HandsOn Novell Open Enterprise Server for NetWare and Linux - PowerPoint PPT Presentation

1 / 52
About This Presentation
Title:

HandsOn Novell Open Enterprise Server for NetWare and Linux

Description:

Flags or codes you can associate with files and directories ... Planning File Attribute Use at Universal AeroSpace (continued) ... – PowerPoint PPT presentation

Number of Views:124
Avg rating:3.0/5.0
Slides: 53
Provided by: facult68
Category:

less

Transcript and Presenter's Notes

Title: HandsOn Novell Open Enterprise Server for NetWare and Linux


1
Hands-On Novell Open Enterprise Server for
NetWare and Linux
  • Chapter 6
  • Working with NetWare File System Security

2
Objectives
  • After reading this chapter and completing the
    activities,
  • you will be able to
  • Describe NetWare file system security components
    (trustee rights, effective rights, and
    inheritance), make trustee assignments, and
    determine a users effective rights
  • Explain concepts of file system security
  • Describe file and directory attributes and use
    NetWare utilities and commands to view and set
    attributes

3
File System Security Components
  • NetWare file system security consists of two
    levels
  • Access rights security
  • Attribute security
  • Access rights
  • Ensure that users can work with data only in
    certain files and directories
  • Attributes
  • Flags attached to files and directories
  • Limit functions that can be performed in those
    files or directories

4
NetWare Access Rights
  • File system security
  • Based on the concept of making an eDirectory
    object a trustee of a file or directory
  • With certain assigned access rights
  • Consists of a single group of eight access rights
  • Controls the operations a trustee can perform in
    the file system
  • Directory entry table (DET)
  • Contains information about a file or directory
  • Including its name and the access control list
    (ACL)

5
NetWare Access Rights (continued)
6
NetWare Access Rights (continued)
7
Trustee Assignments
  • Give users, groups, or containers rights to
    access and maintain the file system
  • Directory trustee
  • User, group, or container object that has been
    granted access rights to a directory
  • File trustee
  • User or group that has been granted access rights
    to a file
  • Effective rights
  • Define access rights a user has in a specific
    directory or file

8
Trustee Assignments (continued)
  • Making user trustee assignments
  • Trustee assignment
  • Process of granting a user a direct trustee
    assignment
  • With specific rights to directories and files
  • Users default effective rights
  • Are always equal to his or her trustee assignment
  • Access rights are usually indicated with the
    first letter of each right enclosed in brackets
  • R, C, F means Read, Create, and File Scan
    rights
  • By default, a new user gets RW C E M FA rights
    to his or her home directory

9
Trustee Assignments (continued)
10
Trustee Assignments (continued)
  • Viewing effective rights
  • Use Windows Explorer or Remote Manager
  • To view your effective rights
  • Use ConsoleOne or NetWare Administrator
  • To verify effective rights in the file system

11
Trustee Assignments (continued)
12
Trustee Assignments (continued)
  • Group trustee assignments
  • When a group is made a trustee of a directory or
    file
  • All members of that group are considered trustees
  • Group members effective rights
  • Combination of any personal trustee assignments
    plus any rights they have from being group
    members
  • You can use Remote Manager to make trustee
    assignments

13
Trustee Assignments (continued)
14
Trustee Assignments (continued)
15
Trustee Assignments (continued)
  • Container trustee assignments
  • When a container is made a trustee of a directory
    or file
  • All users in container and subcontainer objects
    share the same rights
  • Use Remote Manager to make trustee assignments

16
Inherited Rights
  • Allows effective rights to a directory to flow
    down into files and other subdirectories
  • Inheritance
  • Essential concept in making file system security
    efficient
  • By eliminating an excessive number of trustee
    assignments

17
Inherited Rights (continued)
18
Inherited Rights (continued)
  • The Inherited Rights Filter (IRF)
  • Can prevent a subdirectory from inheriting rights
  • Acts as a block to keep selected rights from
    passing into a subdirectory structure or files
  • IRF cannot be used to block the Supervisor right
  • Supervisor access right cant be removed from an
    IRF

19
Inherited Rights (continued)
20
Combining Trustee Assignment and Inherited Rights
  • Reduce number of rights granted to a user
  • By taking group or container rights into
    consideration

21
Combining Trustee Assignment and Inherited Rights
(continued)
22
Calculating Effective Rights
  • NetWare tracks inherited rights separately for
    each type of object
  • User objects inherited rights in a directory are
    kept separate from inherited rights for
    containers or groups
  • At the directory or subdirectory level
  • Users effective rights are calculated by
    combining
  • Effective rights with the effective rights of any
    groups or containers to which they belong
  • Making a new trustee assignment to a user, group,
    or container
  • Overrides the inherited rights for that object

23
Calculating Effective Rights (continued)
24
Working with Supervisor Rights
  • New trustee assignments made to subdirectories or
    files
  • Do not override the inherited Supervisor right
  • Supervisor right cannot be changed or blocked in
    one of the subdirectories
  • It can be changed only at the point of origin
  • User with Supervisor right can manage an entire
    directory structure
  • Without being blocked by another user or an
    incorrect trustee assignment

