10.1 Understanding DFS Junctions

The DFS junction is a special file that takes the place of a directory and its contents. The junction contains information that points to a target location where the data actually resides. The junction can be created at the root of an NSS volume or in any of its directories. The junction can point to the root of the target volume or to any of its directories.

For the administrator, the junction appears in the file structure as a directory. The user usually sees only the data structure in the target location, and is unaware that the junction exists. The user sees the junction as a subdirectory and is unable to access the target data if the target path is down or if VLDB service for the target’s DFS management context is not running. Any attempt to access the junction in a file browser results in an error; that is, they cannot open it. If they right-click the junction and click Properties, they can view information about the junction name. Clients that are not DFS-aware see a junction as a file that they have no rights to access.

10.1.1 Junction Properties

Junction properties define the junction and the junction target. For information about restrictions on the junction and target locations, see Section 8.4.4, Junctions.

Junction

The junction is commonly identified by its name and location. DFS assigns a DFS GUID (globally unique identifier) to each Volume object in Novell eDirectory™ to uniquely identify the volume in the VLDB for the DFS management context.

Table 10-1 Junction Properties

Property

Description

Name

The administrator-specified name of the junction.

The name is handled according to the naming conventions of whatever name space you used to mount the source volume. For example, if the source volume is mounted with the Long name space, the junction name is case insensitive. In a UNIX name space, the name is case sensitive. In a DOS name space, the name is changed to all capitals.

Volume

The NSS volume where the junction resides.

Path

A directory path on the volume where the junction resides. If no path is specified, the junction resides at the root of the volume. The path name does not include the name of the junction.

Junction Target

The junction can point to the root of a target volume or to a directory on it. The target volume can reside within any existing DFS management context that is defined in the same tree as the volume where the junction resides. The junction works only when the VLDB Service is running for that DFS management context.

Table 10-2 Junction Target Properties

Property

Description

Volume

The target NSS volume that contains the data that the junction represents.

Path

The directory path on the target NSS volume where the data resides. If no path is specified, the junction points to the root of the target volume.

10.1.2 Trustee Rights for the Junction and Target Locations

DFS honors the trustees and file system trustee rights that you define for the junction location and target location. You can modify the assigned trustees and their rights at any time after you create the junction.

IMPORTANT:To avoid security and visibility issues, make sure to modify the settings on both the junction and the target location.

Effective rights on the junction target include explicitly defined rights on the junction itself and rights that are inherited from the junction’s parent directory. To block any undesired inherited rights, set trustees and trustee rights explicitly on the junction. If desired, you can copy the effective rights to the target location as explicit rights.

Visibility rights on the target location include explicitly defined rights on the target location and rights that are inherited from the target’s parent directory on the target volume. To block any undesired inherited rights, or to block rights that are set on the junction, set trustees and trustee rights explicitly on the target location or its subdirectories. For file visibility via the junction, users need a minimum of Read and File Scan trustee rights on the target location. If desired, you can copy the visibility rights you set on the target location to the junction as explicit rights.

The following table defines the file system trustee rights that can be set for the junction and target.

Table 10-3 File System Trustee Rights

Trustee Right

Description

S (Supervisor)

Grant all rights to the file or directory.

R (Read)

Open and read files in the directory.

W (Write)

Open and write to files in the directory.

C (Create)

Create files and subdirectories.

E (Erase)

Erase files and directories.

M (Modify)

Rename files and directories, and change file attributes.

F (File Scan)

View and search on file and directory names in the file system structure.

A (Access Control)

Add and remove trustees and change trustee rights to files and directories.