Netware Administration

From Wikibooks, the open-content textbooks collection

Jump to: navigation, search

Netware filesystem security info & tips:

Rights are assigned to a Trustee. A trustee can be any object in eDirectory or the special trustee [PUBLIC]. (A guest user who is attached to the network but not authenticated has [PUBLIC] rights.)

Users can get filesystem rights from:

  • Their user object
  • Groups & organizations of which their user object is a member
  • Security equivalences
  • The OU where their user object exists
  • [PUBLIC]
  • [ROOT]

Rights assigned to any directory are inherited by all the files and subdirectories contained within it. Rights assigned to a file apply only to that file. Rights “flow” downward through the directory structure away from the root - this is called inheritance.

An Inherited Rights Filter (IRF) is used to block inheritance. There is one IRF per file or directory; it applies equally to all trustees. An IRF takes rights away – it never gives rights.

  • When a trustee assignment and an IRF are assigned to the same file or directory, the IRF has no effect on that trustee. (The rights granted by the trustee assignment aren’t inherited, they’re explicit. Therefore the IRF has no effect).
  • Use of IRFs should be minimal.

Leverage inheritance by granting trustee rights as close to the root of the directory tree as possible.

Effective Rights are the rights that a user is actually able to use at any given location in the Netware filesystem. For directory x on a Netware volume:

Effective Rights = (Inherited Rights – IRFs) + explicit Trustee assignments on directory x

Where possible, use groups to assign filesystem rights. User trustee assignments should only be used for home directories.

Retrieved from "http://en.wikibooks.org/wiki/Netware_Administration"