Supervising the Network

3-12

Managing the NetWare Services File System

File Access Control

2 If the user is the NetWare administrator or equivalent, the user is granted all rights

to the file or directory.

3 NetWare Services scans up the tree from the node in question, looking for a

trustee assignment granted to each object ID.

4 If one of the object IDs has been granted the Supervisor right, the user is granted

all rights to the file or directory.

5 If the trustee assignment is for the node in question, the user is granted those

rights.

6 If the trustee assignments are above the node in question, NetWare Services

checks that rights are on in the trustee assignments and the rights in the IRFs.

NetWare Services then allows these rights to be used by the user.

If multiple trustee assignments have been granted to an object ID in a branch of

the tree, NetWare Services uses the trustee assignment closest to the node in

question for all rights except the Supervisor right.

NetWare Services searches to the root of the volume to verify whether the

Supervisor right has been granted. Since the Supervisor right cannot be revoked

except in the directory where it was granted, this right overrides trustee

assignments in lower directories, as well as modiﬁcations to Inherited Rights

Filters.

Volume, File, and Directory Attributes

NetWare Services has one volume attribute, Read-Only. It overrides any HP-

UX permissions that would allow NetWare users to write to or create ﬁles in

the volume.

NetWare has a number of ﬁle and directory attributes (Delete-Inhibit, Read-

Only, Rename-Inhibit, and so on) which are enforced for NetWare users.

File Access Control Utilities

Since only NetWare is used to control ﬁle access, all client access control

must be set up with the NetWare utilities (such as NETADMIN, NetWare

Administrator, FILER, RIGHTS, or FLAG for attributes). NetWare utilities

should also correctly display the user’s effective rights.