RE: Security on Win2k - toasters

4 Apr 2003

      Thanks to all who responded.
Pls check this fix in ONTAP 6.4.R1: * 91117 Incorrect permission check when
creating a file from CIFS
Regards,
Bill
-----Original Message-----
From: Mike Sphar [mailto:mike.sphar@Remedy.COM]
Sent: Thursday, March 27, 2003 8:22 PM
To: toasters@mathworks.com
Subject: RE: Security on Win2k
This doesn't sound correct to me.  Have you actually tested it?
In windows network permissions, share permissions are applied first, then
individual file or directory ACLs are applied, and the most restrictive
permissions always apply.  So if a share is read-only to a user, then even
if all the files in that share are writeable by everyone, then that user
should not be able to update those files or create any new files or
directories in that share.
I would be very surprised to find that Netapp was not emulating the standard
windows file server behavior in this case.
-- 
Mike Sphar - Sr Systems Administrator - Remedy, a BMC Software Company

 -----Original Message-----
From: 	Bill Bello [mailto:Bill.Bello@hds.com] 
Sent:	Thursday, March 27, 2003 6:46 PM
To:	toasters@mathworks.com
Subject:	Security on Win2k

All,
A question has come up in our lab on the subject.

If 'read only' is set on the filer for a CIFS share, a user can still have
full rights to that share IF security is NOT set in Win2k as well.   Has
anyone figured a way to make the share secure from the filer only?  

Thanks in advance.

Regards,
Bill Bello
ATC PreSales Open Systems Support
Westchester Office (914) 773-9131
New York Office (212) 827-1314