[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 447
  • Last Modified:

User-Righst/Novell

Novell 6.5

I am getting hang on my system when I use NWAdmin/Consoleone to show the
"rights to files and directories/folders"

I want to know  is there any script to bring the user-rights on all the folders/files.
0
ktmjamal
Asked:
ktmjamal
1 Solution
 
alextoftCommented:
Yes, you will get lag as the program will have to scan the volume for trustee assignments before it can display them. Netware, sensibly, stores its trustee assignments on the actual volume they apply to, instead of centrally in the directory database.

There is a legacy application, rights.exe, which you'll find in sys:/public which can be used to display trustee rights from a command prompt.

What are you actually trying to achieve, some kind of security audit?
0
 
ktmjamalAuthor Commented:
I am sys.admin in Novell.
I need to give some rights for the users based on some other users.
So, I need to check the other user's rights.
My eDirectory is globally very very big.
Some time I need to do audit check also.
I need to try the rights command.
If there is anyother script, I will be more happy.

Thanks & Regards
Amul
0
 
ShineOnCommented:
How many servers and volumes are we talking about?

The RIGHTS.EXE is deprecated, and rightfully so (no pun intended) as it was written for 16-bit DOS, and doesn't handle anything other than 8.3 filenames.  You may as well use the old FILER c-worthy program.

Users shouldn't be given explicit rights individually unless it's unavoidable.  It can become a major mess very fast.  NetWare has such powerful inheritance features, that's the way to go, IMHO.

One method to find out all the explicit rights of a user is to look at the user object, in ConsoleOne (you should NOT be using NWADMIN or NWADMN32 in NetWare 6.5 unless absolutely necessary, which is extremely rare.  Use C1 or iManager.)  

On the last tab in the C1 user object properties page is filesystem rights, where you can select a volume and see what's been explicitly assigned if anything.  If you select all of your volume objects, you'll get a complete list of explicit assignments.

For inherited rights, you need to look at the objects that user could inherit rights from - group membership, applications (if you have ZENworks,) Organizational Role objects, OU hierarchy (paying attention to any inheritance filters) and any other security principal that could be a source of filesystem rights inheritance for that user, and see what's explicitly assigned to *those* objects.

Alternatively, you could simply make sure the new user is in the same OU as the existing user you're modeling after, has the same group memberships and organizational role memberships, and is associated to the same application objects, and then match up their explicit rights assignments.

Nothing works better than having strict rights-assignment guidelines and following them.  If you haven't you've got a lot of work ahead of you.


OR

Get some advanced 3rd-party tools.  I can't help wonder if JRB Utilities would help here.  
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
ktmjamalAuthor Commented:
I may be looking more than 50 servers - all in one eDirectory.

I would like to use C1 but it's response is very very slow, sometimes I get the values which I am looking for. Most of the time it hang.

Do I need to add some snap ins.

Do u know any third party tool, which can be used for audit - even if payable, my company may buy it.

best regards with thanks

Amul.
0
 
vladhCommented:
0
 
ShineOnCommented:
I thought of that too, but after looking at it (I use it myself) it is volume-by-volume, not user-by-user.  It'd be nice if it could display all the explicit and inherited trustee rights for a specific user, for any and all volumes in the tree, but I don't see that as an option.  That's why I suggested that JRB Utilities might have something.  Their "fsrights" utility or "trstlist" utility look promising.

http://www.jrbsoftware.com/
0
 
ktmjamalAuthor Commented:
Now somehow ( I don't know how), the things are able to do thru' console one and nwadmin.

Thanks for your efforts.

If you find any good utility in future please inform here.

As of now we can end this question.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now