33.5 Configuring and Administering Access to Services

The following sections discuss administering access to services.

33.5.1 Password Management

In OES, eDirectory users can change their own passwords if you have installed Virtual Office by completing the following steps:

  1. In a Web browser, launch Virtual Office by entering the following URL in the Address field:

    http:// IP_or_DNS/vo

    where IP_or_DNS is the IP address or full DNS name of the OES server.

  2. Log in to Virtual Office using the eDirectory username and password for the account being changed.

  3. Click the Padlock icon Padlock icon.

  4. Type the current eDirectory password.

  5. Type the new eDirectory password.

  6. Retype the password to confirm it.

  7. Click OK.

33.5.2 Linux (POSIX) File System Access Rights

Access control to Linux traditional file systems is controlled through POSIX file system access rights or attributes associated with directories and files. In general, the directories and files can be accessed by three POSIX entities:

  • The user who owns the directory or file

  • The group who owns the directory or file

  • All other users defined on the system

These users and the affected group are each assigned (or not assigned) a combination of three attributes for each directory and file:

Attribute

Effect on Directory when Assigned

Effect on File when Assigned

Read

Lets the user or group view the directory's contents.

Lets the user or group open and read the file.

Write

Let's the user or group create or delete files and subdirectories in the directory.

Lets the user or group modify the file.

Execute

Lets the user or group access the directory using the cd command.

Lets the user or group run the file as a program.

For more information, see Configuring File System Trustees, Trustee Rights, Inherited Rights Filters, and Attributes in the File Systems Management Guide for OES .

33.5.3 NSS (and NetWare) File and Directory Trustee Management

The File Systems Management Guide for OES contains a thorough discussion of file and directory trustee management in its Configuring File System Trustees, Trustee Rights, Inherited Rights Filters, and Attributes section.

The following sections present brief information about managing trustees on NSS volumes.

Changing File and Directory Attributes and Trustees Using NetStorage

You can use the NetStorage Web browser interface to change attributes and trustees for directories and files on NSS volumes, but you can’t change them using a WebDAV connection to NetStorage.

You cannot change attributes or trustees on NetWare Traditional volumes using NetStorage.

Changing File and Directory Attributes and Trustee Rights Using the Novell Client

You can use the Novell Client to change NSS file and directory attributes and to grant trustee rights to an NSS volume on an OES Linux server. For more information, see NetWare File Security in the Novell Client for Windows Installation and Administration Guide and Managing File Security in the Novell Client for Linux 1.2 Administration Guide .

Changing File Attributes at the Linux Shell Prompt

Use the attrib command to change file and directory attributes on an NSS volume.

The attrib command is also documented in Attributes Utility for Linux in the File Systems Management Guide for OES .

Or you can enter the following command at the shell prompt:

attrib --help

Changing Trustee Rights at the Linux Shell Prompt

To grant NSS trustee rights to an NSS volume, enter the following command:

rights -f /full/directory/path -r rights_mask trustee full.object.context

where /full/directory/path is the path to the target directory on the NSS volume, rights_mask is the list of NSS rights, and full.object.context is the object (User or Group) in its full eDirectory context including the tree name.

For example, you might enter the following:

rights -f /data/groupstuff -r rwfc trustee mygroup.testing.example_tree

For a complete list of command options, enter rights at the shell prompt.

The rights command is also documented in Trustee Rights Utility for Linux in the File Systems Management Guide for OES .