Comparison of Windows NT and Solaris Concepts
Some terms and concepts in the Solaris operating environment are similar to those in Windows NT, but different in important ways. The topics below may help you sort out some of the differences.
User Accounts
User accounts in the Solaris operating environment differ from those in the Windows NT environment because of fundamental differences in the underlying file system, security model, and management model. The basic attributes of Windows NT and Solaris user accounts, such as user name, password, description are essentially the same. The following table maps the basic attributes of Windows NT user accounts that map well to Solaris counterparts.
| Windows NT User Account Attributes |
Solaris User Account Attributes |
| User name can be up to 20 alphanumeric characters not including / \ [ ] : ; | + , * ? < > |
User name can be up to 8 alphanumeric characters not including / \ [ ] : ; | + , * ? < > ! @ # $ % ^ & ( ) |
| Full Name |
None, but the Description may be used for this purpose |
| Description |
Description |
| Password |
Password |
If you want to create user names that can be used in both Windows NT and Solaris environments, you must use the Solaris guidelines because they are more restrictive and will satisfy the user name requirements of both environments.
Passwords
In both Windows NT and Solaris operating environments, the initial password for a user account may be set when the account is created. Other options control if and when a user can change the password. The following table maps the password options of Windows NT user accounts that map to similar password options in their Solaris counterparts.
| Windows NT User Account Password Attributes |
Solaris User Account Password Attributes |
| User must change password at next logon |
User must change at next logon or in x days |
| User cannot change password |
N/A (cannot prevent user from changing password) |
| Password never expires |
Expires if not used for x days |
| Account disabled |
Account availability: Account is locked on <date> |
The Windows NT administrator can also control additional password options for all users in the domain. Options controlled at the domain level include the minimum password length and the frequency with which a password may be reused by a user. AdminSuite has no such control at the domain level.
Groups
Membership in a group is a primary means of controlling access in both Windows NT and Solaris environments. However, the characteristics of a group and what it means for a user are quite different.
| Windows NT Group Attributes |
Solaris Group Attributes |
| Membership is optional |
Must belong to the primary group |
| Membership automatically grants user rights to perform tasks |
Grants access to files and directories to which the group has access. No other rights or permissions associated. |
| Default groups created |
Default groups created |
| Can create new groups |
Can create new groups |
| User can belong to many groups |
User must belong to one primary group; may belong to up to 16 secondary groups. |
Access to Files, Directories, and Tasks
Access permissions in Solaris are simpler than Windows NT permissions. In the traditional Solaris file protection system, all file and directory access is controlled by file owners assigning combinations of Read, Write, and Execute permission to the sets of users defined as owner, group, and other. If this is not enough protection for your files, you can use access control lists (ACLs), which provide better file security by enabling you to define file permissions for the owner, owner's group, others, specific users and groups, and default permissions for each of those categories.
Permissions in Windows NT are assigned to each object (file, directory, printer, etc.) in an NTFS file system. The administrator can precisely control which users can access specific files and resources.
The following table shows common tasks and the permissions required for the user to perform them.
| Task |
Standard Windows NT Permission |
Solaris Permission |
| Read file only; no modify or delete |
Read |
Directory: r--
File: r-- |
| List directory contents, but no ability to read, add, or delete files |
Read |
Directory: r-- |
| Add files to directory |
Change |
Directory: -wx |
| Remove files from directory |
Change |
Directory: -wx
File: -w- |
| Modify a file |
Change |
Directory: --x
File: rw- |
| Run a user program |
Change |
Directory: --x
file: r-x |
| Change permissions of a file or directory |
Full Control |
Must be owner of file or directory |
| Change ownership of a file or directory |
Full Control |
Must be owner of file or directory |
| Perform system tasks |
User rights assigned to groups and/or users |
Must be root for some tasks. Some tasks can be performed by users who have been given specific access rights in their user profiles. |
Name Services
All computers on a TCP/IP network have both a host name and host address, called an IP address, to identify each computer. Host names are used simply because they are easier for people to remember than IP addresses, which are numeric. Name services match host names to their associated IP addresses, so users are only required to deal with host names. This is known as name resolution. The following table lists the types of name services used by Windows NT and Solaris.
| Name Service Type |
Windows NT |
Solaris |
| Local |
HOSTS file for TCP/IP, LMHOSTS file for NetBIOS |
/etc/hosts file |
| Domain |
WINS for NetBIOS, DNS for TCP/IP |
NIS/NIS+ |
| Internet |
DNS |
DNS |
Mailing Lists
In Windows NT, mailing lists are generally created and maintained using email programs. In Solaris, mailing lists (also called email aliases) can be created on the local system for all users to use, or with an email program for the use of the user creating them. Mailing lists can also be maintained in NIS/NIS+, which makes them available to users in the NIS/NIS+ domain.
User Rights
User rights in Solaris and Windows NT allow users to perform various system tasks. In Solaris, the rights assigned in AdminSuite refer only to those tasks that can be performed with AdminSuite. All other system administration tasks, such as shutting down the system and restoring backup files, must be performed by a user logged on as root.
Windows NT's user rights include a more extensive list of system administration tasks that are not tied to any particular management tool.
Mounts
A Solaris file system, local or remote, is not accessible until it is mounted. Local mounts are usually performed automatically at boot time. Remote mounts are performed by AutoFS when access is attempted. A remote mount is somewhat analogous to a mapped drive in Windows NT, in that you can access it the same as a local file system after it is mounted. You need not know that it is a remote file system.
Shares
File system shares in Solaris and Windows NT are similar in that they can only be seen and accessed by others on the network after an administrator shares them. A share must be mounted by the administrator on a remote computer before users on the remote computer can have access to the share.
In Solaris, shares refer only to file systems (including CD-ROM file systems). In Windows NT, shares may be folders, printers, CD-ROM or DVD drives; in short, anything that can be shared.