Skip to main content

Access Basics

This article applies to: Shared File Services


  • Access to SFS shares will be restricted to on-campus IP addresses (including VPN).
  • No encryption is built into the SFS service. Customers can use their own encryption tools to encrypt their data (c.f., Policy 5.3, Use of Escrowed Encryption Keys).
  • CIFS shares will reside in the Cornell Active Directory (AD) domain, and can be presented through Cornell AD’s DFS namespace.
    • CIFS volumes have an inherited, recursive ACL for the Cornell AD group you specify for “administrative” purposes as "(OI)(CI)F".
    • End-users should be in different (non-administrative) Cornell AD groups.
    • End-users should never be granted ‘Full Control’.  
    • The “everyone” group is removed.
    • SFS administrators have no ACLs on your volume.
  • NFS shares can be restricted to a list of explicit servers, as defined by the customer when submitting a request (or change) for an NFS share.

About this Article

Last updated: 

Wednesday, May 30, 2018 - 3:49pm

Was this page helpful?

Your feedback helps improve the site.

Comments?