For NCP volumes on Linux, the ability to inherit POSIX permissions (Group ID and mode bits) from a parent directory is disabled by default. This ensures that local access to data (that is, local access in the Linux environment, not via Novell eDirectory) is available only to the root user. Only authorized eDirectory users can access the data. As with NetWare volumes, NCP Server controls access to data by using the Novell trustee model of file system trustees and trustee rights.
If the
is enabled, it allows the POSIX permissions (GID and mode bits) to be inherited from the parent directory. This lets shared areas be more easily created and managed for local Linux users. However, it makes the volume less secure.IMPORTANT:The disabled setting for the
option is a more secure management method for NCP volumes.Inherit POSIX Permissions is disabled by default and is not allowed to be set on an NSS volume. There is an explicit check for this, and if the volume is an NSS volume, an error 22 is returned. NSS has its own handling of POSIX permissions. For information, see Section 6.2.1, POSIX Permissions on the NSS File System.
Inherit POSIX Permissions is disabled by default on clustered NCP volumes in the OES 2 SP1 Linux and earlier releases. You cannot use the methods described in this section to set the Inherit POSIX Permissions option for a clustered NCP volume because it does not have an entry in the ncpserv.conf file. The clustered NCP volume is defined in the mount command line in its cluster resource load script and removed in its unload script.
IMPORTANT:For clustered NCP volumes, an option to set Inherit POSIX Permissions in the cluster load script is planned for OES 2 SP2 Linux. Contact Novell Support if you need to enable the Inherit POSIX Permissions option for a clustered NCP volume on OES 2 SP1 Linux.
Use any of the following methods to configure the Inherit POSIX Permissions setting for unclustered NCP volumes:
You can enable or disable the Section 10.2.1, Using Novell Remote Manager to Create an NCP Volume on a Linux File System.
option when you create an NCP volume on a Linux POSIX file system in Novell Remote Manager. The option is disabled by default. For information about creating an NCP volume, seeIn a Web browser, open Novell Remote Manager for Linux for the server you want to manage, then log in as the root user.
Select
> .On the NCP Shares page, locate the volume’s share name in the
area.If the volume is mounted, click
next to its share name.Click the
icon next to the volume’s share name.On the Share Information page, click
.On the Modify Volume Properties page, enable or disable the
parameter by selecting or deselecting its check box, then click .On the NCP Shares page, mount the volume by clicking
next to its share name.Novell Remote Manage for Linux automatically restarts the Novell eDirectory daemon to make the changed setting take effect.
Open a terminal console, then log in as the root user.
Start NCPCON by entering the following at the terminal console prompt:
ncpcon
Display the current volume settings by entering the following at the NCPCON prompt:
change volume ncp_volumename
Replace ncp_volumename with the name of the NCP volume you want to manage.
Dismount the volume by entering the following at the NCPCON prompt:
dismount ncp_volumename
Replace ncp_volumename with the name of the volume you want to manage.
Enable or disable the Inherit_POSIX_Permissions setting the parameter to On or Off, by entering one the following commands:
change volume ncp_volumename Inherit_POSIX_Permissions on
change volume ncp_volumename Inherit_POSIX_Permissions off
Mount the volume by entering the following at the NCPCON prompt:
mount ncp_volumename
Display the volume settings again to verify the change you made to the Inherit_POSIX_Permissions setting. At the NCPCON prompt, enter
change volume ncp_volumename
Exit NCPCON by entering
exit
You can enable or disable the Inherit_POSIX_Permissions flag to the VOLUME definition for that volume in the NCP Server configuration file (/etc/opt/novell/ncpserv.conf). Remove the flag from a volume definition to disable it.
parameter for an existing NCP volume by adding theDismount the NCP volume where you want to change the setting.
Open a terminal console, then log in as the root user.
At the terminal console prompt, enter
ncpcon dismount ncp_volumename
Replace ncp_volumename with the name of the volume you want to manage.
Modify the setting for the volume in the /etc/opt/novell/ncpserv.conf file.
Open the /etc/opt/novell/ncpserv.conf file in text editor.
Do one of the following:
Enable: Add the Inherit_POSIX_Permissions flag to the end of the VOLUME definition line for the NCP volume where you want to enable it:
For example:
VOLUME TEST1 /usr/Novell/TEST1 Inherit_POSIX_Permissions
Disable: Remove the Inherit_POSIX_Permissions flag from the VOLUME definition line for the NCP volume where you want to disable it. This is the default setting.
For example:
VOLUME TEST1 /usr/Novell/TEST1
Save the file.
The changes do not go into effect until you restart ndsd.
Restart the Novell eDirectory (ndsd) daemon to make the changes to ncpserv.conf go into effect.
Use the following steps to stop and start ndsd when a single instance is running. For information about stopping and starting ndsd when you are running multiple instances of it on the same server, see Using Multiple Instances
in the Novell eDirectory 8.8 What's New Guide.
Use one of the following commands to stop ndsd:
rcndsd stop
/etc/init.d/ndsd stop
Use one of the following commands to start ndsd:
rcndsd start
or
/etc/init.d/ndsd start
Mount the NCP volume.
Open a terminal console, then log in as the root user.
At the terminal console prompt, enter
ncpcon mount ncp_volumename
Replace ncp_volumename with the name of the volume that you modified.