cdfs
The UNIX system assigns access permissions to all directories and files. These UNIX system access permissions, together with Advanced Server file and permissions, determine whether you can read, write, or create directories and files on the server.
Note It is not necessary to know the UNIX system access permissions assigned to directories and files unless these access permissions prevent access when Advanced Server permissions appear to allow access.
Access is determined through access permissions assigned by Advanced Server and the UNIX system. Advanced Server access permissions assigned to files or directories are based on the access permissions assigned to the individual user. These access permissions can be found in the access control list that resides on Advanced Server.
The effect of setting UNIX system group permissions on Advanced Server files is limited. In the UNIX system, the group field is used for storing information about file attributes. When a file is accessed from a client computer, its group may change to reflect its attributes (for example, to DOS----). Therefore, it is inadvisable to rely on UNIX system group permissions to restrict access to Advanced Server files.
UNIX system permissions on all directories in the path leading to a file must be at least read and execute (RX) for users to access files on Advanced Server successfully.
If the protection of Advanced Server files provided by UNIX system permissions can be ignored, and if it is appropriate to rely solely on Advanced Server permissions to manage file access, you can set the IgnoreUnixPermissions keyword to 1 (ignore UNIX system permissions) in the Advanced Server Registry. This keyword is in the following key:
\SYSTEM\CurrentControlSet\Services\AdvancedServer\FileServiceParameters
This will cause Advanced Server to ignore all UNIX system permissions on files except for read-only permissions, which are translated into read-only file attributes when client computers attempt to access files.
For more information about the Advanced Server Registry, see Appendix A.
UNIX system file and directory permissions are assigned by a default set of access permissions on the system upon creation of files and directories. The UNIX system distinguishes the following three types of users with respect to access permissions:
1. User — If you own a UNIX system file or directory, you can assign it access permissions for yourself. For example, to prevent unauthorized users from executing a program, you can assign execute permissions to yourself only.
2. Group — You can assign permissions for other users in your group to files and directories that you own. When your administrator creates your home directory, you are automatically assigned to the UNIX system group other, as are all others with home directories. This assignment enables you to share data easily with other network users, but prevents UNIX system users in different groups from reading or changing your files.
3. Other — You can assign access permissions to files and directories that you own for all UNIX system users other than yourself and the users in your group. Depending on your needs, you can allow these other users to read or change your files and directories or you can prevent such access. Restricting access to others does not affect your own access to the files and directories.
When a user attempts to access a file or directory, access to the server is allowed or denied depending on the permissions assigned to that user.
You can use the udir command to check the current UNIX system access permissions of any file or directory. The Modes column of the udir command shows the UNIX system access permissions for each file and directory. These access permissions are displayed as three sets of three access permissions each. The first set shows the user/owner access permissions. The second set shows the group access permissions. The third set shows the access permissions provided to other UNIX system users. Following are the access permissions abbreviations and their meanings:
|
Permission |
Description |
|
r |
Permission to display or read the file or directory. |
|
w |
Permission to modify or write to the file or to create or remove files in the directory. |
|
x |
Permission to execute the file or move to the directory. Client application files do not need execute permission because they execute under the client computer’s operating system, not the UNIX system. |
|
- |
The relevant permission is denied. |
|
l |
Mandatory locking is enabled. |
The following access permissions rarely appear in a display but are described here for completeness:
|
Permission |
Description |
|
s |
Whenever a file with this permission is executed, regardless of who executes it, the invoked process takes on the identity of the file’s owner (or group) for the duration of the execution. |
|
t |
If space is available, a text file with this permission stays in swap space after execution. This permission speeds UNIX system program loading. |
You can use the uchmod command from a client computer to change the UNIX system access permissions for files and directories.
With the uchmod command, you enter only the access permissions you want to change. You do not have to enter all of the permission characters. For example, to change the write permission on a file named budget so that it cannot be modified, you would enter the following command:
uchmod -w budget
Some programs, such as Microsoft Word, maintain temporary files by renaming the source file to a temporary name. Then, when the user saves the file, these programs create a new file with the name of the source file. The temporary file is then deleted.
The permissions that have been assigned to a specific file are not assigned to the new file which has the same file name. These permissions apply only to the original file which was renamed to the temporary file name and then deleted. The updated file is treated as a completely new file by Advanced Server which means it inherits the permissions of the directory in which it resides.
Files that are likely to go through this kind of updating process should be maintained in directories that have the permissions you want these files to inherit.
Some of the common problems that you may encounter while using the Computer Browser service are listed below, followed by recommended resolutions.
The display that results from executing a net view command from a LAN Manager server does not contain any of the Advanced Server computers that are in the domain.
Edit the Advanced Server Registry to change the value of the LmAnnounce keyword to 1 (yes). Advanced Server then will broadcast LAN Manager-style server announcements. The LmAnnounce keyword is in the following key:
System\CurrentControlSet\Services\LanmanServer\Parameters
The server must be stopped and re-started for the change to take effect.
