Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP 9000 Networking: Supervising the Network > Chapter 3 Managing the NetWare Services File System

File Access Control
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

In NetWare, trustee assignments are used to grant access to files and directories; these assignments are part of the file system. In NetWare Services, trustee assignments are kept in a separate, per-volume database in the volume's control directory.

Since NetWare Services is a process running on HP-UX, NetWare administrators can select how they want the NetWare trustee assignments and the HP-UX permissions to interact with each other in granting access.

NWS _Volume_Setup in NetWare Setup allows the network administrator to set variables for specific volumes or for volumes system-wide (see Chapter 7, "Maintaining the NetWare Server"),

Table 3-3 describes the possible modes.

Table 3-3 File Access Control Modes

Value

Description

None

All NetWare users are granted full access to all files and directories as if they had Supervisor rights. There are no access controls. See "Using Neither NetWare Nor HP-UX for File Access Control" in this chapter for more information.

NetWare

NetWare-only enforcement. NetWare trustee assignments and file attributes control a NetWare user's access to files and directories. File system security must be set up with NetWare utilities such as RIGHTS and NETADMIN. The HP-UX permissions are ignored. See "Using NetWare Only for File Access Control" in this chapter for more information.

UNIX

UNIX-only enforcement. HP-UX permissions control a NetWare user's access to files and directories. Trustee assignments are ignored and NetWare rights are granted according to HP-UX permissions. File system security must be set up with HP-UX utilities such as chmod, chown, and chgrp. See "Using HP-UX Only for File Access Control" in this chapter for more information.

Both

Both NetWare and HP-UX enforcement. Both NetWare trustee assignments and HP-UX permissions control file and directory access. File system security must be set from both NetWare and HP-UX. See "Using Both NetWare and HP-UX for File Access Control" in this chapter for more information.

 

The mode affects the performance of the Standard file system volumes. The "NetWare" and "None" modes are the fastest for the Standard file system volumes. The "UNIX" and "Both" modes are the slowest because they require more synchronization with the HP-UX file system. This slowness is most noticeable on directory searches and listings and increases with directory depth.

File Ownership

File ownership is dependent upon which user ID (UID) and group ID (GID) owns the files that are created by NetWare clients.

HP-UX UIDs and GIDs on a file are important only if

  • UNIX access control is used

  • The administrator wants to support hybrid users

Using Neither NetWare Nor HP-UX for File Access Control

When "None" is selected as the mode for file access control, NetWare Services ignores all file access checks. NetWare Services does not check the trustee database for trustee assignments, nor does it check NetWare file attributes.

Since NetWare Services runs as a privileged process, it can also ignore the HP-UX permissions. NetWare Services does not check to see if the user has permission as the owner, a member of the group, or other.

Volume options contain the only check NetWare Services makes when the "None" mode is set. If the Read-Only option is set, NetWare Services allows users read-only access to files.

Using NetWare Only for File Access Control

When "NetWare" is selected as the mode for file access control, rights checking is the same as it is on native NetWare. NetWare Services checks that the user has NetWare rights to the file or directory and that the NetWare file and directory attributes allow the action. Figure 3-2 illustrates this process.

Figure 3-2 NetWare Security Checks

NetWare Security Checks

If NetWare is the access control mode, the HP-UX permission bits are not checked at all. For client access, if files owned by Root are placed in the NetWare volume and NetWare rights allow the user to access the file, the user is allowed access.

NOTE: Remember that if the access control mode is NetWare, HP-UX file ownership and permissions are meaningless. HP-UX users creating files in NetWare volulmes may allow NetWare clients unintended access.

Trustee Rights

NetWare must calculate a user's effective rights, or rights the user can exercise, to each file and directory. This is because effective rights are determined by a combination of the Inherited Rights Filter, trustee assignments, and security equivalences.

The following basic rules are used:

  1. NetWare Services compiles a list of object IDs for the user and the user's equivalencies (groups and other users).

  2. If the user is the NetWare administrator or equivalent, the user is granted all rights to the file or directory.

  3. NetWare Services scans up the tree from the node in question, looking for a trustee assignment granted to each object ID.

  4. If one of the object IDs has been granted the Supervisor right, the user is granted all rights to the file or directory.

  5. If the trustee assignment is for the node in question, the user is granted those rights.

  6. If the trustee assignments are above the node in question, NetWare Services checks that rights are on in the trustee assignments and the rights in the IRFs. NetWare Services then allows these rights to be used by the user.

