Restricting User Access to 3DFS Shares with ACLs

You can control the end-user access to 3DFS shares by enabling access control on the client data.

When you enable access control on client data, the access control lists (ACL) for the data are also included in the backup index. When you create a 3DFS share with ACL option enabled, the users can access only the files and folders in the 3DFS share for which they have access permissions. The access to the files and folders in the 3DFS share is given to the domain users who are logged in, based on the ACLs that are backed up.

For more information about the required ACL permissions to work on files and folders, see ACL Permissions Support.

Commvault recommends using a 3DFS Linux server that runs Red Hat Enterprise Linux or CentOS 7.0, or later operating system version.

Restriction: This option is available only for users who log on with their Active Directory credentials.

Support

Windows backups

Prerequisites

1. Install the following on the 3DFS Linux server

   • NFS-Ganesha version 2.8.2. For more information on installing NFS-Ganesha, see Getting Started with NFS ObjectStore.

   • Samba version 4.10.4. For more information on installing Samba, see Getting Started with NFS ObjectStore.

   • wbinfo program by using the samba-winbind-clients RPM package.

   • tdb-tools RPM package.

2. Download the nfs4acl_xattr.so file from the following GitHub repositories, and copy the file to the software_installation_directory/Base folder directory.

   • NFS4ACL_XATTR module for Samba 4.8.3

   • NFS4ACL_XATTR module for Samba 4.9.1

Before You Begin

1. Enable ACL backups and perform Windows File System backups. For more information see, Restricting User Access with Access Control Lists (ACLs).

2. On the 3DFS Linux server, restart the Commvault services.

Procedure

1. From the CommCell Console, expand Client Computers > client > File System > backup_set.

2. Right-click the subclient that contains the backup data, and then click Manage Network Share.

   The Network Share dialog box appears.

3. Click Add.

   The Create New Share dialog box appears.

4. In the Share Name box, type the network share name.

5. In the Network Storage Server list, select the MediaAgent that will act as a Network Storage server.

6. In the Browse MA list, select the MediaAgent that will used as the indexing server.

   Commvault recommends choosing the backup MediaAgent as the indexing server.

7. In the Copy Precedence box, type the copy precedence number for the backup copy.

8. To display the deleted files from the network share in the Network Share dialog box, select the Show Deleted Items check box.

9. To enable ACLs on 3DFS network share, select the Enable ACL check box.

10. Choose one of the following options for the network share:

    • To create a read-only share with the most recent backup data, select the Refresh on backup check box.

      For more information, see 3DFS Refresh on Backup.

    • To create a share that reflects the data before the specified time, in the Restore Time list, select a date and time.

      Note

      Read-only SMB shares are created.

11. To control the access to the share by network clients, choose one of the following options:

    • To allow all network clients to access the share, click All Clients.

    • To allow specific network clients to access the share, click Custom, and enter the host name or the IP address of the network client.

      Separate multiple host names or IP addresses with a comma (,).

12. Click OK.