25
Working with Supervisor Rights (continued)
26
Using the RIGHTS Command
  • Documenting user trustee assignments
  • Important task in managing a network file system
  • RIGHTS command
  • Another method of displaying and printing trustee
    assignments in a directory structure
  • Convenient for making trustee assignments from
    the command prompt
  • Or creating a batch file or script to assign
    rights automatically

27
Planning File System Security
  • NetWare file system security
  • Sophisticated, complex system with many options
    for ensuring access to network data
  • Plan security system to keep trustee assignments
    and IRFs to a minimum

28
File System Security Guidelines
  • Identify rights needed for each user
  • Analyze each users processing needs
  • Determine and document access rights each
    directory needs
  • To meet processing requirements
  • Proper directory structure design
  • Directories requiring the most security should be
    near the top of the structure
  • Do not limit trustee assignment for other users
  • Including directories that limit access rights
  • Use IRFs to protect high-security directories

29
File System Security Guidelines (continued)
  • Reduce use of IRFs
  • Avoid placing a directory needing more security
    within a general-purpose directory
  • Use explicit trustee assignments for reducing a
    user or groups effective rights
  • Minimize trustee assignments
  • Make assignments in the following order
  • Assign rights to containers
  • Assign rights to departmental groups
  • Assign rights to Organizational Role objects
  • Assign rights to individual users

30
File System Security Guidelines (continued)
31
File System Security Guidelines (continued)
32
File System Security Guidelines (continued)
  • Avoid complex combinations
  • Avoid combinations of assignments to groups,
    containers, and individual users
  • Within the same directory structure
  • Do not rely on users inheriting certain rights
  • Make users explicit trustees of a directory or
    file
  • With just the rights needed for access

33
Universal AeroSpace File System Security
  • Planning file system security steps
  • Define processing functions each user needs to
    perform
  • Review the directory structure
  • Plan trustee assignments
  • Minimize the number of trustee assignments

34
Universal AeroSpace File System Security
(continued)
35
Universal AeroSpace File System Security
(continued)
36
Universal AeroSpace File System Security
(continued)
37
Attribute Security
  • Attributes
  • Flags or codes you can associate with files and
    directories
  • Determine what type of processing can be carried
    out
  • Set attributes on directories and files as
    additional protection
  • Against accidental change or deletion or to
    specify special processing

38
File and Directory Attributes
  • Attributes set on files and directories
  • Override users effective rights in that file or
    directory
  • File attributes
  • Archive Needed (A)
  • Controls which files are copied to a backup disk
  • Copy Inhibit (Ci)
  • Prevents Macintosh users from copying specified
    files
  • Delete Inhibit (Di)
  • Dont Compress (Dc)
  • Dont Suballocate (Ds)
  • Dont Migrate (Dm)

39
File and Directory Attributes (continued)
  • File attributes
  • Execute Only (X)
  • Protects software files from being copied
    illegally
  • Hidden (H)
  • Immediate Compress (Ic)
  • Migrated (M)
  • Purge
  • NetWare server reuses file space immediately
    after its deleted
  • Read Only (Ro)
  • Rename Inhibit (Ri)

40
File and Directory Attributes (continued)
  • File attributes
  • Sharable (Sh)
  • Allows file to be opened by more than one user at
    a time
  • System (Sy)
  • Transactional (T)
  • File is protected by Transaction Tracking System
    (TTS)
  • Either all transactions are completed or file is
    left in its original state
  • Directory attributes
  • Normal (N)
  • Removes all directory attributes

41
File and Directory Attributes (continued)
42
File and Directory Attributes (continued)
43
Planning Directory Attribute Use at Universal
AeroSpace
  • Without adequate planning
  • Renaming directories
  • Could cause problems with directory map commands
  • Could prevent applications from finding data in a
    predefined path
  • Directory attributes
  • Protect directory structure from name changes and
    accidental deletion

44
(No Transcript)
45
Planning File Attribute Use at Universal AeroSpace
  • Most commonly used file attributes
  • Read Only
  • Shared
  • Read Only attribute
  • Prevents the software from being changed or
    deleted
  • Protects against virus infection

46
Planning File Attribute Use at Universal
AeroSpace (continued)
47
Implementing Directory and File Attributes
  • To set directory and file attributes, use
  • NetWare utilities
  • Remote Manager
  • ConsoleOne
  • Windows

48
Implementing Directory and File Attributes
(continued)
49
Implementing Directory and File Attributes
(continued)
50
The FLAG Command
  • Useful for documenting and setting directory and
    file attributes
  • Setting and documenting directory attributes
  • FLAG uses the /DO parameter to set and view
    directory attributes
  • Example
  • FLAG path /- attribute_list /DO

51
Summary
  • NetWare file system must be secured
  • By using trustee assignments
  • Access Control right
  • Allows users to assign other rights to other
    users
  • Except Supervisor
  • Trustee assignments
  • Used to grant rights to users or groups for a
    directory
  • Inherited Rights Filter (IRF)
  • Controls which rights a file or directory
    inherits from higher-level directories

52
Summary (continued)
  • To set and view trustee assignments, use
  • ConsoleOne, Remote Manager, Windows Explorer, or
    the RIGHTS command
  • Attributes
  • Play a vital role in file system security
  • Enable you to protect files and directories from
    certain operations
  • To set attributes on files and directories, use
  • Remote Manager, ConsoleOne, and the FLAG command
Write a Comment
User Comments (0)
About PowerShow.com