File system security includes assigning trustee rights and setting file and directory attributes. These two types of security are discussed in the following sections.
Trustee rights determine the access users have to directories and files. These rights can be given to User objects, Group objects, or Organizational Role objects.
Trustee rights are explained in Table 11.
Table 11. Trustee Rights
| Right | Allows you to |
|---|---|
Access Control |
Add and remove trustees and change rights to files and directories. |
Create |
Create subdirectories and files. |
Erase |
Delete directories and files. |
File Scan |
View file and directory names in the file system structure. |
Modify |
Rename directories and files, and to change file attributes. |
Read |
Open and read files, and to open, read, and execute applications. |
Supervisor |
Grant all rights listed in this table. |
Write |
Open, write to, and modify a file. |
Directory and file attributes assign properties to individual directories or files. Some attributes are meaningful only when applied at the file level, but some apply to both the directory and the file levels.
Be careful when assigning directory and file attributes. The attribute applies to all users.
For example, if you assign the Delete Inhibit attribute to a file, no one, including the owner of the file or the system supervisor, can delete the file. But any trustee with the Modify right can change the attribute to allow deletion.
Directory and file attributes are explained in Table 12.
Table 12. Directory and File Attributes
| Attribute code | Description | Applies to |
|---|---|---|
A |
Archive Needed identifies files that have been modified since the last backup. This attribute is assigned automatically. |
Files only |
Ci |
Copy Inhibit prevents Macintosh users from copying a file. This attribute overrides Read and File Scan trustee rights. |
Files only |
Dc |
Don't Compress keeps data from being compressed. This attribute overrides settings for automatic compression of files not accessed within a specified number of days. |
Directories and files |
Di |
Delete Inhibit means that the file or directory cannot be deleted. This attribute overrides the Erase trustee right. |
Directories and files |
Dm |
Don't Migrate prevents files and directories from being migrated from the server's hard disk to another storage medium. |
Directories and files |
Ds |
Don't Suballocate prevents data from being suballocated. |
Files only |
H |
The Hidden attribute hides files and directories so they can't be listed using the DIR command. A user with File Scan rights can use FILER or the NDIR command to list directories and files with the Hidden attribute. |
Directories and files |
I |
Index allows large files to be accessed quickly by indexing files with more than 64 File Allocation Table (FAT) entries. This attribute is set automatically. |
Files only |
Ic |
Immediate Compress sets data to be compressed as soon as a file is closed. If applied to a directory, every file in the directory is compressed as each file is closed. |
Directories and files |
N |
Normal indicates the Read/Write attribute is assigned and the Shareable attribute is not. This is the default attribute assignment for all new files. |
Directories and files |
P |
Purge flags a file or directory to be erased from the system as soon as it is deleted. Purged files and directories cannot be recovered. |
Directories and files |
Ri |
Rename Inhibit prevents the file or directory name from being modified. |
Directories and files |
Ro |
Read Only prevents a file from being modified. This attribute automatically sets Delete Inhibit and Rename Inhibit. |
Files only |
Rw |
Read/Write allows you to write to a file. All files are created with this attribute. |
Files only |
Sh |
Shareable allows more than one user to access the file at the same time. This attribute is usually used with Read Only. |
Files only |
Sy |
The System attribute hides the file or directory so it can't be seen by using the DIR command. It can be seen if a user with File Scan rights uses FILER or the NDIR command. System is normally used with operating system files, such as DOS system files. |
Directories and files |
T |
Transactional allows a file to be tracked and protected by the Transaction Tracking System (TTS). |
Files only |
X |
The Execute Only attribute prevents the file from being copied, modified, or backed up. It does allow renaming. The only way to remove this attribute is to delete the file. Use the attribute for program files such as .EXE or .COM. Make a copy of a file before you flag it as Execute Only, so you can replace the file if it becomes corrupted. |
Files only |
You can add a trustee to a directory or file using either the NetWare Administrator graphical utility or the FILER text utility. Both procedures are documented in this section.
Choose the NetWare Administrator icon from the MS Windows Program Manager or the OS/2 desktop. Using the browser, select the directory or file that you want to add a trustee to. For information about moving around in the browser and selecting objects, choose Help from the menu bar. From the Object menu, choose Details. From the Identification page, choose Trustees of this Directory. From the Trustees of this Directory page, choose Add Trustee. Select a trustee from the list. If the object does not appear in the list, browse the Directory tree to find the object that you want to make a trustee of the file or directory. Choose OK. To grant rights to the trustee, mark the appropriate check boxes below the trustee. To return to the browser, choose OK.
Procedure
Additional Information
| For more information about | See |
|---|---|
Trustees |
Trustee in Concepts |
File system rights |
|
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
At the DOS prompt, type FILER <Enter>
A list of available options appears. Your current context, Volume object, and path are shown in the upper left corner of the screen. Select Manage Files and Directories. The Directory Contents list appears. Find and select the file, directory, or subdirectory you want.
