DOCUMENT:Q262965 29-MAR-2002 [winnt] TITLE :How UNIX Permissions Are Approximated by Server for NFS PRODUCT :Microsoft Windows NT PROD/VER::2.0 OPER/SYS: KEYWORDS:kbtool ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows Services for UNIX, version 2.0 ------------------------------------------------------------------------------- SUMMARY ======= When you are using Server for NFS, file permissions from a UNIX client may appear incorrectly. This article describes how UNIX file permissions are approximated from Microsoft Windows NT or Microsoft Windows 2000 Discretionary Access Control Lists (DACLs) when you are using Windows Services for UNIX. MORE INFORMATION ================ Each file in UNIX has an associated owner and group. File permissions are then assigned to the owner of the file, the file's group, and then to all others. For example, the following sample output is the output from running the "ls -l" command: -rwxrw-r-- 1 user1 staff 64 May 15 19:01 letter.txt The owner of the Letter.txt file is user1; the group is staff. The following rights are assigned: user1 has Read, Write, and Execute permissions. staff has Read and Write permissions. All others have Read permissions. In the Windows NT and Windows 2000 NTFS file system, each file also has an owner and a primary group. The primary group of a file is not used by the Win32 subsystem, but is present for programs that make use of the POSIX subsystem. When a file is created, the user who created the file becomes its owner and that user's primary group becomes the file's primary group. Access Control Entries (ACEs) are then added to the DACLs to assign permissions. Server for NFS approximates NTFS file permissions to UNIX file permissions by using User Name Mapping Server. User Name Mapping Server allows an administrator to map users and groups in Windows NT and Windows 2000 to corresponding users and groups on a UNIX server or an NIS domain (for more information about User Name Mapping Server, please see the online Help). ACEs for the owner of the file and for the primary group of the file are then translated into the appropriate UNIX permissions for owner and group. The ACE for the built-in Everyone group is then translated into the appropriate UNIX permissions for all others. Consider the following example: File name: letter.doc Owner: user1 Primary group: Users The permissions are: user1 has Full Control permissions on the file. The Users group has Read and Write permissions. The built-in Everyone group has Read permissions. User1 is mapped to a UNIX user also named user1. The Users group is mapped to the UNIX group named staff. A UNIX client sees the following permissions with the "ls -l" command: -rwxrw-r-- 1 user1 staff 512 May 9 15:42 letter.doc Additional query words: sfu ====================================================================== Keywords : kbtool Technology : kbWinServiceUNIX200 kbWinServiceUNIXSearch Version : :2.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.