Posted on 2007-08-07
Last Modified: 2012-06-21
Novell 6.5

I am getting hang on my system when I use NWAdmin/Consoleone to show the
"rights to files and directories/folders"

I want to know  is there any script to bring the user-rights on all the folders/files.
Question by:ktmjamal
    LVL 19

    Expert Comment

    Yes, you will get lag as the program will have to scan the volume for trustee assignments before it can display them. Netware, sensibly, stores its trustee assignments on the actual volume they apply to, instead of centrally in the directory database.

    There is a legacy application, rights.exe, which you'll find in sys:/public which can be used to display trustee rights from a command prompt.

    What are you actually trying to achieve, some kind of security audit?

    Author Comment

    I am sys.admin in Novell.
    I need to give some rights for the users based on some other users.
    So, I need to check the other user's rights.
    My eDirectory is globally very very big.
    Some time I need to do audit check also.
    I need to try the rights command.
    If there is anyother script, I will be more happy.

    Thanks & Regards
    LVL 35

    Expert Comment

    How many servers and volumes are we talking about?

    The RIGHTS.EXE is deprecated, and rightfully so (no pun intended) as it was written for 16-bit DOS, and doesn't handle anything other than 8.3 filenames.  You may as well use the old FILER c-worthy program.

    Users shouldn't be given explicit rights individually unless it's unavoidable.  It can become a major mess very fast.  NetWare has such powerful inheritance features, that's the way to go, IMHO.

    One method to find out all the explicit rights of a user is to look at the user object, in ConsoleOne (you should NOT be using NWADMIN or NWADMN32 in NetWare 6.5 unless absolutely necessary, which is extremely rare.  Use C1 or iManager.)  

    On the last tab in the C1 user object properties page is filesystem rights, where you can select a volume and see what's been explicitly assigned if anything.  If you select all of your volume objects, you'll get a complete list of explicit assignments.

    For inherited rights, you need to look at the objects that user could inherit rights from - group membership, applications (if you have ZENworks,) Organizational Role objects, OU hierarchy (paying attention to any inheritance filters) and any other security principal that could be a source of filesystem rights inheritance for that user, and see what's explicitly assigned to *those* objects.

    Alternatively, you could simply make sure the new user is in the same OU as the existing user you're modeling after, has the same group memberships and organizational role memberships, and is associated to the same application objects, and then match up their explicit rights assignments.

    Nothing works better than having strict rights-assignment guidelines and following them.  If you haven't you've got a lot of work ahead of you.


    Get some advanced 3rd-party tools.  I can't help wonder if JRB Utilities would help here.  

    Author Comment

    I may be looking more than 50 servers - all in one eDirectory.

    I would like to use C1 but it's response is very very slow, sometimes I get the values which I am looking for. Most of the time it hang.

    Do I need to add some snap ins.

    Do u know any third party tool, which can be used for audit - even if payable, my company may buy it.

    best regards with thanks

    LVL 3

    Expert Comment

    LVL 35

    Accepted Solution

    I thought of that too, but after looking at it (I use it myself) it is volume-by-volume, not user-by-user.  It'd be nice if it could display all the explicit and inherited trustee rights for a specific user, for any and all volumes in the tree, but I don't see that as an option.  That's why I suggested that JRB Utilities might have something.  Their "fsrights" utility or "trstlist" utility look promising.

    Author Comment

    Now somehow ( I don't know how), the things are able to do thru' console one and nwadmin.

    Thanks for your efforts.

    If you find any good utility in future please inform here.

    As of now we can end this question.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Suggested Solutions

    Title # Comments Views Activity
    log in log 7 542
    Restoring old tapes - Arcserve for Netware 11 1,948
    Novel health.log too big 1 304
    Replicate files using Rsync 5 320
    This post first appeared at Oracleinaction  ( Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now