Novell is now a part of Micro Focus

I have an interesting dilemma that I thought...

Articles and Tips: qna

01 Nov 2002


Q.

I have an interesting dilemma that I thought I would pose to you. Essentially, we have run into the problem of folders having [Root] as a trustee with Read and File Scan. It was not a particularly fun time having to explain the cause of the problem to important people at the company (i.e., executives).

We have decided to resolve this problem by removing the Supervisor and Access Control rights that the trustee of the home directory has. While perusing our environments, we have a number of home directories where the user has Supervisor and Access Control Rights.

I am looking for a way to potentially batch file process the removal of Superviosr and Access Control rights from these trustees. I know that JRB's SETTRUST utility will do it, but I thought I would see if someone else has a potentially better solution. I have a desire for a much quicker solution, though, as I am a bit unfamiliar with SETTRUST.

A.

I can offer a couple of solutions. First, the TBACKUP utility will generate a .BAT file that contains a list of rights statements that will restore the trustee rights to a volume. You could then perform a search on this file for SRWCEMFA and RWCEMFA and replace them with RWCEMF. Running the resulting batch file would take care of the majority of the rights assignments.

This would be a quick way to catch most of your rights assignments. The other thing that you could do on a NetWare 5.x or NetWare 6 server is to use the TRUSTBAR.NLM and save the ACLs for a volume to the root of the volume as an .XML file. The file lists every trustee and a numerical code for the rights to be granted.

A simple search and replace could change the code to the one without the Supervisor and Access Control rights. Then use TRUSTBAR to remove all ACLs in the file system and then run TRUSTBAR to restore the edited .XML file. It runs pretty quickly. One caution is to get the most recent TRUSTBAR.NLM from Novell. Don't use the one that shipped with NetWare 6, as it sometimes causes Abends and doesn't do the root directory ACL.

* Originally published in Novell AppNotes

Disclaimer

The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.

© Copyright Micro Focus or one of its affiliates