改“no permissions”权限的文件,

samba越过NT的“Take Ownership”ACL属性(在UNIX中此属性无意义)报告与NT中设置位“

O”权限类似的无权限成分。之所以做出这样的选择,是为了使它看上去和零一样。零,

即意味着零权限。你可以在后面看到关于讨论这个问题的更多细节。

Directory Permissions

目录权限

---------------------

Directories on an NT NTFS file system have two different sets of permissions.

The first set of permissions is the ACL set on the directory itself, this is

usually displayed in the first set of parentheses in the normal "RW" NT

style. This first set of permissions is created by Samba in exactly the same

way as normal file permissions are, described above, and is displayed in the

same way.

NTFS文件系统中的目录有两种不同的权限设定。第一种是目录本身的存取控制列有,它通

常在第一个设定括号中以普通NT的“RW”风格来显示。第一组权限设定由samba以和普通

文件权限一样的方法来建立、描述和显示。

The second set of directory permissions has no real meaning in the UNIX

permissions world and represents the "inherited" permissions that any file

created within this directory would inherit.

目录权限的第二种设定方法在UNIX权限world中没有实际意义,并且表现为和目录一起建

立的任何文件应该继承的“继承”权限。

Samba synthesises these inherited permissions for NT by returning as an NT

ACL the UNIX permission mode that a new file created by Samba on this share

would receive.

Samba 通过建立一个可以在共享资源上得到的新文件来返回类似于NT ACL一样的UNIX权限

模式,为NT合并从UNIX继承而来的许可权限。

Modifying file or directory permissions

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
2023年上半年GDP全球前十五强
 百态   2023-10-24
美众议院议长启动对拜登的弹劾调查
 百态   2023-09-13
上海、济南、武汉等多地出现不明坠落物
 探索   2023-09-06
印度或要将国名改为“巴拉特”
 百态   2023-09-06
男子为女友送行,买票不登机被捕
 百态   2023-08-20
手机地震预警功能怎么开?
 干货   2023-08-06
女子4年卖2套房花700多万做美容:不但没变美脸,面部还出现变形
 百态   2023-08-04
住户一楼被水淹 还冲来8头猪
 百态   2023-07-31
女子体内爬出大量瓜子状活虫
 百态   2023-07-25
地球连续35年收到神秘规律性信号,网友:不要回答!
 探索   2023-07-21
全球镓价格本周大涨27%
 探索   2023-07-09
钱都流向了那些不缺钱的人,苦都留给了能吃苦的人
 探索   2023-07-02
倩女手游刀客魅者强控制(强混乱强眩晕强睡眠)和对应控制抗性的关系
 百态   2020-08-20
美国5月9日最新疫情:美国确诊人数突破131万
 百态   2020-05-09
荷兰政府宣布将集体辞职
 干货   2020-04-30
倩女幽魂手游师徒任务情义春秋猜成语答案逍遥观:鹏程万里
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案神机营:射石饮羽
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案昆仑山:拔刀相助
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案天工阁:鬼斧神工
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案丝路古道:单枪匹马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:与虎谋皮
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:李代桃僵
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案镇郊荒野:指鹿为马
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:小鸟依人
 干货   2019-11-12
倩女幽魂手游师徒任务情义春秋猜成语答案金陵:千金买邻
 干货   2019-11-12
 
推荐阅读
 
 
 
>>返回首頁<<
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有