NSS uses the Novell Trustee Model for controlling access to user data. As an administrator or a user with the Supervisor right or Access Control right, you can use the Files and Folders plug-in to iManager to manage file system trustees, trustee rights, inherited rights filters, and attributes for a file or folder on an NSS volume. A user who has only the Access Control right cannot modify the rights of another user who has the Supervisor right.
The volume that you want to manage must be in the same tree where you are currently logged in to iManager.
You must have trustee rights for the volume, folder, and file that you want to manage.
The volume must be a file system that uses the Novell trustee model for file access, such as an NSS volume on OES 2 NetWare or Linux, an NSS or NetWare traditional volume on NetWare® 6.5, or an NCP™ (NetWare Core Protocol™) volume (an NCP share on Ext3 or Reiser file system) on OES 2 Linux.
File system trustees, trustee rights, and inherited rights filters are used to determine access and usage for directories and files on NSS volumes on OES 2 NetWare and Linux, NCP volumes on OES 2 Linux, and NSS and NetWare Traditional volumes on NetWare 6.5. If you modify any settings, you must click or to save the changes.
A trustee is any Novell eDirectory object (such as a User object, Group object, Organizational Role object, or other container object) that you grant one or more rights for a directory or file. Trustee assignments allow you to set permissions for and monitor user access to data.
In iManager, click , then click to open the page.
On the page, select a volume, folder, or file to manage.
For instructions, see Section 9.5, Viewing Properties of a File or Folder.
Click the tab to view the trustees, trustee rights, and inherited rights filter for the selected volume, folder, or file.
Add trustees.
Scroll down to the field.
Use one of the following methods to add usernames as trustees:
Click the icon, browse to locate the usernames of the users, groups, or roles that you want to add as trustees, click the name link of the objects to add them to the list, then click .
Click the icon to select usernames from a list of users, groups, or roles that you recently accessed.
Type the typeless distinguished username (such as username.context) in the field, then click the (+) icon.
The usernames appear in the Trustees list, but they are not actually added until you click or . Each of the usernames has the default Read and File Scan trustee rights assigned.
On the page, click to save the changes.
Remove trustees.
Scroll down to locate and select the username of the user, group, or role that you want to remove as a trustee.
Click the (red X) icon next to the username to remove it as a trustee.
The username disappears from the list, but it is not actually removed until you click or .
On the page, click to save changes.
Administrator users and users with the Supervisor right or the Access Control right can grant or revoke file system trustee rights for a volume, folder, or file. Only the administrator user or user with the Supervisor right can grant or revoke the Access Control right.
In iManager, click , then click to open the page.
On the page, select a volume, folder, or file to manage.
For instructions, see Section 9.5, Viewing Properties of a File or Folder.
Click the tab to view the trustees, trustee rights, and inherited rights filter for the selected volume, folder, or file.
Scroll to locate the username of the trustee you want to manage.
In the check boxes next to the trustee name, select or deselect the rights you want to grant or revoke for the trustee.
IMPORTANT:Changes do not take effect until you click or . If you click a different tab before you save, any changes you have made on this page are lost.
Click or to save changes.
File system trustee rights assignments made at a given directory level flow down to lower levels until they are either changed or masked out. This is referred to as inheritance. The mechanism provided for preventing inheritance is called the inherited rights filter. Only those rights allowed by the filter are inherited by the child object. The effective rights that are granted to a trustee are a combination of explicit rights set on the file or folder and the inherited rights. Inherited rights are overridden by rights that are assigned explicitly for the trustee on a given file or folder.
In iManager, click , then click to open the page.
On the page, select a volume, folder, or file to manage.
For instructions, see Section 9.5, Viewing Properties of a File or Folder.
Click , then scroll down to view the inherited rights filter.
The selected rights are allowed to be inherited from parent directories. The deselected rights are disallowed to be inherited.
In the , enable or disable a right to be inherited from its parent directory by selecting or deselecting the check box next to it.
Click or to save the changes.
Effective rights are the explicit rights defined for the trustee plus the rights that are inherited from the parent directory. The page shows the inheritance path for a trustee for the selected file or folder and the effective rights at each level from the current file or directory to the root of the volume. You can use this information to help identify at which directory in the path a particular right was filtered, granted, or revoked.
In iManager, click , then click to open the page.
On the page, select a volume, folder, or file to manage.
For instructions, see Section 9.5, Viewing Properties of a File or Folder.
On the page, click the tab to view the effective rights for a given trustee.
By default, the page initially displays the effective rights for the username you used to log in to iManager.
On the page, click the icon next to the field to browse for and locate the username of the trustee you want to manage, then select the username by clicking the name link.
The path for the selected file or folder is traced backwards to the root of the volume. At each level, you can see the rights that have been granted and inherited to create the effective rights for the trustee.
If you make any changes, click or to save them.