File Allocation Table (FAT) and CD-ROM file system
(CDFS) file systems support approximately the same levels of
functionality. Neither of these file systems provides any type of
access control. The mount permissions granted by the network file
system (NFS) server administrator govern all access control. A CDFS
file system always shares data as a read-only resource, regardless
of the type of share permission you give it.
The characteristics shared by FAT and CDFS file systems include
the following:
Write access to the file system equals full access. Any user
given access to the file system has full control of the file
system. While there does exist a read-only bit for every file
entry, its use is strictly advisory, and it can be modified at
will.
Because these file systems were designed around single-user
computers, there is no such thing as a file owner.
Just as no file owner exists, neither does a file group.
There is no support for file links. These file systems use a
single-name/single-file format with no support for multiple
directory entries referring to the same file.
Because of these limitations, the following conventions are a
part of the Server for NFS implementation:
The file owner and group are always returned as the owner and
group given in the UNIX verification of the request. This means
that every individual user is reported as the owner of all files.
Having different users of the same file both reported as owners can
seem confusing at first, but it is in keeping with the concept that
anyone with access to the file system owns it. Any attempt to
modify the owner or group of a file fails. If no UNIX verification
is passed, the anonymous user identifier (UID) and the anonymous
group identifier (GID) are reported. By default, the anonymous UID
and anonymous GID are both –2 (65534 when used as an
unsigned 2-byte integer), although these values can be changed for
a share.
Reporting of file permissions was chosen to provide an accurate
description of the permissions granted.
For clients granted read access to the mount point, permissions
are reported as read-and-execute for owner, group, and other (in
UNIX notation: -r-xr-xr-x). Any attempt
to modify data or attributes on the shared resource fails.
For clients granted read/write or root access to the mount
point, permissions are reported as read, write, and execute for the
owner, group, and other (in UNIX notation:
-rwxrwxrwx).
If the Nouser and Nogroup entries do not exist in the passwd
and group files, or the files do not exist, the value 65534
(Nouser/Nogroup) is reported for both the UID and GID.
If the read-only attribute is set on a file, permissions are
reported with no-write access.
A client with read-only access is unable to change permissions
on any shared file. If the client is granted read/write or root
permission, that client is allowed to manipulate the read-only bit
associated with a file, thus making the file writable.
Important
If you want to protect data shared from a FAT file system, you
must share it as a read-only resource.