On your NetWare server, the _admin:\manage_nss\files.cmd file enables applications, such as NetStorage and other end-user browser-based tools, to communicate with the file server. The file is a virtual file; it generates dynamic information that lets users see and modify their files through a browser.
Every user on the file server has access to the _admin:\manage_nss\files.cmd and thus inherits the following default file system trustee rights: Read, Write, and Scan. These rights make the _admin: volume visible to end users. This behavior differs from NetWare 6.0 and earlier servers, where the files.cmd file is not visible to end users. Although end users can see the files.cmd file, they cannot delete this file or modify its properties.
To restrict access to the _admin:\manage_nss\files.cmd file or the _admin volume, you must modify a configuration file called trustees.xml. For more information, see Section 22.5.1, Assigning Volume Rights with Trustees.xml (NetWare).
For information about creating software applications and scripts to manage NSS volumes and services on Linux and NetWare, see the NDK: Virtual File Services in the Novell Developer Kit Documentation Web site.
Use the sys:\etc\trustees.xml file to assign file system trustee rights to the root of an NSS volume on NetWare. Trustees.xml is executed every time the server boots.
The sys:\etc\trustees.xml file is useful for assigning rights to non-persistent files or directories, such as the Admin volume or a CD that you have activated as an NSS volume.
Refer to the following table for information about sys:\etc\trustees.xml tags:
The follow is a sample of the trustees.xml code:
<specialTrustees>
<addTrustee> <name>admin.novell.kona_tree</name> <fileName>sys:\etc\group</fileName> <rights> <read/> <write/> <filescan/> <erase/> </rights> </addTrustee>
<addTrustee> <name>xxxx.novell.kona_tree</name> <fileName>sys:\etc\group</fileName> <rights> <read/> <write/> <filescan/> </rights> </addTrustee>
<addTrustee> <name>fred.novell.kona_tree</name> <fileName>sys:\etc\group</fileName> <rights> <read/> <write/> <filescan/> </rights> </addTrustee>
<addTrustee> <name>[public]</name> <fileName>_admin:manage_nss\files.cmd</fileName> <rights> <read/> <write/> <filescan/> </rights> <background/> </addTrustee>
<addTrustee> <name>fred.novell.kona_tree</name> <fileName>sys:\etc\hosts</fileName> <rights> <read/> <write/> <filescan/> </rights> </addTrustee>
</specialTrustees>
If you want to restrict access to the _admin:\manage_nss\files.cmd, you must do so by modifying the <addTrustee> tag in the sys:\etc\trustees.xml file.
Look for this code sample in the .xml file and modify [public] to reflect the user who needs restricted access to the _admin:\manage_nss\files.cmd file:
<addTrustee>
<name>[public]</name>
<fileName>_admin:manage_nss\files.cmd</fileName>
<rights>
<read/>
<write/>
<filescan/>
</rights>
<background/>
</addTrustee>
For example, if you want John Smith, a contract employee, to have only file scan rights to this file, you would enter the following:
<addTrustee>
<name>jsmith.novell.kona_tree</name>
<fileName>_admin:manage_nss\files.cmd</fileName>
<rights>
<filescan/>
</rights>
<background/>
</addTrustee>
For further explanation of the XML tags, see Section 22.5.1, Assigning Volume Rights with Trustees.xml (NetWare).