Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security

Status
Not open for further replies.
LenaS

LenaS

Technical User
Nov 28, 2000
98
US
Have migrated from a NOvell 3.12 to 6.0
It would appear, when looking at nwadmin, that some users only have read/compare access to the main data volume MID_SERVERN_VOL2.MIDSTATES

When I login as this user there doesnt appear to be restrictions to the volume. Whats happening?
 
Sort by date Sort by votes
My guess is that the users have access granted lower down the volume structure that allows them to see the root of the volume.

I would suggest that you spend some time reviewing NW security, as it has changed significantly since the 3.x days. First off, make sure that you allow only administrator staff to have supervisor access anywhere in the tree. Even if you want someone to have full rights, do not take the easy way and grant (S) rights. Grant everything but (S)where necessary to non administrative staff.

Second, be very careful with IRFs. You can lose your entire tree if you are not careful. Do not block (S) rights.

Third, related to your original question: don't grant rights to the ROOT of a volume. Those rights will flow down the entire directory structure.

Fourth, use groups and containers to assign rights anywhere except a user's home directory. This saves a lot of administration down the road. Grant access with a container if you want everyone in that container to have those rights. Use group or role objects if there are only a few that you want to grant those rights. Create an admin role object, and assign your administrators to it. Then grant that object rights to the root. That way, when someone changes job descriptions, you take them out of certain groups and add them to others, and you do not have to chase rights all over the tree. Take the admin object, write down the password and keep it in a safe place and never use it except in emergency.

Finally, be sure you understand the consequences of any change before you make it. I had a client once who killed most of his tree because he added an IRF where he shouldn't have. Fortunately, there was an object we had created for testing that he did not block and we were able to fix it.

Good luck
Steve
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kida
  • Locked
  • Question
Netware Security not happening
Replies
5
Views
114
goombawaho
goombawaho
Jpfs
  • Locked
  • Question
security = share
Replies
0
Views
76
Jpfs
Jpfs
jcborland
  • Locked
  • Question
Using security mode = user
Replies
0
Views
64
jcborland
jcborland
pinkpanther56
  • Locked
  • Question
Secure Gateway security
Replies
4
Views
85
pinkpanther56
pinkpanther56
ocoro02
  • Locked
  • Question
Samba 3.2.0 & Tenable Nessus security alert
Replies
2
Views
51
ocoro02
ocoro02

Part and Inventory Search

Sponsor

Back
Top