Novell OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009 Implementation Manual page 166

Feature
Security Equivalence in
eDirectory
The Traditional Novell Access Control Model
NetWare is known for its rich access control. OES makes these controls available on Linux through
NSS volume support. In addition, some of the controls are available on Linux POSIX file systems
through NCP volume creation. NCP volumes are limited because Linux POSIX systems offer only a
subset of the directory and file attributes that NSS offers.
In the Novell access control model, eDirectory objects, such as users and groups, are assigned File
System Trustee Rights to directories and files on NSS and NCP volumes. These trustee rights
determine what the user or group can do with a directory or file, provided that the directory or file
attributes allow the action.
This is illustrated in
Figure 16-2
eDirectory Objects
Nancy
Joe
Bert
Reporters
Table 16-2
166 OES 2 SP2: Planning and Implementation Guide
To Understand
The concept of Security
Equivalence in eDirectory.
Figure 16-2.
Directory and File Access under the NetWare Access Control Model
File System
Trustee Rights
DirectoryA
Nancy
Supervisor
Joe
Read
Bert
Reporters
File Scan
File1
Nancy
Joe
Bert
Read
Access Control
Reporters
File2
Nancy
Joe
Bert
Reporters
Access Control
explains the effective access rights illustrated in
See
"eDirectory Objects and Security
Equivalence" in the
File Systems Management Guide
Directory and File
Directories and Files
Attributes
DirectoryA
Di (Delete Inhibit)
Ri (Rename Inhibit)
File1
N (Normal)
File2
Ro (Read Only)
Figure 16-2.
OES 2 SP2:
DirectoryA
File1
File2