home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Netware Super Library
/
Netware Super Library.iso
/
nov_info
/
nw386
/
secure-5.386
< prev
next >
Wrap
Text File
|
1989-07-27
|
17KB
|
498 lines
Chapter 5
File and Directory Security
This chapter illustrates the changes and capabilities
that NetWare 386 brings to NetWare file and directory
security. (Login security is discussed in Chapter 6,
Bindery.) This chapter includes the following sections:
■ File/Directory Attributes
■ Byte Field
■ Trustee Rights
File/Directory Attributes
Attributes assign special properties to files and
directories that override rights, thus preventing tasks
that effective rights allow. Attributes can be used to
restrict or inhibit copying, deleting, renaming, viewing,
writing, and sharing. Attributes can be assigned to files
and directories as shown in the following graphic.
-------------------------------------------------------
FILE/DIRECTORY ATTRIBUTES
File Attributes-
Archive Needed
Copy Inhibit
Delete Inhibit
Execute Only
Hidden
Indexed
Purge
Read Audit
Read Only/Read Write
Rename Inhibit
Shareable
System
Transactional
Write Audit
Directory Attributes-
Delete Inhibit
Hidden
Purge
Rename Inhibit
System
-------------------------------------------------------
Archive Needed
The Archive Needed attribute can be assigned only to
files. NetWare automatically assigns this attribute to
any file that is modified after the last backup. This
attribute is DOS's Archive bit.Copy Inhibit
The Copy Inhibit attribute can be assigned only to files.
This attribute restricts only the copy rights of certain
applications, such as the Macintosh Finder. Even if users
have been granted Read and File Scan rights at the
directory or file level, they will not be able to copy
the file.
If users have been granted the Modify right, they can
remove the Copy Inhibit attribute and then copy the file.
Delete Inhibit
The Delete Inhibit attribute can be assigned to
directories and files. This attribute prevents users from
erasing the directories or files even when they have been
granted the Erase right at the file or directory level.
If users have been granted the Modify right, they can
remove the Delete Inhibit attribute and delete the file
or directory.
Execute Only
The Execute Only attribute can be assigned only to files.
This attribute prevents files from being copied. Only the
Supervisor can assign this file attribute, and it should
be assigned only if a backup copy of the file exists.
Backup utilities will not back up the files. Some
programs will not execute properly when they are flagged
Execute Only.
Hidden
The Hidden attribute can be assigned to directories and
files. This attribute hides the file or directory from
DOS DIR scans and prevents it from being deleted or
copied. However, the files and directories will appear
with a NetWare NDIR scan if the user has File Scan
rights.
Purge
The Purge attribute can be assigned to directories and
files. When assigned to a file, this attribute purges the
file as soon as it is deleted. When assigned to a
directory, this attribute purges all files in the
directory when they are deleted. Such files cannot be
recovered with the SALVAGE utility.Read Audit
The Read Audit attribute will be available with NetWare
386 v3.1. The Read Audit attribute can be assigned only
to files.
Read Only/Read Write
The Read Only attribute can be assigned only to files.
When Read Only is assigned, NetWare automatically assigns
the Delete Inhibit and Rename Inhibit attributes as well.
Consequently, users cannot write to, erase, or rename the
file even if they have been granted the Write and Erase
rights at the directory or file level.
If users have the Modify right, they can remove the Read
Only attribute and then write to, rename, or erase the
file. (Removing Read Only automatically removes Delete
Inhibit and Rename Inhibit.) If users with the Modify
right remove the Delete Inhibit and Rename Inhibit
attributes separately, they can delete or rename the
file, but they can't write to it.
Rename Inhibit
The Rename Inhibit attribute can be assigned to
directories and files. This attribute restricts users
from renaming directories and files even if they have
the Modify right. If they have the Modify right, they
must remove the Rename Inhibit attribute before renaming
the file or directory.
Shareable
The Shareable attribute can be assigned only to files.
This attribute allows the file to be used by more than
one user at a time and is usually used in combination
with the Read Only attribute.
System
The System attribute can be assigned to directories and
files. It hides the file or directory from DOS DIR scans.
