home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
CD-ROM Aktiv 1
/
CDA1_96.ISO
/
novell
/
fstrust.doc
< prev
next >
Wrap
Text File
|
1995-12-28
|
17KB
|
401 lines
FSTRUST Version MT-1.03
=======================
(Oct 29, 1995)
DISCLAIMER
----------
THIS PRODUCT IS SUPPLIED "AS IS". THE AUTHOR DISCLAIMS ALL WARRANTIES,
EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THE WARRANTIES
OF MERCHANTABILITY AND OF FITNESS FOR ANY PURPOSE. THE AUTHOR ASSUMES
NO LIABILITY FOR DAMAGES, DIRECT OR CONSEQUENTIAL, WHICH MAY RESULT
FROM THE USE OF THIS PRODUCT.
Introduction
------------
FSTRUST is comprised to two programs: gTRUSTEE and pTRUSTEE. The gTRUSTEE
program retrieves file and directory trustee information from either a
bindery (NetWare 3.1x) server or NDS (NetWare 4.x) server and stores the
information into an ASCII text file. Under NetWare 4, each server has its own
set of user object ID for a given NDS user object. For example, for NDS user
object Peter, on Server A the object ID may be 012345 while on Server B, the
same NDS object may have an object ID of 892345. Therefore, if you backup
the file system trustee information using object ID instead of object name,
you could lose the file system trustee information if you restore a file after
an NDS reinstall. Therefore, to overcome this problem, gTRUSTEE stores the
information using full NDS names.
pTRUSTEE is the tool that puts the file system trustee information back onto
the server volumes.
Four immediate application of FSTRUST comes to mind:
1. If your backup software is not NetWare aware, file and directory
trustee information (as well as NDS data) are not backed up. You
can use FSTRUST to backup and restore file system trustee data.
2. If you need to move a directory structure from one volume to
another or from one server to another. You can simply NCOPY the
data over and use FSTRUST to quickly reassign the file system
trustees.
3. Use FSTRUST (gTRUSTEE specifically) to document your current file
system trustee assignment. Since the generated data file is in a
fixed format, you can choose to import them into a database or
other applications to generate reports.
4. You can use the generated data file to change file and directory
trustee assignments off-line, before doing the update enmass. You
can also use it as a tool to standardize trustee assignments across
your network.
gTRUSTEE can also be used to gather file system trustee information from
NetWare 3.1x servers using bindery access mode. This is useful if you are
migrating data from a 3.1x environment to NDS.
Notes
-----
1. When running gTRUSTEE in the bindery mode, if you also have NDS attachments
active, the program may get confused and not able to locate the file and
directory trustee information correctly. In such case, log out from the
NDS tree. (This seem to have been addressed by v1.01)
2. Only file and directory trustee information are gathered. A future version
will also extract and restore Inherited Rights Mask/Filter (IRM/IRF) and
file ownerships. (These two features will be in v1.04)
3. When gathering file system trustee information from a NetWare 4 server
using the bindery mode, all none user objects are recorded as [Unknown]
users. These assignments are not restored by pTRUSTEE.
When gathering file system trustee information from a NetWare 4 server
and if gTRUSTEE can not resolve a userid to NDS name (perhaps due to
invalid object id), the trustee name is recorded as [Unknown]. This entry
is not restored by pTRUSTEE (much like the bindery mode case above).
4. To use the bindery/migration options, make sure you have set the proper
bindery context on the server to which the target volume is attached.
5. There are times when a workstaion is attached to multiple NetWare 4
servers (more than 2?), and you are running gTRSUTEE from a local drive,
gTRUSTEE may not see the files and any subdirectories under the path you
specified. Version 1.01 seems to have been addressed the issue, but it
has not been widely tested yet. Therefore, if you do encounter this
problem, one workaround is to make the target volume your current working
directory and gTRUSTEE will work just fine.
6. In order for gTRUSTEE to correctly extract the NDS names with the proper
context information, the utility (internally) switch context to [Root]. If
you do not have a copy of [Root] locally, the utility may take longer to
run.
7. When restoring the trustee assignment under bindery/migration mode using
pTRUSTEE, make sure your workstation is in the proper context in which
the "old bindery" user objects exist.
8. The maximum number of characters for a directory/file path and NDS object
name is 256 characters. In practice, this is a rare limit to reach.
However, you should be aware of it in case you notice a name got truncated.
9. The bindery Supervisor object id is handled separately and differently; it
is recorded as [Supervisor][BIN] in the TRUSTEE.DAT file.
