Pau Lo
asked on
File System Permissions
I am looking to perform a review of file system permissions on a Solaris Server for the first time. I have done this a fair bit on Windows 2003 Server by reviewing the necessary file shares and directory (NTFS) permissions, but never so on Solaris (bare this in mind on your responses please).
The Solaris Server is a domain server as part of an AD domain which is predominantly made up of 99% windows servers and workstations, with a mere 3 solaris servers for specific applications. What is the most practical way to essentially say:
\\solarisdatabaseserver\ba ckup - who has access /access control list
\\solarisdatabaseserver\da tabase - who has access /access control list
Does Solaris also have the concept of “shares”, i.e. \\host\e$, and also any admin types shares, that are typically only accessible by local administrators?
I also sometimes like to run a directory listing for a server to see where key files are. On Windows I used to do something like
C:>DIR \\solarisdatabaseserver\sh are$ /s > listing.txt
So basically I could do with:
How to list all shares on the solaris server
How to list all people and users who can access these files on the server
How to get a directory listing per share on the server
And also if all IT admins only have windows machines, what are they likely to use to gain remote access to the server from their windows machine, say for example if someone asks for a log file so they have to logon and get it. What types of client and protocols are used in such examples?
Would prefer some EE input as opposed to just links.
Thanks
The Solaris Server is a domain server as part of an AD domain which is predominantly made up of 99% windows servers and workstations, with a mere 3 solaris servers for specific applications. What is the most practical way to essentially say:
\\solarisdatabaseserver\ba
\\solarisdatabaseserver\da
Does Solaris also have the concept of “shares”, i.e. \\host\e$, and also any admin types shares, that are typically only accessible by local administrators?
I also sometimes like to run a directory listing for a server to see where key files are. On Windows I used to do something like
C:>DIR \\solarisdatabaseserver\sh
So basically I could do with:
How to list all shares on the solaris server
How to list all people and users who can access these files on the server
How to get a directory listing per share on the server
And also if all IT admins only have windows machines, what are they likely to use to gain remote access to the server from their windows machine, say for example if someone asks for a log file so they have to logon and get it. What types of client and protocols are used in such examples?
Would prefer some EE input as opposed to just links.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The SaMBa application uses the smb protocol to make local files available to windows clients - not Solaris. There is no native support for smb (aka windows) clients in any current production release of solaris.
That said, SaMBa can be configured to behave in any number of ways including the way in which you have mentioned. It is well documented and is a mature, feature rich and stable product.
That said, SaMBa can be configured to behave in any number of ways including the way in which you have mentioned. It is well documented and is a mature, feature rich and stable product.
ASKER
Does SAMBA come by default in newer versions of Solaris? Or is it more of an addon?
I retract - /usr/sfw/sbin contains the binaries for smb. svcs samba will show you the status and svcprop samba will show you the service params on Solaris 10. Admittedly, its been a while since I used it...(solaris 8)
:S
:S
...and thats /usr/sfw/bin, not sbin.
ASKER
Thanks I've got a solaris box to practice all this on so I will get to work - I assume the best way to learn this is hands on experience. and putting your comments into practice
ASKER
I just wonder if in Solaris if theres a similar ACL to the "everyone" group or "domain users" then would people be able to use to tools and protocols to access the data WITHOUT needing to enter a password to retreive data from a windows machine? Or in a nutshell if you are going to acces a solaris box from windows you are always going to have to enter a password to get at data