User Types

On a NetWare 4.1/9000 NetWare Services server, three different types of users can work with files and directories in the file system:

HP-UX users have an HP-UX user account and not a NetWare user account. These users cannot access a NetWare server but can manage a NetWare server from HP-UX.
NetWare users have a NetWare user account and do not have an explicit HP-UX user account.
Hybrid users have both NetWare and HP-UX user accounts. These are the users who want to maintain access to the same files regardless of whether they are logged in to a NetWare account or an HP-UX account.

Regardless of your user type (unless you are a hybrid user), when using NetWare Services to access files and directories, it is strongly recommeded that all users be set up as hybrid users. Otherwise, HP-UX users can access and modify HP-UX files as if they owned them.

HP-UX Users

HP-UX user accounts provide limited NetWare server administration such as installing NetWare Services, installing NetWare Directory Services™ (NDS™), repairing NDS, setting up volumes, and so on. To use these administration tasks, you must be the System Owner on HP-UX and have permission to administer a NetWare server. (Root and the System Owner are given permission to administer NetWare Services when it is installed.)

When NetWare Services is installed and the hybrid user feature is not enabled on HP-UX, the following HP-UX accounts are used for all NetWare users but do not have hybrid user status:

nwroot is used by the NetWare ADMIN and server processes
nwuser is used by all NetWare users

Since NetWare Services runs as a privileged process, NetWare Services has the right to set a file's owner, group, and permission mask. All files created by NetWare users are owned by nwuser, assigned to nwgroup, and assigned the umask permission mask defined in NetWare Setup on HP-UX.

Considerations for NetWare UNIX Client ( NUC) Users

NUC users can log in to a NetWare server either through the HP-UX server console or by using nwlogin and nwlogout at the HP-UX command line (see System Owner Handbook for information). The NetWare volumes can be accessed from the HP-UX server console, from the automounter, or from the command line using mount.

We suggest that HP-UX users who will be using HP-UX or NetWare servers be set up as hybrid users. This ensures that they are the owners of the files they create; otherwise, nwuser is the owner.

Note the following items:

UNIX mode volumes allow you to use your permissions if you are the owner. With NetWare mode volumes, if you are the owner, you are not granted privileges other than your effective rights.
As shown in the examples in UNIX mode, files created by nonhybrid users are owned by every other user with equal (nonhybrid) permissions. Your files can, therefore, be opened and modified by other users. For the security of users, we suggest that when using UNIX mode, you set users up as hybrid users.

The NUC adopts the following rules for files and directories:

The NUC attaches mapped IDs (from the /etc/netware4/nwusers file or the default nwuser and nwgroup for nonhybrid users) on the inode when the file or directory is created in the HP-UX file system.
When checking files and directories, if the NetWare login ID maps to the ID on the inode, it displays the user's HP-UX UID and GID as the owner.

The following scenerios in Table 3-1 may help you to understand how users are seen from NUC:

Table 3-1 NUC Behavior

User Type	ID on the Inode	Ownership as Seen from NUC	Action Performed by NUC
1. Hybrid User 1	Mapped IDs of the Hybrid User	Native IDs	Creates a file and lists the file for ownership.
2. Hybrid User 2	Not applicable	Mapped IDs of the Hybrid User	Lists the file for ownership as created by Hybrid User 1.
3. Nonhybrid User 1	nwuser, nwgroup	Native IDs	Creates a file and lists the file for ownership.
4. Nonhybrid User 2	Not applicable	Native IDs	Lists the file created by Nonhybrid User 1.

NetWare Users

NetWare user accounts provide all of the usual NetWare administration and file and directory rights known to native NetWare users. NetWare users do not have privileges on HP-UX accounts unless they are a hybrid user.

Hybrid Users

Hybrid user is the feature that allows coordination between a NetWare user account and an HP-UX user account. This feature allows a user to access or own the same files regardless of whether he or she logs in as an HP-UX user or as a NetWare user.

Without the hybrid feature, users with both NetWare and HP-UX accounts would lose access to files they create in either account while logged in with the other account. This is because NetWare has no knowledge of HP-UX user accounts and HP-UX has no knowledge of NetWare user accounts.

When HP-UX users log in and create files, they maintain rights to the files they create because they are the owner of the files. When NetWare users log in and create files, they maintain rights to the files because of trustee assignments. However, during the creation process, NetWare Services is required to assign a HP-UX owner to the file in order to store it on any type of HP-UX file system.

NetWare Services uses nwuser, or it uses nwroot if the user on a NetWare server is ADMIN or Supervisor. The hybrid feature solves this problem by mapping the NetWare account to the HP-UX account so that when a NetWare user creates a file, the HP-UX UID becomes the owner of the file.

When HP-UX users log in to a HP-UX user account, they are denied access to the files they created as NetWare users because nwuser owns those files; their HP-UX account does not.

Setting Up a Hybrid User

Hybrid users are set up in SAM in HP-UX. See System Owner Handbook for information.

The tasks in this section allow the system administrator to enable hybrid user mapping for NetWare and HP-UX users.

What Happens When Hybrid User Is Active?

Table 3-2 shows the value stored in the User ID (UID) and Group ID (GID) fields for a connection when the hybrid user feature is disabled and enabled.

Table 3-2 UID/GID Values

Action	UID	GID
Not logged in (user)	nobody (can access SYS:LOGIN)	nogroup
Not logged in (server process)	nwroot	nwgroup
NetWare user logged in; user not a hybrid user	nwuser (users) nwroot (admin)	nwgroup nwgroup
Hybrid user logged in	HP-UX UID	UNIX user group

Allowing NetWare Users without Hybrid User Mapping

This section discusses how to enable a hybrid user to be assigned to a NetWare user who does not have hybrid user mapping.

The hybrid user feature is enabled and logins are synchronized by default.

Prerequisites

Hybrid user account set up in SAM
Superuser permission to use SAM

Procedure

Under Admin Tools aunder HP-UX, double-click on NetWare_Setup in the Networking folder.
Double-click on NetWare Server.
Double-click on Hybrid Users.
Set the following variable in the "Hybrid Users" window as appropriate.
Figure 3-1 Hybrid Users
Must All Users Be Hybrid Users? This variable requires that all users who log in have an explicit hybrid user mapping to an HP-UX user. "Yes" means a hybrid user has mapping to an HP-UX user. The default is No.
Allow Processes to Assume Hybrid User IDs? This variable determines whether the NetWare processes use the UID or GID for the hybrid user when processing an NCP request. This is only required when a NetWare volume uses NFS to access files from remote HP-UX machines. The default is No.
Click OK.