Security

Security is one of the most important aspects of file system organization. NDS rights and the file system's directory and file attributes allow you to determine who may access what, and whether that access amounts to being able to merely read a file or modify it.

To use the capabilities described in the NDS area of this documentation, you might want to organize your approach to designing an appropriately secure system by doing the following:

1. Clustering directories and files according to who needs access to them. In other words, use the directory structure to reflect access requirements.

   For example, you can structure the hierarchy of directories in such a way as to take advantage of the inheritance aspect of rights.

   Rights can be associated with volumes, directories, and files as a safeguard against deletion or modification by users. Directory and file attributes can also be used to control what users can do.

2. Subdividing the user community into groups on the basis of related access requirements.

   Users grouped by role (relative to file access) can be assigned ownership of directories and files, and users whose roles vary can be assigned rights on the basis of equivalence.

   Users needing a particular kind of access to certain directories and files can be grouped so that appropriate access belongs to the group (and, consequently, to each member).