Network Supervisor's Toolkit

home *** CD-ROM | disk | FTP | other *** search

/ Network Supervisor's Toolkit / Network Supervisor's Toolkit.iso / novell / nw386 / secure-5.386 < prev next >

Wrap

Text File | 1996-07-10 | 17KB | 498 lines

Chapter 5 File and Directory Security This chapter illustrates the changes and capabilities that NetWare 386 brings to NetWare file and directory security. (Login security is discussed in Chapter 6, Bindery.) This chapter includes the following sections: ■ File/Directory Attributes ■ Byte Field ■ Trustee Rights File/Directory Attributes Attributes assign special properties to files and directories that override rights, thus preventing tasks that effective rights allow. Attributes can be used to restrict or inhibit copying, deleting, renaming, viewing, writing, and sharing. Attributes can be assigned to files and directories as shown in the following graphic. ------------------------------------------------------- FILE/DIRECTORY ATTRIBUTES File Attributes- Archive Needed Copy Inhibit Delete Inhibit Execute Only Hidden Indexed Purge Read Audit Read Only/Read Write Rename Inhibit Shareable System Transactional Write Audit Directory Attributes- Delete Inhibit Hidden Purge Rename Inhibit System ------------------------------------------------------- Archive Needed The Archive Needed attribute can be assigned only to files. NetWare automatically assigns this attribute to any file that is modified after the last backup. This attribute is DOS's Archive bit.Copy Inhibit The Copy Inhibit attribute can be assigned only to files. This attribute restricts only the copy rights of certain applications, such as the Macintosh Finder. Even if users have been granted Read and File Scan rights at the directory or file level, they will not be able to copy the file. If users have been granted the Modify right, they can remove the Copy Inhibit attribute and then copy the file. Delete Inhibit The Delete Inhibit attribute can be assigned to directories and files. This attribute prevents users from erasing the directories or files even when they have been granted the Erase right at the file or directory level. If users have been granted the Modify right, they can remove the Delete Inhibit attribute and delete the file or directory. Execute Only The Execute Only attribute can be assigned only to files. This attribute prevents files from being copied. Only the Supervisor can assign this file attribute, and it should be assigned only if a backup copy of the file exists. Backup utilities will not back up the files. Some programs will not execute properly when they are flagged Execute Only. Hidden The Hidden attribute can be assigned to directories and files. This attribute hides the file or directory from DOS DIR scans and prevents it from being deleted or copied. However, the files and directories will appear with a NetWare NDIR scan if the user has File Scan rights. Purge The Purge attribute can be assigned to directories and files. When assigned to a file, this attribute purges the file as soon as it is deleted. When assigned to a directory, this attribute purges all files in the directory when they are deleted. Such files cannot be recovered with the SALVAGE utility.Read Audit The Read Audit attribute will be available with NetWare 386 v3.1. The Read Audit attribute can be assigned only to files. Read Only/Read Write The Read Only attribute can be assigned only to files. When Read Only is assigned, NetWare automatically assigns the Delete Inhibit and Rename Inhibit attributes as well. Consequently, users cannot write to, erase, or rename the file even if they have been granted the Write and Erase rights at the directory or file level. If users have the Modify right, they can remove the Read Only attribute and then write to, rename, or erase the file. (Removing Read Only automatically removes Delete Inhibit and Rename Inhibit.) If users with the Modify right remove the Delete Inhibit and Rename Inhibit attributes separately, they can delete or rename the file, but they can't write to it. Rename Inhibit The Rename Inhibit attribute can be assigned to directories and files. This attribute restricts users from renaming directories and files even if they have the Modify right. If they have the Modify right, they must remove the Rename Inhibit attribute before renaming the file or directory. Shareable The Shareable attribute can be assigned only to files. This attribute allows the file to be used by more than one user at a time and is usually used in combination