NetWare Equivalent Rights to NFS Permissions Translation
When you access a NetWare file from NFS or change an NFS file's access control from NetWare, the equivalent rights for the NetWare file owner or for the NetWare group are translated to NFS permissions. All other NetWare equivalent rights are ignored.
When a file's trustee assignments are changed, the NetWare rights are converted to NFS permissions as follows:
- For every trustee assignment, the owner and group effective rights convert to corresponding NFS permissions.
- The effective rights for the NetWare group mapped to world convert to the NFS permissions designated for the user class other.
The NetWare classes are converted to their equivalent NFS classes in accordance with a mapping table. If the trustee assignment changes for a directory, the conversion propagates to the files under that directory that have Inherited Rights Masks set to allow the change.
Table 20. Translating NetWare File Rights to NFS
Read |
read |
|
Write |
write |
|
Create |
Not applicable. |
Create, generate, and scan file commands do not belong in the NFS file. |
Erase |
Not applicable. |
Create, Erase, and File Scan do not apply to NFS files. These rights are converted to write and execute permissions for the parent directory. |
Access Control |
No direct match. |
The Access Control right is a prerequisite to file ownership. |
File Scan |
Not applicable. |
Create, Erase, and File Scan do not apply to NFS files. These rights are converted to write and execute permissions for the parent directory. |
Modify |
Not applicable. |
|
Supervisor |
Equivalent to Superuser. |
|
Table 21. Translating NetWare Directory Rights to NFS
Read |
The read permission is propagated to all files under the directory if inheritance permits. |
|
Write |
The write permission is propagated to all files in the directory if inheritance permits. |
|
Create |
The write permission is granted only if the NetWare directory also has the Erase right. |
If a directory has both Create and Erase rights, they are mapped to write permission. If the directory has only the Create or the Erase right, this right is dropped when viewed from the NFS. |
Erase |
The write permission is granted only if the NetWare directory also has the Create right. |
If a directory has both Create and Erase rights, they are mapped to write permission. If the directory has only the Create or the Erase right, this right is dropped when viewed from the NFS side. |
Access Control |
No direct match. |
The NetWare owner of the file has the same rights in NFS as the NFS owner of the file. If the NetWare owner of the file does not have the Access Control right, the NetWare owner's identification is mapped to a special NFS identification (UID 0), which does not allow the permissions to be changed from NFS. |
File Scan |
read, execute |
The File Scan right is mapped to read and execute permissions only if all files and subdirectories in the specified directory also have the File Scan right. |
Modify |
Not applicable. |
|
Supervisor |
Equivalent to Superuser; translation not applicable. |
|
The following example illustrates how NetWare rights are converted to NFS permissions. This example assumes that user JOHN has security equivalent to user MARY.
User JOHN |
R W |
User MARY |
R W M A S |
Group ENGINEERING |
R |
Group ACCOUNTING |
R W |
Group EVERYONE |
None |
Entering the following UNIX command
ls -l abc.txt
displays the following NFS rights:
-rw-r---- 1 john engineering 216 Feb 5 1994 abc.txt
NFS owner john (equivalent to NetWare owner JOHN) has read and write permission. NFS group engineering (equivalent to NetWare group ENGINEERING) has read permission. All other NFS users have no permissions, because the equivalent NetWare group (the default OU) has no rights to the file.
NetWare user MARY, who is not the owner but who has NetWare trustee rights, is dropped in the translation. The same is true of the NetWare group ACCOUNTING.
Permissions Guidelines
In general, to avoid confusion, it is best to set up permissions and rights so as not to display files to users on the other systems who cannot use the files. Specifically, when storing files that NFS users access, you can avoid problems by following two rules:
- Do not store applications in directories shared by NFS users, or make sure the application files do not have execute permission.
- Do not store data files created by applications in shared directories unless you know the files are compatible with a version of the application available to NFS users.
