Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can't hide a directory

Status
Not open for further replies.
msc0tt

msc0tt

IS-IT--Management
Jun 25, 2002
281
0
0
CA
I've got a situation where I need to limit access to a subdirectory. I've assigned 3 trustees to this folder, given them full rights, and unchecked all the IRF attribs for the folder (except supervisor of course). Oddly, some others can still see this folder, and its contents?!?

Using NWADMIN, I've already checked the "security equal to" for one of my users that can see this folder (but is not one of the assigned trustees). Is there a way to tell which 'rule' is allowing a user to see a folder?? Kind of a weird question, but I hope you get my drift.

Perhaps I'm not fully understanding the trustee/IRF mechanism. Any insight is appreciated.

Note: I'm on NW411, but I don't think the logic of Netware file security has changed since. The problem with the NW4 forum is lack of activity.
 
Sort by date Sort by votes
Personally I hate IRF's. Avoid them if possible. If you do it right, you shouldn't need them. It's like saying... "I want EVERYONE to have access to this volume.. Oh yeah, except for this folder, and this folder, and this folder, and this folder, and this folder.. and then this one too." Pretty soon, the management of your file rights gets rediculous. Why not get rid of all trustee assignments and filters and just grant the appropriate rights where necessary.

People can get rights from lots of places but my guess is that you've got full supervisor rights assigned to the volume or server object, and those won't be filtered out.

Start at the top of your tree and work down, find the trustee assignments and elminate all the excess. Work down from NDS rights then the volume and trustee file assignments. I've seen setups where they are set multiple places, and it can get really hairy.



Marvin Huffaker MCNE, CNE
Marvin Huffaker Consulting
 
Upvote 0 Downvote
Thanks for the detailed response.
I too am learning to NOT love the IRF mechanism. I've found the cause of my problem. It turns out the users that could see into this folder could only see 'certain' files. And more importantly (you guessed it), these files had file-level trustee assignments from a previous security scenario -sigh.....
I had assumed that folder-level security superceeded file-level security within that folder (X - WRONG!). Oh well, I'll put this down to a learning experience. -cheers
 
Upvote 0 Downvote
I personaly stay away from the IRF also. I also prefer to set right using groups. I found it doesn't get to confusing. Just an idea.


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mattmontalto
  • Locked
  • Question
MS Threat Management Gateway Alternative
Replies
0
Views
65
mattmontalto
mattmontalto
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
140
ntinlin
ntinlin
wavestar69
  • Locked
  • Question
Trouble starting WinFrame 1.7 after replacing server
Replies
0
Views
58
wavestar69
wavestar69
bklabel1
  • Locked
  • Question
Reflections Attachmate with OpenVMS
Replies
1
Views
81
yamyam
yamyam
bdeal4122
  • Locked
  • Question
Remote Access
Replies
2
Views
62
bdeal4122
bdeal4122

Part and Inventory Search

Sponsor

Back
Top