However, the files and directories will appear with an
NDIR scan if the user has File Scan rights.Transactional
The Transactional attribute can be assigned only to
files. This attribute indicates that files will be
protected by TTS (Transaction Tracking System). TTS
ensures that, when a file is being modified, either all
changes are made, or no changes are made, thus preventing
data corruption. If you are using TTS, all database files
that you want protected need to be flagged with the
Transactional attribute.
Write Audit
The Write Audit attribute is not available with NetWare
386 v3.0, but will be available with v3.1. The Write
Audit attribute can be assigned only to files.
Byte Field
File and directory attributes appear in a 4-byte field
within the file's DOS file entry stored in the volume's
Directory Table. Directory attributes also appear in a
4-byte field within the directory's DOS directory entry.
The following bits are defined for file and directory
attributes:
Directory and File Attributes
Byte 3 Byte 2 Byte 1 Byte 0
76543210 76543210 76543210 76543210
........ ........ ........ .......1 Read Only/Read Write
........ ........ ........ ......1. Hidden
........ ........ ........ .....1.. System
........ ........ ........ ....1... Execute Only
........ ........ ........ ..1..... Archive Needed
........ ........ ........ 1....... Shareable
........ ........ ...1.... ........ Transactional
........ ......1. ........ ........ Read Audit
........ .....1.. ........ ........ Write Audit
........ ........ ..1..... ........ Purge
........ ........ ....1... ........ Copy Inhibit
........ ........ .1...... ........ Rename Inhibit
........ ........ 1....... ........ Delete Inhibit
Note that the Indexed file attribute is no longer
supported since all files are automatically turbo FAT
indexed when they have 64 or more regular FAT entries and
are randomly accessed. However, the Indexed bit can still
be set or cleared because some applications may need to
have this bit set.
Trustee Rights
Trustee Rights control a user's or trustee's ability to
access and work within a network's directories,
subdirectories, and files. NetWare 386 includes a
modified system of rights. The system differs from the
systems in previous versions of NetWare in the following
ways:
■ The Maximum Rights Mask has been discarded.
■ The Inherited Rights Mask (similar in some ways to
a Maximum Rights Mask) has been added.
■ A directory has an Inherited Rights Mask and
(optionally) a Trustee List. This is similar to the
systems in previous version of NetWare. However,
unlike previous versions of NetWare, a file also
has an Inherited Rights Mask and, optionally, a
Trustee List.
■ A Supervisor trustee right has been added.
■ The Open file right has been discarded.
NetWare 386 Trustee Rights appear in a 2-byte format as
follows:
Trustee Rights
Byte 1 Byte 0
76543210 76543210
........ .......1 R Read
........ ......1. W Write
........ .....1.. undefined
........ ....1... C Create
........ ...1.... E Erase
........ ..1..... A Access Control
........ .1...... F File Scan
........ 1....... M Modify
.......1 ........ S Supervisor
For comparison, Trustee Rights appear as follows in
previous versions of NetWare:
Trustee Rights
Byte 1 Byte 0
76543210 76543210
........ .......1 R Read
........ ......1. W Write
........ .....1.. O Open
........ ....1... C Create
........ ...1.... D Delete
........ ..1..... P Parental
........ .1...... S Search
........ 1....... M Modify
Example of Trustee Rights
An example illustrates the new trustee rights system.
Consider the following hypothetical directory structure
of volume WORK.
|---> File_1
|
|---> File_2
|--->PROJECT-
| |---> File_3
| |
| | |--> File_4
| |-->STUFF --|
WORK- |--> File_5
|
|
|--->PROGRAMS
WORK is the root directory and
the volume name. Two entries appear under the root
directory: two subdirectories called PROJECT and
PROGRAMS.Four entries appear under PROJECT: three files called
File_1, File_2, File_3; and a subdirectory called STUFF.
Finally, two entries appear under STUFF: two files
called File_4 and File_5.
Root Directory
WORK does have at least one trustee: JAN. As you can see
below, JAN has been granted all rights to directory WORK.
