Access Control and Authentication
165
Table 16-2
Access Rights Explanation
NSS Access Control on OES
Table 16-3
provides links to documentation that discusses the various NSS-specific access control
features.
eDirectory
Objects
File System Trustee
Rights
Directory and File
Attributes
Directories and Files
eDirectory
objects (in
most cases
users and
groups) gain
access to
the file
system
through
eDirectory.
File system trustee
rights govern access
and usage by the
eDirectory object
specified for the
directory or file to
which the rights are
granted.
Trustee rights are
overridden by
directory and file
attributes.
For example, even
though Nancy has the
Supervisor (all)
trustee right at the
directory (and,
therefore, to the files it
contains), she cannot
delete File2 because it
has the Read Only
attribute set.
Of course, Nancy
could modify the file
attributes so that File2
could then be deleted.
Each directory and
file has attributes
associated with it.
These attributes
apply universally to
all trustees
regardless of the
trustee rights an
object might have.
For example, a file
that has the Read
Only attribute is
Read Only for all
users.
Attributes can be set
by any trustee that
has the Modify
trustee right to the
directory or file.
The possible actions by the eDirectory
users and group shown in this example
are as follows:
Nancy has the Supervisor trustee
right at the directory level, meaning
that she can perform any action not
blocked by a directory or file
attribute.
The Di (Delete Inhibit) and Ri
(Rename Inhibit) Attributes on
Directory A prevent Nancy from
deleting or renaming the directory
unless she modifies the attributes
first. The same principle applies to
her ability to modify File2.
Because Joe is a member of the
Reporters group, he can view file and
directory names inside DirectoryA
and also see the directory structure
up to the root directory.
Joe also has rights to open and read
any files in DirectoryA and to execute
any applications in DirectoryA.
Because Bert is a member of the
Reporters group, he can view file and
directory names inside DirectoryA
and also see the directory structure
up to the root directory.
Bert also has rights to open and read
File1 and to execute it if it's an
application.
And Bert has rights to grant any
eDirectory user access to File1.
Because all three users are
members of the Reporters group,
they can grant any eDirectory user
access to File2.
Of course, for Nancy this is
redundant because she has the
Supervisor right at the directory level.
Summary of Contents for OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
Page 12: ...12 OES 2 SP3 Planning and Implementation Guide...
Page 24: ...24 OES 2 SP3 Planning and Implementation Guide...
Page 50: ...50 OES 2 SP3 Planning and Implementation Guide...
Page 74: ...74 OES 2 SP3 Planning and Implementation Guide...
Page 78: ...78 OES 2 SP3 Planning and Implementation Guide...
Page 80: ...80 OES 2 SP3 Planning and Implementation Guide...
Page 96: ...96 OES 2 SP3 Planning and Implementation Guide...
Page 146: ...146 OES 2 SP3 Planning and Implementation Guide...
Page 176: ...176 OES 2 SP3 Planning and Implementation Guide...
Page 210: ...210 OES 2 SP3 Planning and Implementation Guide...
Page 218: ...218 OES 2 SP3 Planning and Implementation Guide...
Page 226: ...226 OES 2 SP3 Planning and Implementation Guide...
Page 234: ...234 OES 2 SP3 Planning and Implementation Guide...
Page 236: ...236 OES 2 SP3 Planning and Implementation Guide...
Page 244: ...244 OES 2 SP3 Planning and Implementation Guide...
Page 246: ...246 OES 2 SP3 Planning and Implementation Guide...
Page 250: ...250 OES 2 SP3 Planning and Implementation Guide...
Page 254: ...254 OES 2 SP3 Planning and Implementation Guide...
Page 258: ...258 OES 2 SP3 Planning and Implementation Guide...
Page 284: ...284 OES 2 SP3 Planning and Implementation Guide...
Page 286: ...286 OES 2 SP3 Planning and Implementation Guide...
Page 294: ...294 OES 2 SP3 Planning and Implementation Guide...