In today's information age, computer file storage systems are frequently used to store large amounts of information. A computer file storage system typically includes one or more file servers that manage files in various types of storage media and provide various services to clients. One service provided by the file server is file security. Specifically, each file is associated with a set of file security attributes that specify such things as file access privileges for a principal who is the owner of the file (referred to hereinafter as owner access privileges), file access privileges for principals who are members of a predefined group (referred to hereinafter as group access privileges), and file access privileges for principals who are neither the owner of the file nor members of the group (referred to hereinafter as default or everyone privileges).
There are generally two security models in widespread use, namely a UNIX security model and a Windows or NT security model. Each model provides for a set of file security attributes that are stored along with the file. UNIX file security attributes include, among other things, an owner identifier, a group identifier, and a set of file access privileges defining the owner access privileges, the group access privileges, and the default (everyone) access privileges. Windows file security attributes are generally more flexible than the UNIX file security attributes, but allow similar types of privileges to be defined. For convenience, a file that is stored along with a set of UNIX file security attributes is referred to hereinafter as a UNIX-secured file, while a file that is stored along with a set of Windows file security attributes is referred to hereinafter as a Windows-secured file.
Although the two security models define similar types of file security attributes, the two security models differ both in the way the set of file security attributes is stored and the way in which the file access privileges are defined.
In the UNIX security model, owner and group identifiers are integer values (e.g., 32-bit), and the file access privileges include nine permissions, specifically a read permission, a write permission, and an execute permission for each of the owner, group, and default access privileges (often shown as rwxrwxrwx, where the left-most “rwx” indicates the owner read, write, and execute permissions, the next “rwx” indicates the group read, write, and execute permissions, and the right-most “rwx” indicates the default read, write, and execute permissions).
In the Windows security model, file security attributes are defined using a number of security identifiers. A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows 2000 and Microsoft Windows NT. Every Windows account is associated with a SID. Although SIDs are stored as binary data, they can be represented as strings of the form:S-1-X(-Y)where X is an authority identifier and Y is a list of zero or more qualifiers separated by dashes. Well-known SIDs are a group of SIDs that identify generic users or generic groups. The well-known SIDs utilize six predefined authority identifiers, where authority identifier (0) represents a null authority, authority identifier (1) represents a world authority, authority identifier (2) represents a local authority, authority identifier (3) represents a creator authority, authority identifier (4) represents a non-unique authority, and authority identifier (5) represents an NT authority. The well-known SIDs remain constant across all operating systems. The file access privileges are defined by an access control list (ACL) having one or more access control elements (ACE). There are typically up to five ACEs in an ACL specifically for defining permissions denied the owner, permissions granted the owner, permissions denied the group, permissions granted the group, and permissions granted everyone else.
In some computer file storage systems, files are stored using both UNIX and Windows security models, and both UNIX and Windows clients can access the files. In such a computer file storage system, problems arise when a Windows client attempts to read or modify file security attributes for a UNIX-secured file and the file server is unable to map the UNIX owner identifier and/or the UNIX group identifier to a corresponding Windows identifier. For example, when a Windows client sends a request to the file server to read file security attributes of a UNIX-secured file, the Windows client expects to receive from the file server a security descriptor (SD) including, among other things, an owner SID including a Windows owner identifier, a group SID including a Windows group identifier, and an ACL having one or more ACEs defining the file permissions. If the file server is unable to map the UNIX owner identifier and/or the UNIX group identifier associated with the file to a corresponding Windows identifier, then the file server is unable to generate the proper SID for the SD. The file server is also unable to effectively map UNIX file permissions to Windows file permissions because the file server is unable to determine whether or not the requester is the owner of the file or a member of group associated with the file. In this situation, the file server may reject the request outright, in which case the Windows client receives no file security attribute information, or the file server may return a SD omitting the unmappable owner and/or group and including an ACL reporting the most restrictive file permissions represented in the UNIX file permissions, in which case some of the file security attribute information may be omitted.