Understanding file-access security

Gateway for NFS provides two mechanisms that work together to help you control access to network file system (NFS) files that are shared through Gateway for NFS:

Through share-level security, you can specify which users and groups can access files on a particular shared directory and the type of access they are allowed. For example, you can allow the Everyone built-in group to have read-only access to the shared files but also grant read-write access to the Domain Users group.

For information on setting file-access permissions on Gateway for NFS shares, see To change permissions on a shared folder.

In addition to controlling access to specific shares, you can also specify the default permissions (file-access modes) that are applied to a file when it is created through Gateway for NFS. Similar to the UNIX umask command, this feature lets you specify the types of access automatically allowed for the file's owner and primary group as well as all for other users when a file is created on any Gateway for NFS share. By default, Gateway for NFS uses the following default file-access modes when it creates a file on behalf of a Windows user:

For information on changing these default file-access modes, see To set default permissions.

Users can also control access to files they own by setting the read-only and hidden attributes for the files using Windows Explorer or a Windows command prompt. In addition, when Gateway for NFS is used to share files on a UNIX-based NFS server, users who can use Telnet to connect to the server can use UNIX commands to change the file-access modes of the files they own.