Retro video games delivered to your door every month!
Click above to get retro games delivered to your door ever month!
X-Hacker.org- Novlib 3.30 Online Reference - <b> directory services rights and attributes</b> http://www.X-Hacker.org [<<Previous Entry] [^^Up^^] [Next Entry>>] [Menu] [About The Guide]
 Directory services rights and attributes
------------------------------------------------------------------------------
 NETWARE 386 Trustee Rights

 The NetWare trustee rights are represented with two bytes; the bits stand
 for different rights as follows:

 <<Diag>>

 R  Read allows a trustee to open and read the contents of a directory
    or file.
 W  Write allows a trustee to open and write to a file or write to the
    files in a directory.
 C  Create allows a trustee to either salvage a file if deleted or
    create files and directories within a directory.
 E  Erase allows a trustee to delete a file or directory.
 A  Access allows a trustee to modify the trustee list and/or
    Inherited Rights Mask of a file or directory.
 F  File Scan allows a trustee to see a file in a directory or the
    contents of an entire directory.
 M  Modify allows a trustee to rename and change the attributes of a
    file or directory.
 S  Supervisor grants all rights to a trustee, overriding any masks or
    right assignments.

 Bit 2 of byte 0 is reserved by NetWare.
    TR_NONE        0x0000      No Rights
    TR_READ        0x0001
    TR_WRITE       0x0002
    TR_CREATE      0x0008
    TR_ERASE       0x0010
    TR_ACCESS      0x0020
    TR_FILE        0x0040
    TR_MODIFY      0x0080
    TR_SUPERVISOR  0x0100
    TR_NORMAL      0x00FF
    TR_ALL         0x01FF      All Rights

 Above are the constants defined for NetWare trustee rights; they can be
 logically ORed together (via | ) to form a complete rights specification.

 NetWare 286 Trustee Rights

 Trustee Rights for NetWare versions previous to 3.0 are represented by one
 byte as shown.  Their definitions follow.

 <<Diag>>

 R  Read allows a trustee to read the contents of a file.
 W  Write allows a trustee to write to a file.
 O  Open allows a trustee to open a file.
 C  Create allows a trustee to create files.
 D  Delete allows a trustee to delete a file.
 P  Parental allows a trustee to create/delete subdirectories within the
    current directory and grant/revoke trustee rights.
 S  Search allows a trustee to see the contents of an entire directory.
 M  Modify allows a trustee to rename and change the attributes of a file.

 The constants below apply to the above NetWare 286 rights and can also be
 ORed together to form a complete specification:

    TA_NONE        0x0000      No Rights
    TA_READ        0x0001
    TA_WRITE       0x0002
    TA_OPEN        0x0004
    TA_CREATE      0x0008
    TA_DELETE      0x0010
    TA_OWNERSHIP   0x0020
    TA_SEARCH      0x0040
    TA_MODIFY      0x0080
    TA_ALL         0x00FF      All Rights

 NetWare 386 Attributes

 Attributes give special properties to directories and files that override
 rights. The attributes appear in a 4-byte field, stored with the files DOS
 file entry in a volumes Directory Table. They also appear in a 4-byte field
 (bytes 0 to 3) within a directory's DOS directory entry.

 <<Diag>>

 A  Archive Needed: only applicable to files. Automatically assigned to
    any file modified after a backup.
 C  Copy Inhibit: only applicable to files. Only restricts actions of
    Macintosh users and  Macintosh applications.  Thwarts copying even if
    Read and File Scan rights have been granted. Those with the Modify
    right may remove Copy Inhibit and proceed.
 D  Delete Inhibit: prevents deleting a file or directory even to those
    possessed of the Erase right.  Those with Modify right may remove
    Delete Inhibit and proceed.
 X  Execute Only: only applicable to files. Thwarts copying; only
    assignable by Supervisor and should be used on a backup of the file,
    as Execute Only will prevent backing up the file. Will actually
    prevent some programs from executing. Use with caution.
 H  Hidden: hides a file from DOS DIR scans and prevents from being
    deleted or copied.  NDIR will reveal the file if the user has File
    Scan rights.
 I  Indexed: included for backwards compatibility.
 P  Purge: forces NetWare to purge a file immediately when deleted,
    rather than make them recoverable with the SALVAGE utility. When used
    with a directory, any file within the directory will be treated as if
    it had Purge set.
 Ra Read Audit: Not yet implemented; allows recording information about
    those who read from a database file. Reserved for later releases of
    NetWare 386.
 Ro Read Only: only applicable to files. Automatically assigns Delete
    Inhibit and Rename Inhibit attributes as well. If a trustee with Modify
    rights removes Read Only, Delete Inhibit and Rename Inhibit are removed,
    but removing either or both of the two separately will still leave the
    file write-protected, but able to be renamed and/or deleted.
 R  Rename Inhibit: restricts users from renaming directories or files.
    Trustees with Modify rights must explicitly remove Rename Inhibit before
    renaming a directory or file.
 S  Shareable: only applicable to files. Allows use of a file by more
    than one user at a time; usually used in combination with Read Only.
    Sy System: hides a file and directories from DOS DIR scans, but leaves
    them visible to users of the NDIR utility with File Scan rights.
 T  Transactional: only applicable to files. Indicates a file to be
    protected with the NetWare Transaction Tracking System (TTS).
 Wa Write Audit: Not yet implemented; allows recording information
    about those who write to a database file.  Reserved for later releases
    of NetWare 386.

 An Example Using Trustee Rights and Inherited Rights Masks
 In the diagram, we see a sample directory/file structure with its
 associated Inherited Rights Masks.  Suppose we have a user JAN, who
 possesses all rights except Supervisor (RWCEAFM: Read, Write, Create,
 Erase, Access, File Scan and Modify) in the root directory WORK.

 <<Diag>>

 In directory PROJECT, JAN retains all her rights, because the directory's
 Inherited Rights Mask (also RWCEAFM) allows them.  An IRM disallows the use
 of all rights except those which it lists, in effect saying, The rights I
 contain are the only ones which will carry over to my directory.
 In keeping with this rule, JAN would only retain R, W, C, and F (Read,
 Write, Create, and File Scan) rights to File1, File2 and any other files in
 the PROGRAMS directory, due to its more restrictive IRM.

 In the PROGRAM subdirectory STUFF, she is further restricted by the IRM of
 STUFF, which only allows Read and File Scan rights to carry through; she is
 only able to detect the files in STUFF via the DOS DIR command, and read
 their contents.  Unfortunately, the sole file in STUFF, File3, has its own
 IRM, which only allows File Scan rights: thus, even though JAN is able to
 detect File3, she cannot read its contents.
 Remember: any attributes of these files or directories override all user
 rights.

Online resources provided by: http://www.X-Hacker.org --- NG 2 HTML conversion by Dave Pearson