Select View/Set File [or Directory] Information and press <Enter>. Information for that file or directory appears. Use the arrow keys to move to the Trustees field, and then press <Enter>. A list of trustees for that file or directory appears. To add a trustee, press <Insert> and locate the trustee's name in the list. Select the name and then press <Enter>. The new trustee, object type, and default rights appear in the list. (Optional) To add another trustee to this file or directory, press <Esc> until you get to the File Information screen. Then repeat Steps 5 and 6. (Optional) Assign rights to the new trustee. You can assign or modify trustee rights now, or at any time after the trustee has been assigned to the directory or file. From the trustee list, select the user you want to assign or modify rights for, and then press <Enter>. The Trustee Rights list appears, showing the rights the trustee currently has to this directory or file. Press <Insert> to see a list of rights you can assign. Select a right you want to give the trustee and press <Enter>. To give the trustee more than one right, press <F5> to mark each right, and then press <Enter>. The Trustee Rights list reappears with the new rights added. Press <Esc>. The new rights appear next to the trustee name. Exit FILER by pressing <Esc> until you reach the Exit confirmation box, and then select Yes.
Procedure
Additional Information
| For more information about | See |
|---|---|
Trustees |
Trustee in Concepts |
File system rights |
|
Using the FILER utility |
FILER in Utilities Reference |
You can delete a trustee from a directory or file using either the NetWare Administrator graphical utility or the FILER text utility. Both procedures are documented in this section.
Choose the NetWare Administrator icon from the MS Windows Program Manager or the OS/2 desktop. Using the browser, select a directory or file that you want to delete a trustee from. For information on moving around in the browser and selecting objects, choose Help from the menu bar. From the Object menu, choose Details. From the Identification page, choose Trustees of This Directory. From the Trustees list, select a trustee. Choose Delete Trustee. To delete that object as a trustee, choose Yes. To return to the browser, choose OK.
Procedure
Additional Information
| For more information about | See |
|---|---|
Trustees |
Trustee in Concepts |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
At the DOS prompt, type FILER <Enter>
A list of available options appears. Your current context, Volume object, and path are shown in the upper left corner of the screen. Select Manage Files and Directories. The Directory Contents list appears. Find and select the file, directory, or subdirectory you want.
If you can't find what you want, check the Volume object name in the upper left corner of the screen. If you are in the wrong volume, you can change it by returning to the Available Options menu and choosing Select Current Directory.
Select View/Set File [or Directory] Information and press <Enter>. Information for that file or directory appears. Use the arrow keys to move to the Trustees field, and then press <Enter>. A list of trustees for that file or directory appear. Select the trustee you want to delete, and then press <Delete>. You are prompted to delete that trustee from the directory. Select Yes. To exit, press <Esc> until the menu you want appears.
Procedure
Additional Information
| For more information about | See |
|---|---|
Trustees |
Trustee in Concepts |
Using the FILER utility |
FILER in Utilities Reference |
You can modify trustee rights to a directory or file through the NetWare Administrator graphical utility or the FILER text utility. Both procedures are documented in this section.
Choose the NetWare Administrator icon from the MS Windows Program Manager or the OS/2 desktop. Using the browser, select the directory or file for which you want to change trustee rights. For information on moving around in the browser and selecting objects, choose Help from the menu bar. From the Object menu, choose Details. From the Identification page, choose Trustees of this Directory. From the Trustees list, select a trustee. Grant or revoke rights by marking the check boxes below the trustee. Choose OK to save the trustee rights.
Procedure
Additional Information
| For more information about | See |
|---|---|
File system rights |
Rights in Concepts |
Trustees |
Trustee in Concepts |
Using the NetWare Administrator |
NetWare Administrator in Utilities Reference |
At the DOS prompt, type FILER <Enter>
A list of available options appears. Your current context, Volume object, and path are shown in the upper left corner of the screen. Select Manage Files and Directories. The Directory Contents list appears. Find and select the file, directory, or subdirectory you want.
Select View/Set File [or Directory] Information and press <Enter>. Using the arrow keys, move to the Trustee field, and then press <Enter>. Select the name of the trustee whose rights you want to modify and press <Enter>. A list of the trustee's current rights appears. Press <Insert> to see a list of rights you can assign. Select a right you want to give the trustee, and then press <Enter>. If you want to assign more than one right, press <F5> to mark each right, and then press <Enter>. The Trustee Rights list reappears, showing the new list of rights. To exit, press <Esc>. The new rights appear next to the trustee name.
Procedure
Additional Information
| For more information about | See |
|---|---|
File system rights |
Rights in Concepts |
Trustees |
Trustee in Concepts |
Using the FILER utility |
FILER in Utilities Reference |
You can view and modify the Inherited Rights Filter (IRF) for a directory or file using the NetWare Administrator graphical utility or the FILER text utility. Both procedures are documented in this section.