    If multiple trustee assignments have been granted to an object ID in a branch of the tree, NetWare Services uses the trustee assignment closest to the node in question for all rights except the Supervisor right.

    NetWare Services searches to the root of the volume to verify whether the Supervisor right has been granted. Since the Supervisor right cannot be revoked except in the directory where it was granted, this right overrides trustee assignments in lower directories, as well as modifications to Inherited Rights Filters.

Volume, File, and Directory Attributes

NetWare Services has one volume attribute, Read-Only. It overrides any HP- UX permissions that would allow NetWare users to write to or create files in the volume.

NetWare has a number of file and directory attributes (Delete-Inhibit, Read- Only, Rename-Inhibit, and so on) which are enforced for NetWare users.

File Access Control Utilities

Since only NetWare is used to control file access, all client access control must be set up with the NetWare utilities (such as NETADMIN, NetWare Administrator, FILER, RIGHTS, or FLAG for attributes). NetWare utilities should also correctly display the user's effective rights.

Using HP-UX Only for File Access Control

When "UNIX" is selected as the mode for file access control, the HP-UX permission bits are used to calculate effective NetWare rights to a file or directory. Each NetWare Services user has a UID and a GID and these are compared with the file or directory's UID and GID. The UID and GID are established by default or through the hybrid user feature.

Figure 3-3 illustrates this process.

Figure 3-3 HP-UX File Access Control Checks

HP-UX File Access Control Checks

NetWare Services users can have a match on more than one UID. The UID matches under the following conditions:

  • The NetWare user's hybrid UID matches the file's (or directory's) UID.

  • The file's (or directory's) UID is nwuser and the user is logged in.

  • The file's (or directory's) UID is nwroot and the user is logged in to the NetWare server as the network administrator.

If the user's hybrid UID is 0 (Root), the user is granted all HP-UX rights to the file or directory, regardless of HP-UX permission bits. Some NetWare rights are still restricted (namely, Supervisor and Access Control, which allow users to grant NetWare trustee assignments).

The GIDs match under the following conditions:

  • The NetWare user's hybrid GID matches the file's (or directory's) GID. Although HP-UX allows a user to belong to more than one group, currently only the HP-UX user's primary group is used, the GID obtained with getpwnam ( ). All other group GIDs are ignored.

  • The file's (or directory's) GID is nwgroup and the user is logged in.

The rights granted are determined by the HP-UX permission bits for the UID, GID, or Other. These HP-UX permission bits are translated into NetWare rights.

Two NetWare rights, Supervisor and Access Control, are never granted, since granting them would imply that the user can use NetWare trustee assignments to control access. With "UNIX" as the mode for file access, access control changes must occur from HP-UX.

Table 3-4 shows how HP-UX rights are translated to NetWare rights.

Table 3-4 Translating HP-UX Permissions to NetWare Rights

HP-UX Permissions

NetWare Effective Rights

Parent Directory

File or Directory

File

Directory

- - -

Any

No Rights

No Rights

r

Any

No Rights

No Rights

rw

Any

No Rights

No Rights

wx

Any

No Rights

No Rights

x

Any

No Rights

No Rights

w

Any

No Rights

No Rights

wx

Any

No Rights

No Rights

rwx

- - -

CE F

No Rights

rwx

r

R CE F

No Rights

rwx

rw

RWCE F

RWCE F

rwx

rwx

RWCE F

R E F

rwx

r x

R CE F

No Rights

rwx

w

WCE F

No Rights

rwx

wx

WCE F

No Rights

rwx

x

CE F

No Rights

r x

- - -

F

No Rights

r x

r

R F

No Rights

r x

rw

RW F

No Rights

r x

rwx

RW F

RWC F

r x

r x

R F

R F

r x

w

W F

No Rights

r x

wx

W F

No Rights

r x

x

F

No Rights

 

Keep these rules for granting rights in mind:

  • The File Scan right is given only if the directory has r and x permissions. In the parent directory, a user must have the x permission to access a subdirectory and r and x permissions to have any NetWare rights.

  • The Modify right is given only if the user is the owner of the file and the parent directory has the Create right (HP-UX permission bits rwx are set in the parent directory).

  • The Supervisor and Access Control rights are never granted.

