Interoperability with NetWare |
NetWare file security is similar to NTFS security because you can control group and user abilities to access files, called rights in NetWare. A NetWare trustee right, which is equivalent to a Windows 2000 permission is a rule associated with an object (usually a folder, file, or printer) that regulates which users can gain access to the object and in what manner. Most often the creator or owner of the object sets the permissions for the object.
The primary design difference between Windows 2000 permissions and NetWare trustee rights are that Windows 2000 permissions are subtractive while NetWare trustee rights are additive. When you create folders and files in Windows 2000, full access is granted and then access rights can be subtracted or restricted, whereas in NetWare when you create a directory or file, access is denied and then access rights need to be added.
NetWare uses a combination of trustee assignments and inherited rights masks or filters to establish security settings. The intersection of these two access control mechanisms determine the actual access rights, known as NetWare effective rights, that a user or group has for a particular directory or file. There are eight NetWare directory rights settings: Read, Write, Create, Erase, Modify, File Scan, Access Control, and Supervisor.
The individual NetWare directory rights, their abbreviations, and their descriptions are listed in Table 12.6.
Table 12.6 NetWare Directory Rights
Directory Rights | Description |
---|---|
Read (R) | Read data from an existing file. |
Write (W) | Write data to an existing file. |
Create (C) | Create a new file or subdirectory. |
Erase (E) | Delete an existing files or directory. |
Modify (M) | Rename and change attributes of a file. |
File Scan (F) | List the contents of a directory. |
Access Control (A) | Control the rights of other users to access files or directories. |
Supervisor (S) | Automatically allowed all rights. |
Table 12.7 compares Windows 2000 folder permissions to NetWare directory rights.
Table 12.7 Windows 2000 Folder Permission to NetWare Directory Rights
Windows 2000 Folder Permissions | Corresponding NetWare Directory Rights |
---|---|
List Folder Contents | File Scan (F) |
Read | Read, File Scan (RF) |
Write | Write, Create, Modify (WCM) |
Modify | Read, Write, Create, Erase, Modify, File Scan (RWCEMF) |
Full Control | Supervisor (S) |
Table 12.8 compares Windows 2000 file permissions to NetWare file rights.
Table 12.8 Windows 2000 File Permissions to NetWare File Rights
Windows 2000 File Permissions | Corresponding NetWare File Rights |
---|---|
Read | Read (R) |
Modify | Read, Write, Erase, Modify (RWEM) |
Full Control | Supervisor (S) |
NetWare file attributes, also known as flags, are not exactly the same as Windows 2000 file attributes. Table 12.9 shows how Windows 2000 file attributes correspond to NetWare file attributes when you open a NetWare file through Gateway Service for NetWare or Client Service for NetWare. The four attributes below are actually a subset of many attributes supported by NetWare. Windows 2000 does not support any additional NetWare file and directory attributes.
Table 12.9 Windows 2000 and NetWare File Attributes
Windows 2000 File Attributes | NetWare File Attributes |
---|---|
A (Archive) | A (Archive needed) |
S (System) | Sy (System file) |
H (Hidden) | H (Hidden) |
R (Read-only) | Ro (Read-only), Di (Delete inhibit), Ri (Rename inhibit) |
Gateway Service for NetWare does not support the following NetWare file attributes: Dc (Don't Compress), Ci (Copy Inhibit), Dm (Don't Migrate), Ic (Immediate Compress), P (Purge), Ri (Rename Inhibit), Ra (Read Audit), Rw (Read Write), S (Sharable), T (Transactional), I (Index), and X (Execute Only). These attributes vary between different NetWare versions.
When you copy a file from a Windows or Windows 2000 Professional–based network client to the NetWare file server by means of Client Service for NetWare or Gateway Service for NetWare, the A, S, H, and R attributes are assigned the corresponding NetWare A, Sy, H, and Ro attributes.
When you use a computer running Client Service for NetWare or Gateway Service for NetWare to access NetWare servers and you need to set attributes that are not supported in Client Service for NetWare or Gateway Service for NetWare, you can use NetWare utilities, such as filer, rights, or the flag command from a command prompt to set those attributes.