Changes since v1.10
- Bug fix: /V caused path to be written twice to the output file
- Bug fix: restoring user quota failed for volume names ending with a colon
- Exclude volumes NSS_ADMIN and _ADMIN when performing SAVE ALL
Changes since v1.05a:
- Handling of additional file system properties: attributes, owner, user quota, directory quota
- Ability to process files or directories only
- Verbose mode made optional to free up sys:\trustee.log for system and status messages
- Ability to include all files and directories to the output file, even in case of empty or default settings
(makes it easier to change the settings doing a search & replace)
Changes since v1.05:
- Correctly handles volume root directory in all cases
Usage:
- LOAD TRUSTEE [options] SAVE (ALL | <path>) <outputFile>
Saves all file system properties into a CSV file starting from the given path
(or, using the ALL parameter, all the directories and files on the volume).
Use options to include selected properties only, or to process files
or directories separately (see the Option explanation below).
Example:
LOAD TRUSTEE SAVE ALL VOL1:\Home\Admin\Trustee.txt
Saves all properties from all local volumes to the specified file
LOAD TRUSTEE /EDI SAVE VOL1:\Programs VOL1:\Home\Admin\Trustee.txt
Saves all directory quotas and IRMs starting at the given path
- LOAD TRUSTEE [options] RESTORE <inputFile>
Restores file system properties from the CSV file created by the previous function.
Use options to restore selected properties only, or to process files
or directories separately (see the Option explanation below).
Example:
LOAD TRUSTEE RESTORE VOL1:\Home\Admin\Trustee.txt
Restores every settings found in the input file
LOAD TRUSTEE /D /ETI RESTORE VOL1:\Home\Admin\Trustee.txt
Restores only directory trustees and IRMs from that file
- LOAD TRUSTEE REMOVE (ALL | <path>)
Removes all trustee rights starting from the given path (or, using the ALL parameter,
all the directories and files on the volume). Will ask for confirmation when specifying
the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVE ALL
Removes all trustees from all volumes on this server
LOAD TRUSTEE REMOVE VOL1:\Programs
Removes all trustees starting at the given path
- LOAD TRUSTEE REMOVENULL (ALL | <path>)
Removes all trustee rights starting from the given path (or, using the ALL parameter,
all the directories and files on the volume), where empty rights are assigned.
Will ask for confirmation when specifying the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVENULL ALL
Removes all empty trustees from all volumes on this server
LOAD TRUSTEE REMOVENULL VOL1:\Programs
Removes all empty trustees starting at the given path
- LOAD TRUSTEE REMOVEINVALID (ALL | <path>)
Removes all trustee rights starting from the given path (or, using the ALL parameter,
all the directories and files on the volume) where the object ID is unknown or invalid
(ID to name mapping returns -601). Will ask for confirmation when specifying
the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVEINVALID ALL
Removes all invalid trustees from all volumes on this server
LOAD TRUSTEE REMOVEINVALID VOL1:\Programs
Removes all invalid trustees starting at the given path
- LOAD TRUSTEE EFFECTIVE <objectName> <outputFile>
Reads through all the directories and files on the server (on all volumes) and
lists into the designated file (in CSV format) the effective rights of a user.
If a user does not have rights to a file or directory, it is not listed.
Example:
LOAD TRUSTEE EFFECTIVE "user.department.company" SYS:\effright.txt
Lists effective rights of that user for the entire server
LOAD TRUSTEE EFFECTIVE "cn=user.ou=department.o=company" SYS:\effright.txt
Lists effective rights of that user for the entire server
- LOAD TRUSTEE EFFECTIVEDIR <objectName> <outputFile>
Reads through all the directories on the server (on all volumes) and lists
into the designated file (in CSV format) the effective rights of a user. If a
user does not have rights to a directory, it is not listed.
