Managing the NWS filesystem

Understanding file and directory rights

Filesystem security includes assigning trustee rights and setting file and directory attributes. This topic describes tese two types of security.

Trustee rights

Trustee rights are given to User objects, Group objects, or Organizational Role objects. These rights determine the access users may have to directories and files. These rights are explained in the following list:

Access Control: Add and remove trustees and change rights to files and directories.
Create: Create subdirectories and files.
Erase: Delete directories and files.
File Scan: View file and directory names in the filesystem structure.
Modify: Rename directories and files and change file attributes.
Read: Open and read files; open, read, and execute applications.
Supervisor: Grant all rights listed in this table.
Write: Open, write to, and modify a file.

Directory and file attributes

Directory and file attributes assign properties to individual directories or files. Some are only meaningful when applied at the file level. Some apply to both the directory and the file levels. Not all attributes are supported on the NetWare server (see the following table).

Be careful when assigning directory and file attributes. Attributes apply to all users and can supersede trustee rights.

For example, if you assign a file the Delete Inhibit attribute, no one, including the owner of the file or the system supervisor, can delete the file.

Directory and file attributes

Attribute code Description Applies to

A Archive Needed identifies files that have been modified since the last backup. This attribute is assigned automatically. Files only

Ci Copy Inhibit prevents Macintosh users from copying a file. This attribute overrides Read and File Scan trustee rights. Files only

Dc Don't Compress keeps data from being compressed. This attribute overrides settings for automatic compression of files not accessed within a specified number of days. Directories and files

Di Delete Inhibit prevents the file or directory from being deleted. This attribute overrides the Erase trustee right. Directories and files

Dm Don't Migrate prevents files and directories from being migrated from the server's hard disk to another storage medium. Directories and files

Ds Don't Suballocate prevents data from being suballocated. Files only

H The Hidden attribute hides files and directories so they can't be seen using the DIR command. A user with File Scan rights can use FILER or NDIR to list directories and files with the Hidden attribute. Directories and files

l Index allows large files to be accessed quickly by indexing files with more than 64 File Allocation Table (FAT) entries. This attribute is set automatically. Files only

Ic Immediate Compress sets data to be compressed as soon as a file is closed. If it is applied to a directory, every file in the directory is compressed as it is closed. Directories and files

N Normal indicates the Read/Write attribute is assigned and the Shareable attribute is not. This is the default attribute assignment for all new files. Directories and files

Ri Rename Inhibit prevents the file or directory name from being modified. Directories and files

Ro Read Only prevents a file from being modified. This attribute automatically sets Delete Inhibit and Rename Inhibit. Files only

Rw Read/Write allows users to write to a file. All files are created with this attribute. Files only

Sh Shareable allows more than one user to access the file at one time. This attribute is usually used with Read Only. Files only

Sy The System attribute hides the file or directory so it can't be seen by using the DIR command. It can be seen if a user with File Scan rights uses FILER or NDIR. System is normally used with operating-system files, such as DOS system files. Directories and files

T Transactional allows a file to be tracked and protected by the Transaction Tracking System (TM) (TTS). Files only

X The Execute Only attribute prevents the file from being copied, modified, or backed up. The attribute cannot be removed unless the file is deleted. It does not allow renaming. Use the attribute for program files such as the .EXE or .COM files. Make a copy of a file before you flag it Execute Only, so you can replace the file if it becomes corrupted. Files only

Attribute code	Description	Applies to
A	Archive Needed identifies files that have been modified since the last backup. This attribute is assigned automatically.	Files only
Ci	Copy Inhibit prevents Macintosh users from copying a file. This attribute overrides Read and File Scan trustee rights.	Files only
Dc	Don't Compress keeps data from being compressed. This attribute overrides settings for automatic compression of files not accessed within a specified number of days.	Directories and files
Di	Delete Inhibit prevents the file or directory from being deleted. This attribute overrides the Erase trustee right.	Directories and files
Dm	Don't Migrate prevents files and directories from being migrated from the server's hard disk to another storage medium.	Directories and files
Ds	Don't Suballocate prevents data from being suballocated.	Files only
H	The Hidden attribute hides files and directories so they can't be seen using the DIR command. A user with File Scan rights can use FILER or NDIR to list directories and files with the Hidden attribute.	Directories and files
l	Index allows large files to be accessed quickly by indexing files with more than 64 File Allocation Table (FAT) entries. This attribute is set automatically.	Files only
Ic	Immediate Compress sets data to be compressed as soon as a file is closed. If it is applied to a directory, every file in the directory is compressed as it is closed.	Directories and files
N	Normal indicates the Read/Write attribute is assigned and the Shareable attribute is not. This is the default attribute assignment for all new files.	Directories and files
Ri	Rename Inhibit prevents the file or directory name from being modified.	Directories and files
Ro	Read Only prevents a file from being modified. This attribute automatically sets Delete Inhibit and Rename Inhibit.	Files only
Rw	Read/Write allows users to write to a file. All files are created with this attribute.	Files only
Sh	Shareable allows more than one user to access the file at one time. This attribute is usually used with Read Only.	Files only
Sy	The System attribute hides the file or directory so it can't be seen by using the DIR command. It can be seen if a user with File Scan rights uses FILER or NDIR. System is normally used with operating-system files, such as DOS system files.	Directories and files
T	Transactional allows a file to be tracked and protected by the Transaction Tracking System (TTS).	Files only
X	The Execute Only attribute prevents the file from being copied, modified, or backed up. The attribute cannot be removed unless the file is deleted. It does not allow renaming. Use the attribute for program files such as the .EXE or .COM files. Make a copy of a file before you flag it Execute Only, so you can replace the file if it becomes corrupted.	Files only

: Not supported by NetWare Services, even though it may be set.