Solved

novell Roaming Profile Folder security question

Posted on 2007-03-19
6
423 Views
Last Modified: 2012-06-27
We are implimenting Novell here on Windows XP workstations, and I am going to utilize the roaming profiles component for backup purposes, and instructors that like to log in in classrooms and have all their files accessible (even desktop shortcuts)

Now, my initial thought was to create a profiles directory that is separate from the user's Home Drive, as to alieviate any potential wandering by users exploring their Home Drive.

So I have the folder created and designated for Roaming profile storage, but my question is what kind of permissions is needed?  On the /PROFILES folder should I make all users have File Scan?  Then under that you will have all the USERNAME folders, and each user should have trustee to that folder, correct?  Is there some automated way that those will be created, or each time a user's profile directory is created and populated am I going to have to apply trustee rights to it manually?

Or am I looking at too much babysitting of the security on these folders, and its just way easier to dump the profile to the Users's Home Drive?

Thanks
0
Comment
Question by:tfallert
  • 2
  • 2
  • 2
6 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 18748936
<pet peeve>

"Novell" is a company. It makes a number of products, such as "SUSE Linux Enterprise Server", "Open Enterprise Server", "ZENworks", "GroupWise" and "Identity Manager".

You didn't write "Micro$oft XP", did you?

</pet peeve>
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 18748956
Given that Novell makes a number of products, what ones are you using to imlement your environment? Are you using the Dynamic Local User functionality of ZENworks to do the "roaming profiles"?
0
 

Author Comment

by:tfallert
ID: 18749328
Well I mean to say we are using the novell client and ZENworks (along with patchlink) on the desktop systems, and the servers, I dont actually administer, but they are I believe running SUSE Linux Enterprise.

Im setting permissions from within ConsoleOne, if that makes a difference.

I am using Dynamic Local Users, but not to do the Roaming Profiles.  the Roaming profiles is configured in the Windows Desktop Preferecnes in the User package
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 35

Expert Comment

by:ShineOn
ID: 18749813
Actually, as to your question, assuming these files are on an NSS volume, granting of filesystem trustee rights (not permissions - permissions are a Windows-ism) are only necessary on each user's directory, not the parent.  If you grant filescan to the parent directory to all users, unless you block inheritance of filescan at the parent they'll all be able to see each others' child folders and, by inheritance, all the files therein.  They wouldn't be able to open/read/change/delete or modify the attibutes thereof, but they'd be able to see they exist.

Any necessary rights to the parent directory would dynamically flow up the directory structure.  It is not necessary to grant any rights to the parent directory at all.

I think it'd be easier to dump the profile to the User home directory.  They should already be secure from other users; you'd just have to make sure they don't mess with their profile directories, which they'd be able to do in your planned scenario as well, if not as conveniently.
0
 

Author Comment

by:tfallert
ID: 18750168
Okay that makes sense.  so the users would only need Trustee on their Profile folder.  but the system doesnt automatically grant trustee access to those folders when it is created to drop the profile in, does it?

I havent ruled out using the Home Drive, I just am exploring this option before I do that
0
 
LVL 35

Accepted Solution

by:
ShineOn earned 250 total points
ID: 18750891
Actually, if you don't use the user's home directory, ZEN assumes that the directory you specify will be a shared directory for multiple users to share the profile stored therein.  That's what the documentation suggests, anyway.  It will not fill in the name of the user automatically as it would with the home directory.

So:  

If you do what you're suggesting rather than use the user's home dir, then for >each user,< you will have to 1) create the user's profile-storage subdirectory and 2) specify the full path to the subdirectory in the Desktop Preferences, Roaming Profiles.

I don't know whether ZEN or the C1 snapin would automatically grant rights to access the Roaming Profile directory or not, but I would assume not, which would add step 3) grant trustee rights to the user's profile subdirectory.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NETWARE 5.1 - DSREPAIR SHOWS 2 ERRORS 5 460
NETWARE 5.1 - CREATE A DUPLICATE SERVER FOR BACKUP 6 446
Novell Netware time zone 7 688
Xenapp 7.6 integration with Novell OES 11 sp2 4 132
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question