with the Read Only attribute. System The System attribute can be assigned to directories and files. It hides the file or directory from DOS DIR scans. However, the files and directories will appear with an NDIR scan if the user has File Scan rights.Transactional The Transactional attribute can be assigned only to files. This attribute indicates that files will be protected by TTS (Transaction Tracking System). TTS ensures that, when a file is being modified, either all changes are made, or no changes are made, thus preventing data corruption. If you are using TTS, all database files that you want protected need to be flagged with the Transactional attribute. Write Audit The Write Audit attribute is not available with NetWare 386 v3.0, but will be available with v3.1. The Write Audit attribute can be assigned only to files. Byte Field File and directory attributes appear in a 4-byte field within the file's DOS file entry stored in the volume's Directory Table. Directory attributes also appear in a 4-byte field within the directory's DOS directory entry. The following bits are defined for file and directory attributes: Directory and File Attributes Byte 3 Byte 2 Byte 1 Byte 0 76543210 76543210 76543210 76543210 ........ ........ ........ .......1 Read Only/Read Write ........ ........ ........ ......1. Hidden ........ ........ ........ .....1.. System ........ ........ ........ ....1... Execute Only ........ ........ ........ ..1..... Archive Needed ........ ........ ........ 1....... Shareable ........ ........ ...1.... ........ Transactional ........ ......1. ........ ........ Read Audit ........ .....1.. ........ ........ Write Audit ........ ........ ..1..... ........ Purge ........ ........ ....1... ........ Copy Inhibit ........ ........ .1...... ........ Rename Inhibit ........ ........ 1....... ........ Delete Inhibit Note that the Indexed file attribute is no longer supported since all files are automatically turbo FAT indexed when they have 64 or more regular FAT entries and are randomly accessed. However, the Indexed bit can still be set or cleared because some applications may need to have this bit set. Trustee Rights Trustee Rights control a user's or trustee's ability to access and work within a network's directories, subdirectories, and files. NetWare 386 includes a modified system of rights. The system differs from the systems in previous versions of NetWare in the following ways: ■ The Maximum Rights Mask has been discarded. ■ The Inherited Rights Mask (similar in some ways to a Maximum Rights Mask) has been added. ■ A directory has an Inherited Rights Mask and (optionally) a Trustee List. This is similar to the systems in previous version of NetWare. However, unlike previous versions of NetWare, a file also has an Inherited Rights Mask and, optionally, a Trustee List. ■ A Supervisor trustee right has been added. ■ The Open file right has been discarded. NetWare 386 Trustee Rights appear in a 2-byte format as follows: Trustee Rights Byte 1 Byte 0 76543210 76543210 ........ .......1 R Read ........ ......1. W Write ........ .....1.. undefined ........ ....1... C Create ........ ...1.... E Erase ........ ..1..... A Access Control ........ .1...... F File Scan ........ 1....... M Modify .......1 ........ S Supervisor For comparison, Trustee Rights appear as follows in previous versions of NetWare: Trustee Rights Byte 1 Byte 0 76543210 76543210 ........ .......1 R Read ........ ......1. W Write ........ .....1.. O Open ........ ....1... C Create ........ ...1.... D Delete ........ ..1..... P Parental ........ .1...... S Search ........ 1....... M Modify Example of Trustee Rights An example illustrates the new trustee rights system. Consider the following hypothetical directory structure of volume WORK. |---> File_1 | |---> File_2 |--->PROJECT- | |---> File_3 | | | | |--> File_4 | |-->STUFF --| WORK- |--> File_5 | | |--->PROGRAMS WORK is the root directory and the volume name. Two entries appear under the root directory: two subdirectories called PROJECT and PROGRAMS.Four entries appear under PROJECT: three files called File_1, File_2, File_3; and a subdirectory called STUFF. Finally, two entries appear under STUFF: two files called File_4 and File_5. Root Directory WORK does have at least one trustee: JAN. As you can see below, JAN has been granted all rights to directory WORK. JAN's Rights to Directory WORK ■ R (Read the file) ■ W (Write to the file) ■ C (Create files under directory work) ■ E (Erase the file) ■ A (Access and modify Inherited Rights Mask and