NSS includes the following features to help prevent access to data that circumvents normal access control:
Encrypted volume support
Encrypted volume support encrypts the volume, which makes data inaccessible to software that circumvents normal access control, such as if the media were stolen. It meets U.S. Government security standards. For information, see Managing Encrypted NSS Volumes.
The Data Shredding attribute supports shredding of purged files (up to 7 times), which erases files completely. It meets the U.S. Government security standards. For information, see Section 20.3, Using Data Shredding to Prevent Access to Purged Files.
Multiple server access prevention for pools
Multiple Server Activation Prevention (MSAP) ensures data integrity by preventing unauthorized access to shared media in a storage area network. For information, see Section 15.13, Preventing Pools from Activating on Multiple Servers.
Novell Trustee model for access control
NSS uses the Novell Trustee model to greatly simplify access control management in the file system. It restricts visibility of data structures so that users only see subdirectories they have rights to see, not the whole tree like all other file systems.
For information about the Novell Trustee model and NSS file system rights, see the OES 11 SP2: File Systems Management Guide.