10. When using the -N option, an alias is not dereferenced into the original
object name while searching.
11. The directory/file search routine used is not the fastest one around, as
it does not use NetWare API to do that. Just haven't the time to polish
that up yet. However, it is sufficiently fast. A quick, simple, benchmark
shows that, from a 486SX25 workstation (over Ethernet), gTRUSTEE can scan
a volume with about 160 directoies and 3000 files in about 3 minutes.
12. When the -A (append) option is used, all (output) datafiles are appended
to with the new data.
Installing FSTRUST
------------------
No special installation steps or program need to be used. Simply copy gTRUSTEE
and pTRUSTEE to SYS:PUBLIC of your servers. You must have the Unicode files
for the country code and code page that your workstation use available in the
the respective NLS directories, for example, SYS:PUBLIC\NLS.
If you choose to place the FSTRUST files in a different directory, you may
need a search map to SYS:PUBLIC\NLS in order for the application to find
the Unicode files.
Running gTRUSTEE
----------------
gTRUSTEE is a command-line based utility. Therefore, you need to supply the
necessary options when invoking the utility. The syntax for using gTRUSTEE is:
gTRUSTEE -dh? -v volname -p dirpath -s server [-n objectname] [-raX]
where (none of the parameters are case sensitive)
"-v volume_name" specifies the volume to access. The default is SYS: volume.
"-p directory_path" specifies the directory at which to start scanning for file
and directory trustee assignments. All subdirectories under this starting path
will be scanned. The default is \PUBLIC. If you wish to gather information for
a given volume, use "\" as the path name.
"-s server_name" indicates the server on which the volume is located. This is
a REQUIRED parameter and there is no default.
The "-h" or "-?" option will generate a help message screen.
File and directory trustee data is stored in a data file called TRUSTEE.DAT;
if the bindery mode is enabled, the data file is called the same name.
Following are two examples:
gTRUSTEE -s Server1
will get the trustee info of SYS:PUBLIC on Server1 and save to file
TRUSTEE.DAT.
gTRUSTEE -s Server2 -p TEST -v DATA
will get the trustee info of DATA:TEST on Server2 and save the data to
TRUSTEE.DAT.
Special gTRUSTEE Options
------------------------
You can use the "-n objectname" to generate a report of file and directory
trustee information for a given NDS object.
"-b" places gTRUSTEE into bindery mode when collecting the file and directory
trustee information.
"-r" will generate a report file called gTRUSTEE.RPT with essentially the
same information as displayed on the screen during program execution. This
provides a record for later reference.
"-a" will append to an existing report file, if the "-r" option is used.
"-X" (must be uppercase) will clear ALL trustee assignments in the scanned
path. Password is 1234. The use of password here is simply to prevent you
from accidentally delete all trustee assignments.
NOTE: Pressing the ESC key any time will abort the program. This is useful
---- if you started scan on a large volume and wish to abort.
Running pTRUSTEE
----------------
pTRUSTEE is a command-line based utility. Therefore, you need to supply the
necessary options when invoking the utility. The syntax for using pTRUSTEE is:
pTRUSTEE -h?b -s server [-ra]
where
"-s server_name" indicates the server on which the volume is located. This is
a REQUIRED parameter and there is no default.
"-b" is the flag to indicate one is migrating (bindery mode) trustee info
from 3.1x to NetWare 4. The data will be read from TRUSTEE.DAT.
The "-h" or "-?" option will generate a help message screen.
Example:
pTRUSTEE -s Server1
Restores the trustee info from file TRUSTEE.DAT to Server1. Note that the
volume and directory information is already in the data file.
Special pTRUSTEE Options
------------------------
"-r" will generate a report file called pTRUSTEE.RPT with essentially the
same information as displayed on the screen during program execution. This
provides a record for later reference.
"-a" will append to an existing report file, if the "-r" option is used.
NOTE: Pressing the ESC key any time will abort the program. This is useful
---- if you started scan on a large volume and wish to abort.
Special Notes About the TRUSTEE.DAT File
----------------------------------------
As you noticed from just looking at the TRUSTEE.DAT file, the syntax is
pretty straightforward. You can easily add or remove trustee assignments
by modifying the file. However, please make sure you follow the EXACT
syntax as you see. Each entry is made up of FOUR (4) lines.
It is important to identify on the second line if the entry is a file (F)
or a directory (D).
