For NCP volumes on Linux, the ability to inherit POSIX permissions (Group ID and mode bits) from a parent directory is disabled by default. This ensures that local access to data (that is, local access in the Linux environment, not via NetIQ eDirectory) is available only to the root user. Only authorized eDirectory users can access the data. As with NetWare volumes, NCP Server controls access to data by using the Novell trustee model of file system trustees and trustee rights.
If the Inherit POSIX Permissions option is enabled, it allows the POSIX permissions (GID and mode bits) to be inherited from the parent directory. This lets shared areas be more easily created and managed for local Linux users. However, it makes the volume less secure.
IMPORTANT:The disabled setting for the Inherit POSIX Permissions option is a more secure management method for NCP volumes.
Inherit POSIX Permissions is disabled by default and is not allowed to be set on an NSS volume. There is an explicit check for this, and if the volume is an NSS volume, an error 22 is returned. NSS has its own handling of POSIX permissions. For information, see Section 6.2.1, POSIX Permissions on the NSS File System.
Inherit POSIX Permissions is disabled by default on clustered NCP volumes in OES 2 SP1 Linux and earlier releases. You cannot use the methods described in this section to set the Inherit POSIX Permissions option for a clustered NCP volume because it does not have an entry in the ncpserv.conf file. The clustered NCP volume is defined in the mount command line in its cluster resource load script and removed in its unload script.
Use any of the following methods to configure the Inherit POSIX Permissions setting for unclustered NCP volumes:
You can enable or disable the Inherit POSIX Permissions option when you create an NCP volume on a Linux POSIX file system in Novell Remote Manager. The option is disabled by default. For information about creating an NCP volume, see Section 10.2.1, Using Novell Remote Manager to Create an NCP Volume on a Linux File System.
In a Web browser, open Novell Remote Manager for Linux for the server you want to manage, then log in as the root user.
Select Manage NCP Services > Manage Shares.
On the NCP Shares page, locate the volume’s share name in the Active Shares area.
If the volume is mounted, click Unmount next to its share name.
Click the Information icon next to the volume’s share name.
On the Share Information page, click Attributes.
On the Modify Volume Properties page, enable or disable the Inherit_POSIX_Permissions parameter by selecting or deselecting its check box, then click Update.
On the NCP Shares page, mount the volume by clicking Mount next to its share name.
Novell Remote Manage for Linux automatically restarts the NetIQ eDirectory daemon to make the changed setting take effect.
Open a terminal console, then log in as the root user.
Start NCPCON by entering the following at the terminal console prompt:
ncpcon
Display the current volume settings by entering the following at the NCPCON prompt:
change volume ncp_volumename
Replace ncp_volumename with the name of the NCP volume you want to manage.
Dismount the volume by entering the following at the NCPCON prompt:
dismount ncp_volumename
Replace ncp_volumename with the name of the volume you want to manage.
Enable or disable the Inherit_POSIX_Permissions (set the parameter to On or Off), by entering one the following commands:
change volume ncp_volumename Inherit_POSIX_Permissions on
change volume ncp_volumename Inherit_POSIX_Permissions off
Mount the volume by entering the following at the NCPCON prompt:
mount ncp_volumename
Display the volume settings again to verify the change you made to the Inherit_POSIX_Permissions setting. At the NCPCON prompt, enter
change volume ncp_volumename
Exit NCPCON by entering
exit
You can enable or disable the Inherit POSIX Permissions parameter for an existing NCP volume by adding the Inherit_POSIX_Permissions flag to the VOLUME definition for that volume in the NCP Server configuration file (/etc/opt/novell/ncpserv.conf). Remove the flag from a volume definition to disable it.
Dismount the NCP volume where you want to change the setting.
Open a terminal console, then log in as the root user.
At the terminal console prompt, enter
ncpcon dismount ncp_volumename
Replace ncp_volumename with the name of the volume you want to manage.
Modify the setting for the volume in the /etc/opt/novell/ncpserv.conf file.
Open the /etc/opt/novell/ncpserv.conf file in text editor.
Do one of the following:
Enable: Add the Inherit_POSIX_Permissions flag to the end of the VOLUME definition line for the NCP volume where you want to enable it:
For example:
VOLUME TEST1 /usr/Novell/TEST1 Inherit_POSIX_Permissions
Disable: Remove the Inherit_POSIX_Permissions flag from the VOLUME definition line for the NCP volume where you want to disable it. This is the default setting.
For example:
VOLUME TEST1 /usr/Novell/TEST1
Save the file.
The changes do not go into effect until you restart ndsd.
Restart the NetIQ eDirectory (ndsd) daemon to make the changes to ncpserv.conf go into effect.
Use the following steps to stop and start ndsd when a single instance is running. For information about stopping and starting ndsd when you are running multiple instances of it on the same server, see Using Multiple Instances in the NetIQ eDirectory 8.8 SP8 What’s New Guide.
Use the following commands to stop ndsd:
rcndsd stop
Use the following commands to start ndsd:
rcndsd start
Mount the NCP volume:
Open a terminal console, then log in as the root user.
At the terminal console prompt, enter
ncpcon mount ncp_volumename
Replace ncp_volumename with the name of the volume that you modified.
To set the Inherit POSIX Permissions option for a clustered volume, add "/OPT=Inherit_POSIX_Permissions" to the mount command. Place the option before the volume name; otherwise, the mount fails.
The syntax for the mount command line in the cluster load script is:
exit_on_error ncpcon mount /OPT=Inherit_POSIX_Permissions <NCPvolumename>=VOL_ID,PATH=<volumeMountPoint>