Security - Novell NETWARE 6-DOCUMENTATION Manual

Security

18
Traditional File Services Administration Guide
Security is one of the most important aspects of file system organization. NDS
rights and the file system's directory and file attributes allow you to determine
who may access what, and whether that access amounts to being able to
merely read a file or modify it.
To use the capabilities described in the NDS area of this documentation, you
might want to organize your approach to designing an appropriately secure
system by doing the following:
1. Clustering directories and files according to who needs access to them. In
other words, use the directory structure to reflect access requirements.
For example, you can structure the hierarchy of directories in such a way
as to take advantage of the inheritance aspect of rights.
Rights can be associated with volumes, directories, and files as a
safeguard against deletion or modification by users. Directory and file
attributes can also be used to control what users can do.
2. Subdividing the user community into groups on the basis of related access
requirements.
Users grouped by role (relative to file access) can be assigned ownership
of directories and files, and users whose roles vary can be assigned rights
on the basis of equivalence.
Users needing a particular kind of access to certain directories and files
can be grouped so that appropriate access belongs to the group (and,
consequently, to each member).