Top Document: comp.os.netware.security FAQ Previous Document: 1.05 - What auditing functions does Accounting provide? Next Document: 1.07 - What are groups? See reader questions & answers on this topic! - Help others by sharing your knowledge A trustee is any user or group that has been granted access rights in a directory. The access rights in Novell NetWare 2 are slightly different from the ones in NetWare 3. The following is a summary of access rights for NetWare 3. S - Supervisory. Any user with supervisory rights in a directory will automatically inherit all other rights, regardless of whether they have been explicitly granted or not. Supervisor equivalent accounts will hold this access right in every directory. R - Read. Enables users to read files. C - Create. Enables users to create files and directories. Unless they also have write access, they will not be able to edit files which have been created. W - Write. Enables users to make changes to files. Unless they also have create access, they may not be able to edit files, since the write operation can only be used to extend files (not truncate them, which file editors need to do). E - Erase. Enable users to erase files and remove directories. M - Modify. Enable users to modify file attributes. F - File scan. Enables users to see file and directory information. If a user does not have file scan rights, they will not see any evidence of such files existing. A - Access control. Enable user to change trustee rights. They will be able to add other users as trustees, remove trustees, and grant/revoke specific rights from users. The only caveat of access control is that it is possible for users to remove themselves (as trustees) from directories, thus losing all access control. In addition to trustees and access rights, there is a concept of inherited rights which means that users inherit rights from parent directories. For example, if user ALICE has rights [CWEM] in a directory, and she has [RF] rights in the parent directory then she will have [RCWEMF] rights as a result of the inherited rights. This will only work if one of the rights that ALICE has in the two directories is granted to a group; if both are granted to her, she will lose the rights of the parent. User Contributions:Top Document: comp.os.netware.security FAQ Previous Document: 1.05 - What auditing functions does Accounting provide? Next Document: 1.07 - What are groups? Single Page [ Usenet FAQs | Web FAQs | Documents | RFC Index ] Send corrections/additions to the FAQ Maintainer: F.U.Mirza@sheffield.ac.uk (Fauzan Mirza)
Last Update March 27 2014 @ 02:11 PM
|
Comment about this article, ask questions, or add new information about this topic: