Supervising the Network
3-17
Managing the NetWare Services File System
File Access Control
If the NetWare volumes are NFS-mounted, set the “Allow Processes to
Assume Hybrid User IDs?” variable in NetWare Setup to Yes.
Forcing all NetWare users to be hybrid users is the best method of enforcing
security with the “UNIX” mode for file access. In this mode, all NetWare
users should have sufficient rights to the files and directories that they create
to control access from HP-UX.
File Access Control Utilities
Since neither the Supervisor or the Access Control right is ever granted on
volumes with HP-UX-made access control, all the NetWare utilities (FILER,
NetWare Administrator, NETADMIN, and RIGHTS) that allow users to
make trustee assignments will return with an insufficient rights error.
Therefore, even the NetWare administrator has insufficient rights to make
trustee assignments.
Changes to NetWare rights must be done from HP-UX using HP-UX
utilities. Hybrid users on DOS workstations can use NVT2™ (Novell
Virtual Terminal™ 2) through Host Presenter to access the HP-UX side of
the NetWare Services server and change permissions.
OS/2* clients can use NVT2 from a DOS session. For more information, see
Terminal Emulators for DOS/Windows.
The NetWare utilities that display a user’s rights should accurately display
the user’s effective rights as they have been translated from the HP-UX
permissions.
Using Both NetWare and HP-UX for File Access Control
When “Both” is selected as the mode for file access control, the user must go
through a two-operating-system check:
• NetWare must allow the access. If NetWare denies the access, the user cannot
access the file or directory from NetWare.
• HP-UX must also allow the access. If the HP-UX permissions have been changed
so that the NetWare user does not have permission to access to the file or
directory, the user cannot access the file or directory from NetWare.
Figure 3-4 illustrates this process.