Manage access rights in file storage at the file system level
This tutorial describes how to configure file storage permissions for a Linux-based cloud server.
In file storage with NFSv4 protocol, you can manage access rights to files and folders at the file system level.
Principle of operation
Files and folders in file storage with NFSv4 protocol support standard access rights differentiation as in Unix systems. Read, write and execute access to files is implemented through Identity Mapping (IDM) — access rights are checked based on user ID and user group ID.
User groups are users with the same access rights. Groups are divided into two types:
- Primary Group — A group that the operating system assigns to a user;
- Secondary Group — One or more groups to which the user also belongs.
Each user can be added to a maximum of 16 groups: one primary and 15 secondary groups.
By default, only the root
user has read, write, and execute permissions on files. All other users have read-only permissions. You can configure folder and file permissions for users and user groups on behalf of root
.
Format of access rights
Example of access rights:
drwxrwxrwx 3 root root 21 Jun 13 14:00 .
drwxr-xr-x 4 root root 4096 Jun 13 13:44 ..
drwxr-xr-x 2 root root 6 Jun 13 14:00 directory
-rw-rw-r-- 1 first first 0 Jun 13 09:45 file.txt
Here:
- the first character:
d
— directory flag;-
— file flag;
- triples of characters like
rwx
:- the first three characters of the form
rwx
— user rights; - the second three characters of the form
rwx
— group rights; - the third three characters of the form
rwx-
the rights of all others who are not users or members of the group; r
— read permissions;w
— write rights (write);x
— execution rights (execute);
- the first three characters of the form
- the first column with names — names of users who are the owners of the folder or file;
- the second column with names — names of groups that own the folder or file;
- last column — file or directory names.