JAN's Rights to Directory WORK
■ R (Read the file)
■ W (Write to the file)
■ C (Create files under directory work)
■ E (Erase the file)
■ A (Access and modify Inherited Rights Mask and
Trustee List)
■ F (File Scan)
■ M (Modify attributes and rename files)
However, this does not mean that JAN has all rights to
every entry in WORK. For example, even though JAN was
granted all rights in WORK, JAN does not have all rights
to directory PROJECT.
Inherited Rights Mask
This is because directory PROJECT's Inherited Rights Mask
as shown below has excluded all but two of the rights
that JAN has to directory WORK.
JAN's Rights to Directory PROJECT,
Determined by Inherited Rights Mask
■ R (Read the file)
■ F (File Scan)The Inherited Rights Mask represents the rights that any
of a directory's or file's trustees can inherit from a
parent directory. Thus, as a trustee to PROJECT, JAN does
not inherit rights held as a trustee to the parent
directory WORK. In essence, PROJECT's Inherited Rights
Mask says, "No matter what trustee rights you have in the
parent directory, these are the only trustee rights you
can retain for this directory and for all
subdirectories." (Note that since a root directory does
not have a parent directory, WORK, like all root
directories, does not have an Inherited Rights Mask.)
Directory PROJECT's Inherited Rights Mask allows JAN and
other Trustees to scan for directory STUFF, and to scan
for, open, and read the three files under directory
PROJECT. JAN could do all these things, except that the
files in directory PROJECT also have Inherited Rights
Masks that determine what JAN can and cannot do in
directory PROJECT. If the Inherited Rights Mask of the
three files, File_1, File_2, and File_3, do not allow it,
JAN has no rights to scan for, open, or read those files.
So, even though JAN has File scan (F) rights in directory
PROJECT, JAN still cannot see (with an NDIR command, for
example) File_1. In fact, the Inherited Rights Mask of
File_1 could prevent any trustee from having rights to
the file. In that case, only a supervisor could see this
file.
Rights Granted by Supervisor
However, there is a way to get around the Inherited
Rights Mask. Like File_1, File_2's Inherited Rights Mask
does not allow the inheritance of trustee rights. Thus,
if JAN had to rely solely on the Trustee Rights granted
in directory PROJECT, JAN would have no rights to File_2.
But because the supervisor can grant rights to JAN at the
file level, JAN has the rights to File_2 as shown in the
following.
JAN's Rights to File_2, Granted by
Supervisor at File Level
■ R (Read the file)
■ W (Write to the file)
■ E (Erase the file)
■ A (Access and modify File_2's Inherited Rights Mask
and Trustee ListJAN's Rights to File_2, Granted by
Supervisor at File Level (continued)
■ F (Scan for File_2)
■ M (Modify File_2's attributes and rename the file).
Description of Trustee Rights
The following is a description of each trustee right.
Right Assigned to a Directory Trustee Assigned
to a File
Trustee
Read User can open and read existing User can
open and
files in this directory unless read this
file.
blocked by mask or trustee rights
assignment.
Write User can open and write to User can
open and
files in this directory unless write to
this file.
blocked by mask or trustee rights
assignment.
Create User can create files and User can
salvage
this
subdirectories in this directory. file
if it
is
deleted.
Erase User can delete this directory User
can
delete
this
if the user has rights to delete file.
everything inside it.
Access User can modify the trustee list User can modify this
Control and Inherited Rights Mask of this file's
Trustee
List
directory. and Inherited
Rights
Mask.
File Scan User can see the names of files User can
see the
name
in this directory when scanning of this file
when
the directory (e.g., NDIR) unless scanning
the
directo
ry.
blocked by mask or trustee rights
assignment.Right Assigned to a Directory Trustee Assigned
to a File
Trustee
Modify User can rename this directory User
can
rename
this
and change the attributes of it. file and
change its
attributes.
Supervisor User has all rights to this User has
all
rights to
directory and all subdirectories this file.
and files. User can grant
supervisor rights to other users
in this directory and in
subdirectories and files. User's
rights override all Inherited
Rights Masks in subdirectories
and files. User can assign space
limitations to subdirectories
Note that in addition to trustee rights, NetWare 386
features other file system security as well. Supervisors
can limit user disk space for each volume. A supervisor
can also limit the cumulative amount of disk space
allotted to a directory and all child subdirectories and
files.