S 4.326 Ensuring the NTFS file properties on a Samba file server

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Administrator

Windows file systems differ greatly from Unix file systems in certain respects. When file system objects are moved or copied from one type of system to another (for example from a Windows XP system to a file share of a Samba server), some information may be lost under certain circumstances if the administrators are not aware of such effects and Samba is configured incorrectly. Specifically, this refers to information that is stored in the New Technology File System (NTFS) access control lists (ACLs) or NTFS Alternate Data Streams (ADS).

1. NTFS access control lists

Samba 3 implements NTFS ACLs using the Portable Operating System Interface (POSIX) ACLs. This mechanism is enabled by default when all of the following statements are true:

• the file system of the Samba share supports POSIX ACLs,
• Samba was compiled with ACL support enabled (-with-acl-support parameter of the configure script), and
• the configuration parameter "nt acl support" was not set to "no" in the configuration file smb.conf.

The NTFS ACLs cannot be mapped directly to POSIX ACLs, though. Safeguard S 4.332 Secure configuration of the access controls for a Samba server describes how the NTFS ACLs in the underlying file system are mapped by Samba and which restrictions apply.

Before file system objects are moved from one system to another, it must be ensured that no NTFS ACLs are assigned to them that Samba cannot map. This circumstance should be taken into consideration when designing the organisation-wide access authorisation concept for file systems. The use of combinations of NTFS ACL entries that Samba cannot map directly should be avoided.

2. NTFS Alternate Data Streams

Samba 3.0.x does not provide any option for mapping the NTFS ADS. Samba 3.2.x and higher can map NTFS ADS directly using POSIX extended attributes (xattr).

When using a version of Samba that cannot map the NTFS ADS, it must be ensured that no file system objects contain an ADS with important information before copying or moving them from one type of system to another type of system.

3. Additional differences between the Windows and Unix file systems

There are some other differences between the Windows and Unix file systems, for example the fact that Unix is case-sensitive and the use of different separators for directories. The differences can be compensated for transparently by Samba so that there is no risk of losing information due to these differences.

Review questions:

• Do the administrators know the differences between the Unix and Windows file system technologies?
• Has it been ensured that file system objects cannot be assigned NTFS ACLs that cannot be mapped by Samba before these objects are moved from one type of system to another type?
• Has it been ensured that file system objects do not contain any ADSs with important information that cannot be represented by the version of Samba used before these objects are moved from one type of system to another type?