For any existing containers that were created prior to Release 1.1, all files are accessible to any user that logs in to thedesignated DR Series system. The associated ACL in these existing pre–1.1 release containers support only thefollowing permissions:• Everyone:– Allows: Full Access– Applies to: This folder, subfolders, and files• BUILTIN\Administrators:– Allows: Full Access, Object Inherit, and Container Inherit– Applies to: This folder, subfolders, and filesHowever, you can also apply your own ACLs to existing containers if desired. You can do this by navigating to the root ofthe share for the designated container, and then flow an ACL down the directory tree. Be aware that the time requiredfor this to complete is dependent upon the number of files and folders that reside in the container.If you create local users, they will be added to BUILTIN\Users. Because the administrator account is a member ofBUILTIN\Administrators, if you do experience any problems with ACLs on a container (for example, an ACL was appliedthat locks themselves or domain administrators out), you can connect via a client as MACHINE\Administrator.At this point, you can edit the ACL (the BUILTIN\Administrators account has TakeOwnership privilege). Be aware thatlarge ACLs can consume additional inodes on the container, which can cause problems if there are a large number offiles and folders in the container. Small ACLs (with up to 10 ACEs) can reside in the spare space in the inode, whilelarger ones can consume an additional inode. Inodes functions as data structures on a Linux (or Unix-like operatingsystem) filesystem where all the information about a file except its name and its actual data are stored.NOTE: Dell recommends that administrators apply a set of permissions to existing containers that are similar to theway defaults are set for new containers. However, careful consideration needs to be given about granting accessthat addresses any specific security needs for individual users.Unix Permissions GuidelinesFor a user to create, delete, or rename a file or a directory requires Write access to the parent directory that containsthese files. Only the owner of a file (or the root user) can change permissions.Permissions are based on the user IDs (UIDs) for the file Owner and group IDs (GIDs) for the primary Group. Files haveowner IDs and group owner IDs. To enable Unix access, the DR Series system supports three levels of users:• Owner (of the file)• Group (group in which the owner belongs)• Other (other users with an account on the system)Each of these three user types support the following access permissions:• Read (read access that allows user to read files)• Write (write access that allows user to create or write to a file)• Execute (access that allows user to execute files or traverse directories in the filesystem)NOTE: A root user has all levels of permission access, and a user can be a member of a single group or of multiplegroups (up to 32 groups are allowed in Unix).Windows Permissions GuidelinesTo enable Windows access, the DR Series system supports access control lists (ACLs) that contain zero or more accesscontrol entries (ACEs), and an empty ACE list grants all access requests. The Windows New Technology File System22
