devxlogo

Rights control to the NetWare 4.x file system simplified

Rights control to the NetWare 4.x file system simplified

Question:
Rights control to the NetWare 4.x file system simplified

Answer:
While using Novell NetWare 3.1x, administrators used the familiar “grant” command to control user rights to files and directories in the Netware file system. In Netware 4.x, the command to use is “rights.”

Let’s assume that your NetWare 4.1 server is called “Enterprise.” In order to grant read, write and file-scan access to the “Admin” group to the “logs” directory on the SYS: volume, you would type:

rights enterprise/sys:logs r w f /group=admin
Now, if you were to log in as a member of the “Admin” group, you could change to the “logs” directory on Enterprise/sys: and type:
 rights
This command will show you your effective rights in the “logs” directory. Let’s suppose you observe that you also have erase rights in addition to read, write and file-scan. How did this happen? Here is the explanation:

In NetWare 4.x, rights to files and directories are dependent on a feature called “Inherited rights,” the rights inherited from the parent directory. In order to view the inherited rights filter for the parent of “logs’, you would type:

 rights enterprise/sys: /F
If [E]rase was a member of the list, it would explain why you had erase rights in the directory “logs” as a member of the “Admin” group. In order to correct this problem you would first have to log in as a higher authority such as Admin, and then type:
rights enterprise/sys: -E /F
This command would then remove the Erase attribute as a inheritable right from the Sys: root level. If you were to now log in as a member of the “Admin” group, you would see that you no longer have erase rights in the “logs” directory.

In order to remove user “John” as a trustee in the “logs” directory, you would type:

rights enterprise/sys:logs rem /name=John

devx-admin

Share the Post: