home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Amiga Developer CD v1.1
/
Amiga Developer CD v1.1 - May 1996 (1996)(Schatztruhe)[!].iso
/
Contributions
/
IAM
/
Networking
/
Envoy-2.0
/
obs
/
Using_EFS
< prev
next >
Wrap
Text File
|
1994-12-22
|
6KB
|
131 lines
/*------------------------------------------------------------------------*/
/* *
* $Id: Using_EFS 1.1 1994/11/29 13:36:31 heinz Exp $
* */
/*------------------------------------------------------------------------*/
Using the Envoy Filesystem
==========================
The EFS is broken into two pieces -- a "client" and a "server". The
client is actually an AmigaDOS filesystem, and resides in L:. The
server is an Envoy Service, and resides in the Services directory of
your Envoy distribution.
Any machine can export and import mounts for EFS. Which mounts are to
exported or imported, however, must be specified by the user.
On any machine exporting a filesystem, bring up the "Filesystem
Exports" editor from the Configuration drawer. This is where the user
is to determine what directories are to be exported -- and who is
capable of accessing them.
Select 'Add' under the 'Shared Directories' listview. A requester
will appear, allowing you to specify what directory or volume you wish
to make available via the network. Click on 'Volumes', and select
either a volume or a directory to export (do not select a file -- only
a volume or directory). Once selected, click 'OK'. The directory or
volume you selected should now be listed under "Shared Directories".
Click on it to verify that it's activated. Click in the 'Name' string
gadget on the right side of the screen. This gadget specifies the
Volume name that all clients will see your mount as (this is the name
that clients will see under their disk icon on workbench). Enter an
informative string here. If you want to export a disk drive (e.g.
DF0:) or cd-rom drive supporting removable media, leave the 'Name'
gadget empty. The clients will see the name of the volumes inserted
then.
If don't want to bother with any security, select 'No Security'.
Otherwise, use the 'Add' button below the 'Users and Groups' listview
to add the names of whichever users you wish to permit to access the
mount that you've just created. The three checkboxes in the
upper-right corner of the editor specify whether you wish someone
using the client to be able to Snapshot the disk icon for your mount,
whether clients are allowed to utilize the 'Leave Out' Workbench
feature on this mount, and whether you wish to utilize "full"
permission protection on this mount. (See the file NewFS for more
information.) A recent addition is the 'No Security' button, which
eliminates the need to supply a list of users who can access a given
directory or volume. However, this allows -everyone- access to that
given directory, which is a serious security problem.
Once you've added all of the volumes or directories you wish to make
available, click 'Save'. The exporting machine is then prepared to
act as a fileserver for the directories you selected.
On a client, make use of the "Filesystem Imports" utility; select the
machine, your username and password (for that machine), and you will
be presented with a list of available mounts. Select one, and click
'Connect'. If you decide you want the mount to be permanent, the
program will create a mountfile and place it in either DEVS:DosDrivers
(>2.0) or in SYS:WBStartup (2.0). If you choose temporary, it will
mount the device, but not retain the mountfile.
You're allowed to import or export as many mounts as your machine's
memory can handle.
EFS and Security
================
The 'Full File Security' button needs some explanation: When this is turned
on, a notion of each file having a unique Owner (User and Group), and
having eight new protection bits becomes present. The owner is the user
who created the file; the group is the 'default group' for that user.
These items can ONLY be changed by the owner of the file, and can be done
with the CLI commands "OWNER" and "GROUP".
The new protect bits are 'rwed' for GROUP and 'rwed' for OTHER. (The
original four bits are consider owner, or USER bits.) These can be set ONLY
by the owner of a file, using the CLI command "protect".
These new features are available for viewing with the CLI command "LIST".
"LIST" will default to it's normal behavior, but when given the keywords
USERS and/or GROUPS, will display the valuable data. Currently, a sample
list output might be:
11.SoftServe:Greg> list users groups nodates
bloomcounty Dir Greg Mille Software E ----rwed r-ed r-e-
11.SoftServe:Greg> ^^^^^^^^^^ ^^^^^^^^^^ ^^^^ ^^^^ ^^^^
Owner Group User || Other
Group
The permission bits granted to a user depends on their level of access to
the given file; if they're the owner, they receive the User bits in the
'User' field. If they are not the owner, but are a member of the group
given, the Group bits are -copied- into the User field. For instance, if
someone else in the "Software Engineering" group were to list the above
file, they'd see:
bloomcounty Dir Greg Mille Software E ----r-ed r-ed r-e-
If someone in CATS were to list the file, they'd see: (Someone in CATS -
therefore NOT the owner, and NOT in the given group; therefore, someone who
falls into the OTHER category.)
bloomcounty Dir Greg Mille Software E ----r-e- r-e- r-e-
Files created before 'Full File Security' was turned on may have -no-
owner. A file with no owner or group is considered owned by anyone -- and
may be modified as such.
Any user with the 'Administration' privilege (see Envoy/Configuration/
Users) is considered an administrator in the filesystem as well. They can
manipulate files as if they were always the owner.
Since DOS currently doesn't understand any of these protection bits, -all-
the interpretation of this data is done through Envoy. Therefore, a file
created on a hard drive but not -through- Envoy will not inherit these
abilities.
Many Amiga programs haphazardly "set" the protection bits on a file without
preserving bits that they don't know about. Because the GROUP and OTHER
bits are not normally set by the ROM FS, these will default to "off". With
Full Security on, unless the user explicitly permits a file created without
using Envoy it's not accessible.