Example:
LOAD TRUSTEE EFFECTIVEDIR "user.department.company" SYS:\effright.txt
Lists effective rights of that user for the entire server (directories only)
LOAD TRUSTEE EFFECTIVEDIR "cn=user.ou=department.o=company" SYS:\effright.txt
Lists effective rights of that user for the entire server (directories only)
- LOAD TRUSTEE EXCESSNDS <outputFile>
Asks for an admin name and password, uses these to authenticate into NDS and
starting from [Root], it analyzes all objects. It reports the following cases
- that are considered to be dangerous - into the given file:
- S right to an object
- S right to an attribute
- W right to the ACL attribute of an NCP Server object
Example:
LOAD TRUSTEE EXCESSNDS SYS:\suspect.txt
Lists excess or dangerous NDS rights for the entire tree
- LOAD TRUSTEE EXCESSFILE <outputFile>
Scans all volumes on the server and reports the following cases
- that are considered to be dangerous - into the given file:
- [Public] has rights to anything except sys:login
- any rights to sys:system or a file or subdirectory inside
- any rights to sys:etc or a file or subdirectory inside
- any rights given to any volume root
- more than RF rights to sys:login
- more than RF rights to sys:public
Example:
LOAD TRUSTEE EXCESSFILE SYS:\suspect.txt
Lists excess or dangerous file system rights for the entire server
Options can be specified with the SAVE and RESTORE commands:
[/V] [/A] [/F] [/D] [/E[T][I][O][A][U][D]]
/V ... verbose mode (include all lines written to the output,
or read from the input file into sys:\trustee.log)
/A ... all entries, even unchanged or default ones
(makes it possible to change them in a text editor
and restore)
/F ... files only
/D ... directories only
/ET ... trustee entries only
/EI ... IRM entries only
/EO ... owner entries only
/EA ... attribute entries only
/EU ... userquota entries only
/ED ... dirquota entries only
If no parameters are specified, the program gives a short description on usage.
The program lists its activities into the sys:\trustee.log file.
Sample output file:
TRUSTEE.NLM v1.10
"ATTR","SYS:\Apache\Apache.nlm","LONG","APShDi",""
"OWNER","SYS:\Apache\Apache.nlm","LONG","[Supervisor]",""
"TRUSTEE","SYS:\TRUSTEE\temp","LONG","user.org","RWCEMFA"
"IRM","SYS:\Network Trash Folder","LONG","S",""
"DIRQUOTA","SYS:\TRUSTEE\temp","LONG","3200",""
"USERQUOTA","DATA","LONG","user.org","3200"
ATTR
path The complete path, starting with the volume name
namespace DOS or LONG
attrs Abbreviated attribute names
Ro Read-Only
H Hidden
Sy System
A Archive needed
X Execute only
T Transactional
P Immediate purge
Sh Shareable
Di Delete inhibit
Ci Copy inhibit
Ri Rename inhibit
na Not used, leave it empty
OWNER
path The complete path, starting with the volume name
namespace DOS or LONG
owner Full distinguished object name
na Not used, leave it empty
TRUSTEE
path The complete path, starting with the volume name
namespace DOS or LONG
trustee Full distinguished object name
rights Trustee rights
R Read
W Write
C Create
E Erase
M Modify
F File Scan
A Access control
IRM
path The complete path, starting with the volume name
namespace DOS or LONG
irm Rights allowed to flow down from upper levels
R Read
W Write
C Create
E Erase
M Modify
F File Scan
A Access control
na Not used, leave it empty
DIRQUOTA
path The complete path, starting with the volume name
namespace DOS or LONG
quota Assigned quota in KB, must be a multiple of 4
na Not used, leave it empty
USERQUOTA
vol Volume name
namespace DOS or LONG
owner Full distinguished object name
quota Assigned quota in KB, must be a multiple of 4
Compatibility: The program was tested on NetWare 4.x, 5.x and 6.x servers.
Always use the latest support pack or you might experience different issues on NSS volumes.
|