Choose the NetWare Administrator icon from the MS Windows Program Manager or the OS/2 desktop. Using the browser, select a directory or file. For information on moving around in the browser and selecting objects, choose Help from the menu bar. From the Object menu, choose Details. From the Identification page, choose Trustees of This Directory. Under Inheritance Filter, select the check boxes for the rights that you want to allow to be inherited for that directory or file. Choose OK. The Trustees dialog reappears. To return to the browser, choose OK.
Procedure
Additional Information
| For more information about | See |
|---|---|
Inherited rights |
Attributes, Inherited Rights Filter, and Rights in Concepts |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
At the DOS prompt, type FILER <Enter>
A list of available options appears. Your current context, Volume object, and path are shown in the upper left corner of the screen. Select Manage Files and Directories. The Directory Contents list appears. Find and select the file, directory, or subdirectory you want.
Select View/Set File [or Directory] Information and press <Enter>. Information for that file or directory appears. The current inherited rights are shown in the Inherited Rights Filter field. Use the arrow keys to move to the Inherited Rights Filter field and then press <Enter>. A list of the rights inherited by the file or directory appears. Select a file or directory attribute you want to revoke, and then press <Delete>. To revoke more than one attribute, press <F5> to mark each attribute, and then press <Delete>. Press <Esc>. The File [or Directory] Information screen reappears with a listing of the rights that can be inherited. To exit, press <Esc> until the menu you want appears.
Procedure
Additional Information
| For more information about | See |
|---|---|
Inherited rights |
Attributes, Inherited Rights Filter, and Rights in Concepts |
Using the FILER utility |
FILER in Utilities Reference |
You can change the attributes of a directory or file with the NetWare Administrator graphical utility or the FILER text utility. Both procedures are documented in this section.
Choose the NetWare Administrator icon from the MS Windows Program Manager or the OS/2 desktop. Using the browser, select a directory or file. For information on moving around in the browser and selecting objects, choose Help from the menu bar. From the Object menu, choose Details. From the Identification page, choose Attributes. Select the check boxes for the attributes that you want to set or reset for this directory or file. To close the object dialog box and save the new attributes, choose OK.
Procedure
Additional Information
| For more information about | See |
|---|---|
File and directory attributes |
Attributes in Concepts |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
At the DOS prompt, type FILER <Enter>
A list of available options appears. Your current context, Volume object, and path are shown in the upper left corner of the screen. Select Manage Files and Directories. The Directory Contents list appears. Find and select the file, directory, or subdirectory you want.
Select View/Set File [or Directory] Information and press <Enter>. Information for the file or directory appears. To modify an attribute, use the arrow keys to move to the Attributes field, and then press <Enter>. The attributes for that file or directory appear. Modify the attribute by completing one of the following steps:
To assign more than one right, press <F5> to mark each right, and then press <Enter>.
Procedure
Additional Information
| For more information about | See |
|---|---|
File and directory attributes |
Attributes in Concepts |
Using the FILER utility |
FILER in Utilities Reference |
You can change the owner of a directory or file using the NetWare Administrator graphical utility or the FILER text utility. Both procedures are documented in this section.
Choose the NetWare Administrator icon from the MS Windows Program Manager or the OS/2 desktop. Using the browser, select the directory or file for which you want to change the owner. For information on moving around in the browser and selecting objects, choose Help from the menu bar. From the Object menu, choose Details. From the Identification page, choose Facts. To change the owner of this file or directory, click on the browser button to the right of the Owner field. Choose the object that you want to make the new owner of this directory or file. When the correct user is displayed in the Object Name field, choose OK. The new owner appears in the Owner field of the object dialog box. To save any changes, choose OK.
Procedure
Additional Information
| For more information about | See |
|---|---|
Objects |
Managing Novell Directory Services Objects Object in Concepts |
Using the NetWare Administrator utility |
NetWare Administrator in Utilities Reference |
At the DOS prompt, type FILER <Enter>
A list of available options appears.Your current context, Volume object, and path are shown in the upper left corner of the screen. Select Manage Files and Directories. The Directory Contents menu appears. Find and select the file, directory, or subdirectory you want.
Select View/Set File [or Directory] Information and press <Enter>. Information for the file or directory appears. The current owner of the file or directory appears in the Owner field. Use the arrow keys to move to the Owner field and then press <Enter>. Select the user that you want to be the owner of the file or directory and press <Enter>. NOTE: (For directories only) You can apply the change of ownership to either the entire subdirectory structure or to a selected directory.
Procedure
Additional Information
| For more information about | See |
|---|---|
Objects |
Managing Novell Directory Services Objects Object in Concepts |
Using the FILER utility |
FILER in Utilities Reference |