Novell OPEN ENTERPRISE SERVER - PLANNING AND IMPLEMENTATION GUIDE 12-2010 Implementation Manual page 222

Feature
Default accessibility
Home directories—an
example of default
accessibility
Inheritance from
parents
Privacy
Subdirectory and file
visibility
When an NCP volume is created on a Linux POSIX or NSS volume, some of the behavior described
above is modified. For more information, see the
Guide, particularly the
222 OES 2 SP3: Planning and Implementation Guide
POSIX / Linux
Users have permissions to see most of the
file system.
The contents of a few directories, such as
the home directory, can only be
/root
viewed by the user.
root
Some system configuration files can be
read by everyone, but the most critical files,
such as /etc/fstab , can only be read
and modified by root .
By default, all users can see the names of
directories and files in home directories.
During LUM installation, you can specify
that newly created home directories will be
private.
For more information on making existing
home directories private, see
Section 17.4.2, "Providing a Private Work
Directory," on page 194.
Nothing is inherited.
Granting permission to a directory or file
affects only the directory or file.
Because users have permissions to see
most of the file system for reasons stated
above, most directories and files are only
private when you make them private.
Permissions granted to a file or directory
apply to only the file or directory. Users
can't see parent directories along the path
up to the root unless permissions are
granted (by setting the UID, GID, and mode
bits) for each parent.
After permissions are granted, users can
see the entire contents (subdirectories and
files) of each directory in the path.
"NCP on Linux Security" section.
Novell Trustee Model on OES 2
Users can see only the
directories and files for which
they are trustees (or members of
a group that is a trustee).
By default, only the system
administrator and the home
directory owner can see a home
directory. Files in the directory are
secure.
If users want to share files with
others, they can grant trustee
assignments to the individual
files, or they can create a shared
subdirectory and assign trustees
to it.
Rights are inherited in all child
subdirectories and files unless
specifically reassigned.
A trustee assignment can
potentially give a user rights to a
large number of subdirectories
and files.
Directories and files are private
by default.
When users are given a trustee
assignment to a file or directory,
they can automatically see each
parent directory along the path up
to the root. However, users can't
see the contents of those
directories, just the path to where
they have rights.
OES 2 SP3: NCP Server for Linux Administration