The identifier on the third line is not currently used, but may be used in
the future to indicate if the object named is a user, group, or other NDS
object types.
The rights on the fourth (and last) line can be specified in any order.
You can include a very special keyword in the TRUSTEE.DAT file called
[K]Create_Directory
Normally when a file/directory does not exist on the target volume, trustee
assignments can not be made. With the use of the above keyword flag near the
top of the TRUSTEE.DAT file, missing directories will be created and trustee
assignments made. However, missing files will not be created.
This keyword must be entered into the TRUSTEE.DAT file manually and it MUST
appear as above (case-dependent).
You should not edit any lines above the "Please do not edit this file..."
unless you understand the consequence.
Registration
------------
Two variations of FSTRUST are available. The version included here is a
Freeware version. This version will not do the following:
1. It will not scan for file trustee assignments.
2. It will not generate a report file.
3. It will not report an NDS object's file system assignments.
4. It will not support bindery/migration mode.
5. It will not create missing directories.
6. It will not clear trustee assignments.
7. It will not abort from the pressing of ESC key.
You are granted an unlimited usage at no cost. However, you are not allowed
to sell or package this utility as part of another software package or
service contract. Bottom line: you can not make money using this
Freeware version. All standard Freeware limitation applies.
Should you find the need, a registered version is available for $99US.
This will be a NETWORK license, limited to ONE NDS TREE. This license
does not permit you to resell FSTRUST or to include it as part of another
software package or service contract.
To obtain your registered version, please use the order form below or you
can soon register it on CompuServe.
Order Form
----------
-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- CUT HERE -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
Registration for FSTRUST
--------------------------
Shipping information: Order Date: _________________
Name: ________________________________________
Company: ________________________________________
Address: ________________________________________
________________________________________
Prov/State: ________________________________________
Post/Zip Code: ________________________________________
Country: ________________________________________
Email address: ________________________________________
****************************************************************************
** It is important that you include an email address **
** The registered copy will be sent out electronically for faster service **
****************************************************************************
The registered version is available for $99US
=====
This will be a NETWORK license, meaning you can run it on as many servers
as you have in a SINGLE NDS TREE.
To obtain your registered version, please send a cheque or money order for
$99US to. You will soon be able to register this product via CompuServe.
Please contact DreamLAN for more information.
Peter Kuo
DreamLAN Network Consulting Ltd.
19 Eleanor Circle
Richmond Hill, ON
Canada L4C 6K6
Residents or companies in Canada, please remit $138.00 CDN (this includes 7%
GST).
-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x- CUT HERE -x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-
Other Information
-----------------
FSTRUST is written in C using Microsoft C optimizing compiler and Novell's
Client SDK v1.0e. Some string manipulating routines are from the CXL library.
Revision History
----------------
Sep 30, 1995. Version MT-1.00, first release code.
Oct 03, 1995. Version MT-1.01, press of ESC will abort program run. Possible
fix of "Primary server vs Preferred server"
issue when running the utils from a local drive.
Oct 13, 1995. Version MT-1.02, fixed issue when a bindary [Supervisor]
trustee is found while running in the NDS mode.
Oct 29, 1995. Version MT-1.03, consolidated TRUSTEE.3X and TRUSTEE.4X into a
single TRUSTEE.DAT file.
Other NDS Utilities
-------------------
FSTRUST is part of an NDS utilities toolkit available from DreamLAN Network
Consulting Ltd. The toolkit includes:
o NDSLOGIN - log into a NetWare 4 tree without having to know the
context of the user object.
o NDSADMIN - a simple utility that allows Help Desk users (with proper
NDS rights) to change a user's password, reset grace
login counts, and reset intruder detection lockouts.
o NDSRIGHT - a DOS command-line utility to assign ACL rights to any
object or attributes of an object. Can also be used to
report ACL rights of objects.
o FSTRUST - a pair of utilities that will read the file system trustee
assignments into a text file using NDS mode. i.e. trustee
names are in NDS format rather than object ids. This is
useful when you need to move directories from one volume
to another or from one server to another without lost of
file system trustee information.
o NDSPASS - a DOS command-line utility to change the NDS password for
any user object, provided you have sufficient rights.
o BINPASS - a DOS command-line utility to change the bindery password
for any user object, provided you have sufficient rights.
Peter Kuo, Ph.D., DreamLAN Network Consulting [75470,3310]
NetWire SysOp, MCNE/ECNE/CNI/CNX
Member of the Novell Professional Developer's Program