9.10 Trustee Rights Utility for Linux

The Trustee Rights Utility for Linux allows you to specify trustee rights for directories and files in NSS volumes on OES Linux. This utility does not provide support for Trustees on Linux file systems. It is also not meant to be used to set trustees for NSS volumes on OES NetWare. The trustee information is saved in the file and directory metadata in the NSS volume and works seamlessly with OES NetWare if the volume is moved to OES NetWare.

9.10.1 Purpose

Use this utility at a workstation to

  • View or modify user or group rights for files

  • View or modify user or group rights for directories and volumes

9.10.2 Syntax

rights [OPTIONS]

rights [TOPTIONS] trustee USERNAME

rights [DOPTIONS] delete USERNAME

rights [IOPTIONS] irf

rights [EROPTIONS] effective USERNAME

rights [SOPTIONS] show

9.10.3 Actions

The first argument indicates the action to be taken.

trustee

Add or modify a trustee on a file or directory.

 
delete

Remove a trustee from a file or directory.

 
irf

Set the inherited rights filter on a directory.

 
effective

Display a user’s effective rights.

 
show

Display the trustees and inherited rights filter.

9.10.4 Options

OPTIONS

-v, --version

Display the program version information.

 
-h, --help

Display the help screen.

TOPTIONS

-r, --rights=MASK

Specify the rights to be given to this trustee. For information, see MASK.

If the No Rights (n) option is assigned, the trustee is removed.

If rights are not specified, the default assignment is Read and File Scan rights.

 
-f, --file=filename

Specify the name of file or directory to assign trustees to. Filename is the path for the file or directory. For example:

-f /users/username/userfile.sxi

--file=/designs/topsecret

If a file or directory is not specified, the current directory is used.

DOPTIONS

-f, --file=filename

The name of file or directory to delete trustees from. Filename is the path for the file or directory.

If a file or directory is not specified, the current directory is used.

IOPTIONS

-r, --rights=MASK

Specify the rights to be passed through the filter. For information, see MASK.

If rights are not specified, the default assignment is All Rights.

 
-f, --file=filename

Specify the name of the directory where the filter is to be applied. Filename is the path for the directory.

If a directory is not specified, the current directory is used.

EROPTIONS

-f, --file=filename

The name of file or directory where effective right are to be calculated. Filename is the path for the file or directory.

If a file or directory is not specified, the current directory is used.

SOPTIONS

-f, --file=filename

Specify the name of the file or directory to display a list of its trustees.

If a file or directory is not specified, the current directory is used.

USERNAME

The username is the fully distinguished name of an eDirectory object, including the tree name. For example: username.context.treename or joe.engineer.acme_tree.

If you use special characters in a username, you must escape those special characters in the command line. For example, the '$' is a special character reserved to the shell and must be escaped. For the bash shell, the command could be written in one of two ways on the command line:

rights -f /media/nss/DATA/stuff -r none \$j\$o\$e.engineer.acme_tree

rights -f /media/nss/DATA/stuff -r none '$j$o$e.engineer.acme_tree'

If you are using another shell, the special characters might need a different escape technique. In this case, please refer to the shell documentation for this information.

MASK

The mask is a string of characters, with each character representing a type of rights. The following table lists the rights, the letter to use for each right, and what the right is used for.

Right

Use to

s (Supervisor)

Grant all rights to the file or directory.

r (Read)

Open and read files in the directory.

w (Write)

Open and write to files in the directory.

c (Create)

Create files and subdirectories.

e (Erase)

Erase files and directories.

m (Modify)

Rename files and directories, and change file attributes.

f (File Scan)

View and search on file and directory names in the file system structure.

a (Access Control)

Add and remove trustees and change trustee rights to files and directories.

none (No Rights)

Remove all rights.

all (All Rights)

Add All rights except Supervisor.

9.10.5 Example

rights -f /designs/topsecret -r rwfc trustee joe.engineer.acme_tree

This command assigns Read, Write, File Scan, and Create rights to the /designs/topsecret directory for user joe in the engineer context of the acme_tree eDirectory tree.