Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

File rights, inheritance 1

Status
Not open for further replies.
lgarner

lgarner

IS-IT--Management
Jan 26, 2002
2,348
US
It's been a while, so I don't know if this can be done. I need to grant everyone in a group (or OU) RWCEMF rights to a directory, *except* one member, who should be denied all access.

In Windows, rights can be denied. In NetWare, I don't think this will work, and I can't find any information to indicate that it will. If anyone knows how it can be done, I'd appreciate the info.
 
Sort by date Sort by votes
Have you tried assigning the one user as a trustee to the directory, but take away all of the attributes. ie: [ ]

I'm not where I can test this, but I believe that this will do what you want. However, I am backing this with a note in a TID that says, "A new assignment of trustee rights at the file level can revoke rights assigned at the directory level or allow additional rights." So I am inclined to believe it will work at a directory level as well.

If that doesn't work.. another thing you could do is create a group with all users except the one and do it that way. Not the easiest or most preferred, but it would work.



Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting
 
Upvote 0 Downvote
That works for what I am really doing. The group has RWCEMF at the directory and I'd like to revoke one user's rights to a file within the directory.

1. Explictly make him a trustee of the file
2. Take away all rights
3. Remove all but supervisor in the file's IRF.

In my testing, I was trying to set a group as a file trustee, then revoke priviliges to the file for one member. That won't work. I was wondering if there was a way.

Thanks for the tip. It's worth a star.
 
Upvote 0 Downvote
afaik you can do exactly what Marvin stated.. IIRC this is how I set up some of our rights a while back to protect things like employee records, etc. Make a group with everyone but the one person, give the group rights etc.. then for the one person not in the group, add them as a trustee of the folder and then strip out all of their rights. This loss of rights will flow down from there unless they are added back deliberately.
The other key thing (IMHO) is to take read and filescan from PUBLIC which would still allow mr. "no access" to have some access through security equiv.
Once you've done this, log in as the 2 types of users to verify that things are the way you want them.
The thing to remember IMHO about netware vs windows is basically what you layed out - in windows you generally have to deny people.. in Netware you have to Enable them.
And don't forget about PUBLIC.
If a user still has access to something they should not, just move up the tree to see where it is flowing down from and fix it at the uppermost level. IMHO try not to use the ACL's as you can complicate rights assignments and make them harder to troubleshoot. Try and seperate types of data onto different volumes or mount points so that the users only map what they should have, and that also makes rights easier.
hth, jm2c & of course, ymmv
;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MartijnNL
  • Locked
  • Question
searching for files reaching file version limit
Replies
2
Views
398
MartijnNL
MartijnNL
SBTBILL
  • Locked
  • Question
How to get to files
Replies
1
Views
334
Provogeek
Provogeek
fbizzell
  • Locked
  • Question
Open File Manager by St. Benard
Replies
0
Views
218
fbizzell
fbizzell
Robinbird57
  • Locked
  • Question
Limit rights to specific DataBases on a directory
Replies
1
Views
173
Provogeek
Provogeek
nursaadah
  • Locked
  • Question
SERVER-5.00-1132 : ERROR READING FROM LOAD FILE
Replies
2
Views
256
nursaadah
nursaadah

Part and Inventory Search

Sponsor

Back
Top