This article applies to: Shared File Services
- Access to SFS shares will be restricted to on-campus IP addresses (including VPN).
- No encryption is built into the SFS service. Customers can use their own encryption tools to encrypt their data (c.f., Policy 5.3, Use of Escrowed Encryption Keys).
CIFS shares will reside in the Cornell Active Directory (AD) domain, and can be presented through Cornell AD’s DFS namespace.
- CIFS volumes have an inherited, recursive ACL for the Cornell AD group you specify for “administrative” purposes as "(OI)(CI)F".
- End-users should be in different (non-administrative) Cornell AD groups.
- End-users should never be granted ‘Full Control’.
- The “everyone” group is removed.
- SFS administrators have no ACLs on your volume.
- NFS shares can be restricted to a list of explicit servers, as defined by the customer when submitting a request (or change) for an NFS share.