Hi,
is it true that Buffalo NAS (TS-RHTGL/R5 F/W 1.33, AD integrated) checks the user rights from bottom (read only) to the top (read/write)?
If so, why?
Normally i have a group with all users that are allowed to access (read) certain files. Then i define the group with those user that have more rights, but i don't have to delete them from the first group.
With the above NAS, i have to define a new group with all those user that should not have write access. This differs from windows behaviour.
Could you please confirm and comment.
Best regards,
Arnd
The Windows platforms that you're used to are using what's called "least restrictive" permissions. The Linux-based Buffalo NAS devices use "most restrictive" permissions. I'm not about to start an argument about which one's more secure, so I'll just leave it at that.
"Least restrictive" vs. "most restrictive" permissions is an old debate going back a while, and there's not really a consensus on what's better.
Thanks.
So the mix of Windows (AD integration) and Linux is the problem?
It's just, when i have an option for AD integration, i just suspect that the user groups will work the same as on the base (windows) system. For this, it don't matter which system is more secure or better. But when i use windows user groups on a NAS that is working complete different regarding user rights, i have a big problem with my group definitions.
Browser ID: smf
(is_webkit)
Templates: 1:
Printpage (default).
Sub templates: 4:
init,
print_above,
main,
print_below.
Language files: 1:
index+Modifications.english (default).
Style sheets: 0:
.
Hooks called: 60 (
showintegrate_autoload, integrate_pre_load, integrate_load_session, integrate_verify_user, integrate_pre_load_theme, integrate_user_info, integrate_load_board, integrate_board_info, integrate_pre_load_theme, integrate_allowed_to_general, integrate_simple_actions, integrate_allowed_to_general, integrate_load_theme, integrate_pre_log_stats, integrate_actions, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_codes, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_word_censor, integrate_word_censor, integrate_pre_parsebbc, integrate_bbc_print, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_pre_parsebbc, integrate_smileys, integrate_smileys, integrate_post_parsebbc, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general, integrate_menu_buttons, integrate_current_action, integrate_theme_context, integrate_allowed_to_general, integrate_allowed_to_general, integrate_allowed_to_general)
Files included: 27 - 1055KB. (
show./index.php, ./Settings.php, (Cache)/db_last_error.php, (Sources)/QueryString.php, (Sources)/Subs.php, (Sources)/Subs-Auth.php, (Sources)/Errors.php, (Sources)/Load.php, (Sources)/Security.php, (Sources)/Subs-Compat.php, (Sources)/Subs-Db-mysql.php, (Sources)/Cache/CacheApi.php, (Sources)/Cache/CacheApiInterface.php, (Sources)/StopForumSpam.php, (Sources)/Subs-Charset.php, (Sources)/Unicode/Metadata.php, (Sources)/Unicode/QuickCheck.php, (Sources)/Session.php, (Sources)/Logging.php, (Sources)/Class-BrowserDetect.php, (Sources)/Unicode/RegularExpressions.php, (Sources)/Unicode/CaseUpper.php, (Sources)/Unicode/CaseTitle.php, (Current Theme)/languages/index.english.php, (Current Theme)/languages/Modifications.english.php, (Sources)/Printpage.php, (Current Theme)/Printpage.template.php)
Memory used: 736KB.
Tokens:
post-login.
Queries used: 12.
[Show Queries]