The browse list on the backup domain controller does not contain all of the domain servers. For example, the list of servers that is displayed as a result of executing the net view command from a backup domain controller is incomplete.
It can take as long as 12 minutes for the system to update the browse list. The administrator can edit the Advanced Server Registry on the backup domain controller to change the value of the BackupUpdate keyword to the value (in seconds) for which updates are desired. Note that increasing the browse update frequency will generate increased network traffic.
The BackupUpdate keyword is located in the following key:
SYSTEM\CurrentControlSet\Services\Browser\Parameters
The Computer Browser service must be stopped and restarted for the change to take effect.
For more information on changing registry values, see Appendix A, "Advanced Server Registry."
Some of the common problems that may arise when using shared printer queues are listed below, followed by recommended resolutions.
Windows NT client computers cannot connect to the printer.
You must associated the printer with an appropriate driver. Follow these steps to change the printer-driver association:
1. From a Windows NT client computer, select the printer whose driver you wish to change n the Printers folder,.
2. Click on File Properties. If you receive a Printer Properties error, select "No." This may occur if a valid printer driver already has been installed.
3. Select the correct printer driver.
4. Share the printer if it is not already shared.
You may need to insert the Windows NT CD to obtain the appropriate driver. The system will confirm that the printer driver is being uploaded to the Advanced Server.
Changes made to Windows NT client printers and jobs are not displaying automatically.
Manually refresh the screen by pressing F5 key. This is required to update the screen whenever you pause, resume, delete, or add printers.
Printer name is invalid.
Ensure that the printer name does not contain any spaces, and that the share name is the same as the printer name.
There is no separator page.
You cannot use Windows NT to create separator pages in Advanced Server. Use the net print command at the Advanced Server command prompt to create and modify separator pages.
Characters sent to printer are printing differently.
Refer to your printer manual to set the printer for "no parity."
Print jobs in the queue are not printing.
1. Verify that the printer cable is connected according to the printer manufacturer’s instructions.
2. Verify that the printer is turned on, selected (on-line), has paper, is not jammed, and has no other obvious problems.
3. Verify that the printer or printer queue has not been paused, held, or is in error. If it has been paused or held, continue or restart the printer or print queue.
1. Verify that you can print form the UNIX system console. If not, consult your UNIX system documentation.
Unwarranted page ejects at the end of print jobs.
The server inserts a blank page between each print job. Certain applications also insert blank pages between print jobs. To suppress this blank page, log on to the system as root and modify a copy of the standard interface script as follows:
In the PRINTERNAME file in the /etc/lp/interfaces directory, use a text editor such as vi, and replace the lines in the From section with those in the To section at the end of the file:
From:
if [-n "${FF}"-a "no" = "${nofilebreak}"]
then
echo "${CR}${FF}\c"
fi
To:
if [-n "${FF}"-a "no" = "${nofilebreak}"]
then
if [-n "$ALIAS_USERNAME"]
then #from StarGROUP server just send a CR
echo "${CR}\c"
else #from UNIX send both CR and FF
echo "${CR}${FF}\c"
fi
fi
A shared client printer is connected to parallel port LPT1 or PRN on your client computer. Print jobs sent to that printer over the network (rather than locally) do not print although print jobs sent from your owner client computer do print, indicating that the printer itself is operational.
Enter the net use command. If the display shows that the LPT1 or PRN port ID is linked to the printer, unlink that port ID; then link an unused port ID to the printer. The LPT1 or PRN port must be reserved for the physical connection to the printer.
You are using an application at a client to which a shared client printer is connected and occasionally your keyboard locks for a few seconds, especially when a print job is in progress.
This hesitation at the keyboard is normal under these circumstances, especially when the printer is connected to a serial port.
Advanced Server recognizes a subset of the UNIX system file systems. By default, the server knows only the following types of file systems:
cdfs
nfs
s5
sfs
ufs
vxfs
If you are using a file system other than those recognized by Advanced Server, it will be treated as an s5 file system.
If you want all of your unknown file systems to be treated as a type other than s5, set the fsnosupport parameter in the [ fsi ] section of the lanman.ini file to the name of a recognized file system. Then, stop and restart the server.
If you want to set each unknown file system individually to a specific known file system, follow these steps:
1. At the UNIX system prompt, type this command and press ENTER:
df -n pathname
Replace pathname with the name of the path to the unknown file system.
The system displays the mount point and file system type as specified by the UNIX operating system.
2. Set the fsmap parameter in the [ fsi ] section of the lanman.ini file as follows:
unknown:s5,sfs:vxfs,unixfilesystem:filesystem, ...
Replace unixfilesystem with the name of the file system type returned in Step 1. Replace filesystem with the name of the Advanced Server file system type you want to use.
3. Stop and restart the server.
Advanced Server now will map the UNIX file system to the recognized file system you specified.
For information on how to edit the lanman.ini file, see Appendix B, "Lanman.ini File."
