5.8 Viewing Key NSS Directory and File Attributes as Linux POSIX Permissions

On Linux, NSS displays its eDirectory Read Only (Ro), Read/Write (Rw), Execute (X), and Hidden (H) attributes for directories and files in the Linux POSIX permission fields. For NSS volumes on Linux, the POSIX permissions are not used conventionally to provide access control. Instead, they are merely a means of displaying NSS attributes in a familiar format to Linux users. NSS does not support the POSIX set-user-ID mode bit and set-group-ID mode bit. For information about Ro, Rw, X, and H attributes, see Section 5.7, Understanding Directory and File Attributes for NSS Volumes.

For NSS volumes on Linux, only the Root user can create files in a directory that is marked as Read Only. If the Read Only attribute is enabled for a directory, LUM-enabled users cannot create files in the directory even if they have the trustee Supervisor right assigned to them. For example, the POSIX fields for a Read Only directory might be

dr-x r-x r-x (for a directory with Read Only enabled and Hidden disabled)

d--x --x --x (for a directory with Read Only and Hidden enabled)

To enable LUM-enabled users to create files, you must disable Read Only for the directory, which is indicated in the POSIX rights field by enabling Write. For example, the POSIX fields when the Read Only attribute is disabled might be

drwx rwx rwx (for a directory with Read Only disabled and Hidden disabled)

d-wx -wx -wx (for a directory with Read Only disabled and Hidden enabled)

The following table describes how the NSS directory and file attributes are displayed in the Linux POSIX fields and how they handle conventional management commands such as chmod.

NSS Directory and File Attributes Set in eDirectory

Displayed as POSIX Permissions (User, Group, Other)

Description

Read Only is enabled.

Execute is disabled.

Hidden is disabled.

r-- r-- r--

NSS enables the Read permission bit and disables the Write permission bit for the User, Group, and Other fields to indicate that the NetWare Read Only attribute is enabled and the Hidden attribute is disabled. The directory or file is visible in your file manager.

The NetWare Read Only attribute is always set to On for files and directories. When the Hidden attribute is set to Off, the Read permission bit is set to On for the User, Group, or Other permission fields on Linux.

Example: chmod 400 has the same result as chmod 444

r-- r-- r--

The binary value for octal 4 is 100, which corresponds to Read=On, Write=Off, and Execute=Off.

Read Only is enabled.

Execute is disabled.

Hidden is enabled.

--- --- ---

NSS disables the Read and Write permission bits for the User, Group, and Other fields to indicate that the NetWare Read Only attribute is enabled and the Hidden attribute is enabled. The directory or file is not visible in your file manager, unless the file manager is set to view hidden files.

The NetWare Read Only attribute is always set to On for files and directories. When the Hidden attribute is set to On, the Read permission bit is set to Off for the User, Group, or Other permission fields on Linux.

Example: chmod 044 or chmod 040 has the same result as chmod 000

--- --- ---

The binary value for octal 0 is 000, which corresponds to Read=Off, Write=Off, and Execute=Off.

Read Only is disabled.

Execute is disabled.

Hidden is disabled.

rw- rw- rw-

NSS enables the Write permission bit to indicate that Read Only is disabled. All users can read and modify the file or directory.

If you set the Write permission bit for the User permission field, NSS sets the Write bit in all fields to the value in the User field.

By default, NSS disables the Read Only attribute for files, so both the Read and Write permission bits are set to On in the Linux permissions.

Example 1: chmod 620 or chmod 644 has the same result as chmod 666

rw- rw- rw-

The binary value for octal 6 is 110, which corresponds to Read=On, Write=On, and Execute=Off for the User field. The binary value for octal 2 is 010, which corresponds to Read=Off, Write=On, and Execute=Off for the Group field. NSS always sets the Read field to On. Because Write is set to On for the User field, it is also set to On for all fields. The NetWare Read Only attribute is disabled.  

Example 2: chmod 420 or chmod 466 has the same result as chmod 444

r-- r-- r--

NSS always sets the Read field to On. Because Write is set to Off for the User field, it is also set to Off for all. The NetWare Read Only attribute is enabled.

Read Only is enabled.

Execute is enabled.

Hidden is disabled.

r-x r-x r-x
[XXX]

NSS enables the Execute permission bit to indicate that Execute is enabled. When the Execute permission is enabled, all users can list the contents of the directory and change to the directory.

For files, if you set the Execute permission bit to On for any of the User, Group, or Other permission fields, NSS sets the Execute bit to On for all fields.

For files, if you set the Execute permission bit to Off for all of the User, Group, or Other permission fields, NSS sets the Execute bit to Off for all fields.

For directories, both the Read and Execute permission bits are always set to On.

Example 1: chmod 001, chmod 441, or chmod 401 has the same result as chmod 555

r-x r-x r-x

The binary value for octal 5 is 101, which corresponds to Read=On, Write=Off, and Execute=On. The binary value for octal 1 is 001, which corresponds to Read=Off, Write=Off, and Execute=On for the Other field. NSS always sets the Read field to On. Because the Execute bit is set to On for one of the fields, it is set to On for all of the fields.

Example 2: chmod 622, chmod 700, or chmod 766 has the same result as chmod 777

rwx rwx rwx

The binary value for octal 7 is 111, which corresponds to Read=On, Write=On, and Execute=On. NSS always sets the Read field to On. Because the Execute bit is set to On for one of the fields, it is set to On for all of the fields. Because Write is On for the User field, it is set to On for all fields.

Example 3: for directories, chmod 000, chmod 400, and chmod 022 have the same result as chmod 555

r-x r-x r-x

The binary value for octal 2 is 010, which corresponds to Read=Off, Write=On, and Execute=Off. NSS always sets the Read field to On. NSS always sets the Execute field to On for directories. The chmod command has no effect on the state of Read and Execute permission bits for directories. Because the Write bit is set to Off in the User field, it is set to Off for all fields.

Read Only is disabled.

Execute is enabled.

Hidden is disabled.

rwx rwx rwx

NSS enables the Read, Write, and Execute permission bits when Read Only is disabled and Execute is enabled. All users can read and modify the directory or file, and they can list the contents of the directory and change to the directory.