Supervising the Network
3-16
Managing the NetWare Services File System
File Access Control
Additional Rules
In addition to mapping UID and GIDs and converting HP-UX permissions
into NetWare rights, the following rules are used to determine HP-UX
access to a file or directory:
• Attached NetWare users always have Read and Execute rights to the files in the
SYS:LOGIN directory and any subdirectories.
• The path from the volume mount point is used to calculate access to a file or
directory. HP-UX permissions above the volume mount point are ignored.
• To access a file or directory, a user must have the x permission in all directories
from the volume mount point to the current directory in question.
For the user to access a file in the current directory, the user must have r and x
permissions to the current directory, as well as some file permissions.
Volume, File, and Directory Attributes
NetWare Services has one volume attribute, Read-Only. It overrides any HP-
UX permissions that would allow NetWare users to write to or create files in
the volume.
NetWare has a number of file and directory attributes: Delete-Inhibit, Read-
Only, Rename-Inhibit, and so on) which are enforced for NetWare users.
Hybrid Variables
The hybrid variables affect the HP-UX enforcement of the permission bits.
Hybrid users are granted rights to files and directories that match with their
hybrid UID and GID as well as to all files and directories owned by nwuser
or nwgroup.
Since NetWare users who are not hybrid users use nwuser and nwgroup as
their default UID and GID, all files and directories that these users create are
accessible to all hybrid users.
If this is a security problem, you can set the “Hybrid Allow Default User”
variable in NetWare Setup to “No.” This forces every NetWare user to be a
hybrid user in order to log in to the NetWare server. But it also allows all the
HP-UX files and directories created from NetWare to be owned by the HP-
UX user who created them.