Admin Rights - Netware

This is a discussion on Admin Rights - Netware ; Hey; I need to create an Account that has admin rights to the system, but cannot have access to ONE directory on the DATA volume. Is this possible? Everytime we give trustee rights to the context them go to the ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Admin Rights

  1. Admin Rights

    Hey;

    I need to create an Account that has admin rights to the system, but cannot
    have access to ONE directory on the DATA volume.

    Is this possible?

    Everytime we give trustee rights to the context them go to the volume and
    deny rights to this one directoy, the inherint rights still filter down and
    give the account access form the context.

    So can I still create a user with Admin Rights but deny the account access
    to one
    directory?

    Cheers;
    Matthew



  2. Re: Admin Rights

    On Thu, 24 Jul 2003 14:02:37 +1000, Matthew McKinnon
    wrote:

    > Hey;
    >
    > I need to create an Account that has admin rights to the system, but
    > cannot
    > have access to ONE directory on the DATA volume.
    >
    > Is this possible?
    >
    > Everytime we give trustee rights to the context them go to the volume and
    > deny rights to this one directoy, the inherint rights still filter down
    > and
    > give the account access form the context.
    >
    > So can I still create a user with Admin Rights but deny the account
    > access
    > to one
    > directory?
    >

    In the traditional NetWare file system, you could not revoke the Supervisor
    right in the file system anywhere below the point it was awarded. This was
    due to a bug introduced in NetWare 3 which was found to be useful, and so
    never fixed (bug becomes feature).

    In NetWare 5.0, Novell introduced the NetWare Storage Service (NSS), which
    was a made-from-scratch storage system. Because it was made-from-scratch,
    it did not carry the bug; the Supervisor right in the file system COULD be
    blocked with an Inherited Rights Filter (IRF). This means that a Supervisor
    account COULD be locked out of a single directory under NSS (with great
    care, since it could leave a directory permanently unmanageable).

    I seem to recall this behavior remained under NetWare 5.1 NSS, but I never
    checked how NetWare 6 (which is all NSS) handles it.

    So, to answer your question, it really depends on whether the volume is an
    NSS volume or not.

    MY suggestion, though, is to create the account with all rights EXCEPT
    Supervisor, so you can manage the account as much as needed without the
    worries.



    --
    Alan Frayer,CNE,CNI,CIW CI,MCP,Net+ - afrayer_@_frayernet.com
    Seeking an IT Mgmt/Network Admin position in the Tampa Bay Region.
    If you would like to discuss an opportunity with me, please e-mail (remove
    the underscores).

+ Reply to Thread