Trustee List) ■ F (File Scan) ■ M (Modify attributes and rename files) However, this does not mean that JAN has all rights to every entry in WORK. For example, even though JAN was granted all rights in WORK, JAN does not have all rights to directory PROJECT. Inherited Rights Mask This is because directory PROJECT's Inherited Rights Mask as shown below has excluded all but two of the rights that JAN has to directory WORK. JAN's Rights to Directory PROJECT, Determined by Inherited Rights Mask ■ R (Read the file) ■ F (File Scan)The Inherited Rights Mask represents the rights that any of a directory's or file's trustees can inherit from a parent directory. Thus, as a trustee to PROJECT, JAN does not inherit rights held as a trustee to the parent directory WORK. In essence, PROJECT's Inherited Rights Mask says, "No matter what trustee rights you have in the parent directory, these are the only trustee rights you can retain for this directory and for all subdirectories." (Note that since a root directory does not have a parent directory, WORK, like all root directories, does not have an Inherited Rights Mask.) Directory PROJECT's Inherited Rights Mask allows JAN and other Trustees to scan for directory STUFF, and to scan for, open, and read the three files under directory PROJECT. JAN could do all these things, except that the files in directory PROJECT also have Inherited Rights Masks that determine what JAN can and cannot do in directory PROJECT. If the Inherited Rights Mask of the three files, File_1, File_2, and File_3, do not allow it, JAN has no rights to scan for, open, or read those files. So, even though JAN has File scan (F) rights in directory PROJECT, JAN still cannot see (with an NDIR command, for example) File_1. In fact, the Inherited Rights Mask of File_1 could prevent any trustee from having rights to the file. In that case, only a supervisor could see this file. Rights Granted by Supervisor However, there is a way to get around the Inherited Rights Mask. Like File_1, File_2's Inherited Rights Mask does not allow the inheritance of trustee rights. Thus, if JAN had to rely solely on the Trustee Rights granted in directory PROJECT, JAN would have no rights to File_2. But because the supervisor can grant rights to JAN at the file level, JAN has the rights to File_2 as shown in the following. JAN's Rights to File_2, Granted by Supervisor at File Level ■ R (Read the file) ■ W (Write to the file) ■ E (Erase the file) ■ A (Access and modify File_2's Inherited Rights Mask and Trustee ListJAN's Rights to File_2, Granted by Supervisor at File Level (continued) ■ F (Scan for File_2) ■ M (Modify File_2's attributes and rename the file). Description of Trustee Rights The following is a description of each trustee right. Right Assigned to a Directory Trustee Assigned to a File Trustee Read User can open and read existing User can open and files in this directory unless read this file. blocked by mask or trustee rights assignment. Write User can open and write to User can open and files in this directory unless write to this file. blocked by mask or trustee rights assignment. Create User can create files and User can salvage this subdirectories in this directory. file if it is deleted. Erase User can delete this directory User can delete this if the user has rights to delete file. everything inside it. Access User can modify the trustee list User can modify this Control and Inherited Rights Mask of this file's Trustee List directory. and Inherited Rights Mask. File Scan User can see the names of files User can see the name in this directory when scanning of this file when the directory (e.g., NDIR) unless scanning the directo ry. blocked by mask or trustee rights assignment.Right Assigned to a Directory Trustee Assigned to a File Trustee Modify User can rename this directory User can rename this and change the attributes of it. file and change its attributes. Supervisor User has all rights to this User has all rights to directory and all subdirectories this file. and files. User can grant supervisor rights to other users in this directory and in subdirectories and files. User's rights override all Inherited Rights Masks in subdirectories and files. User can assign space limitations to subdirectories Note that in addition to trustee rights, NetWare 386 features other file system security as well. Supervisors can limit user disk space for each volume. A supervisor can also limit the cumulative amount of disk space allotted to a directory and all child subdirectories and files.