Server for NFS uses the Windows security descriptor when implementing Network File System (NFS) access permissions. The security descriptor is the structure that governs security assignments for Windows. The security descriptor contains the following components:

  • File owner

  • File group

  • Discretionary access control list (DACL)

  • System access control list (SACL)

Note

The SACL is used for auditing and does not affect file permissions.

Within the security descriptor, the file owner and group refer to security identifiers (SIDs). An SID can be thought of as the internal representation for an individual user or group. The primary reason for using SIDs is to differentiate among accounts across different domains that share the same account name. Even though the names are the same, they represent different accounts and can be given different permissions to the same file.