  • The Erase right is removed if the user is not the owner of the file or directory and the parent directory has the HP-UX sticky permission bit.

Additional Rules

In addition to mapping UID and GIDs and converting HP-UX permissions into NetWare rights, the following rules are used to determine HP-UX access to a file or directory:

  • Attached NetWare users always have Read and Execute rights to the files in the SYS:LOGIN directory and any subdirectories.

  • The path from the volume mount point is used to calculate access to a file or directory. HP-UX permissions above the volume mount point are ignored.

  • To access a file or directory, a user must have the x permission in all directories from the volume mount point to the current directory in question.

    For the user to access a file in the current directory, the user must have r and x permissions to the current directory, as well as some file permissions.

Volume, File, and Directory Attributes

NetWare Services has one volume attribute, Read-Only. It overrides any HP- UX permissions that would allow NetWare users to write to or create files in the volume.

NetWare has a number of file and directory attributes: Delete-Inhibit, Read- Only, Rename-Inhibit, and so on) which are enforced for NetWare users.

Hybrid Variables

The hybrid variables affect the HP-UX enforcement of the permission bits.

Hybrid users are granted rights to files and directories that match with their hybrid UID and GID as well as to all files and directories owned by nwuser or nwgroup.

Since NetWare users who are not hybrid users use nwuser and nwgroup as their default UID and GID, all files and directories that these users create are accessible to all hybrid users.

If this is a security problem, you can set the "Hybrid Allow Default User" variable in NetWare Setup to "No." This forces every NetWare user to be a hybrid user in order to log in to the NetWare server. But it also allows all the HP-UX files and directories created from NetWare to be owned by the HP- UX user who created them.

If the NetWare volumes are NFS-mounted, set the "Allow Processes to Assume Hybrid User IDs?" variable in NetWare Setup to Yes.

Forcing all NetWare users to be hybrid users is the best method of enforcing security with the "UNIX" mode for file access. In this mode, all NetWare users should have sufficient rights to the files and directories that they create to control access from HP-UX.

File Access Control Utilities

Since neither the Supervisor or the Access Control right is ever granted on volumes with HP-UX-made access control, all the NetWare utilities (FILER, NetWare Administrator, NETADMIN, and RIGHTS) that allow users to make trustee assignments will return with an insufficient rights error. Therefore, even the NetWare administrator has insufficient rights to make trustee assignments.

Changes to NetWare rights must be done from HP-UX using HP-UX utilities. Hybrid users on DOS workstations can use NVT2™ (Novell Virtual Terminal™ 2) through Host Presenter to access the HP-UX side of the NetWare Services server and change permissions.

OS/2* clients can use NVT2 from a DOS session. For more information, see Terminal Emulators for DOS/Windows.

The NetWare utilities that display a user's rights should accurately display the user's effective rights as they have been translated from the HP-UX permissions.

Using Both NetWare and HP-UX for File Access Control

When "Both" is selected as the mode for file access control, the user must go through a two-operating-system check:

  • NetWare must allow the access. If NetWare denies the access, the user cannot access the file or directory from NetWare.

  • HP-UX must also allow the access. If the HP-UX permissions have been changed so that the NetWare user does not have permission to access to the file or directory, the user cannot access the file or directory from NetWare.

Figure 3-4 illustrates this process.

Figure 3-4 NetWare and HP-UX File System Security Checks

NetWare and HP-UX File System Security Checks

NetWare Services calculates the rights for both NetWare and HP-UX.

Once the rights are calculated for both systems, the right is granted only if both systems allow it. See Table 3-4 for information on how HP-UX permissions are translated to NetWare rights.

Three NetWare rights—Supervisor, Modify, and Access Control—do not match any HP-UX permissions. These rights are granted under the following conditions:

  • The Supervisor and Access Control rights are granted from NetWare and the hybrid UID matches the HP-UX UID.

  • The Modify right is granted from NetWare, the hybrid UID matches the HP-UX UID, and the user has the w (Write) permission in the parent directory.

File Access Control Utilities

The NetWare Services product access routines check both NetWare rights and HP-UX permissions before returning NetWare rights information.

NetWare and HP-UX utilities should display valid rights information except for the Supervisor right. It is possible for a user to have the Supervisor right and not have all rights to the file.



User Types
  		 


Setting Up Files  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1996 Hewlett-Packard Development Company, L.P.