Novell

This is Your Open EnterpriseTM

Trustee.nlm v 1.10.6

This document (5004280) is provided subject to the disclaimer at the end of this document.

patches this patch supersedes

FileProductStatusPatch
trust110f.exeNetWare 6.5ObsoleteTrustee.nlm v 1.10.6
trust110f.exeNetWare 4.2ObsoleteTrustee.nlm v 1.10.6
trust110f.exeNetWare 5.1ObsoleteTrustee.nlm v 1.10.6

patches that supersede this patch

This patch is not superseded by any other patches.

patch attributes

Security patch: No
Priority: Optional
Distribution Type: Public
http://download.novell.com/Download?buildid=61yvD_gW60I~

document

Revision: 10
Document ID: 5004280
Creation Date: 2007-05-07 20:32:06
Modified Date: 2008-05-05 05:34:26

abstract

This is a Public Release of the TRUSTEE.NLM. The program was tested on NetWare 4.x, 5.x and 6.x servers

details

Installation Instructions
Copy to the SYS:\SYSTEM directory of the NetWare server on which this NLM is to
be loaded.

Issue
Changes in v1.10.6:
- Enhanced command line parameter checking and syntax help
- Bug fix around IRM handling, volume names without a terminating colon caused
"Skipped incomplete entries, /R basePath might be missing" failures during restore
- Virtual volumes (_ADMIN and NSS_ADMIN) automatically excluded from scanning
while listing excess or effective file system rights
- System files and directories automatically excluded from restore:
sys:\cdrom$$.rom
:\deleted.sav
:\~DFSINFO.8-P
:\backout.tts
:\VOL$LOG.ERR
:\TTS$LOG.ERR
:\VOLDATA.TDF
:\_swap_.mem
:\uxaction.log
:\Network Trash Folder
Changes in v1.10.5:
- Bug fix: Trustee restore failed on Japanese NetWare
- Reviewed the code and made the necessary changes to support DBCS characters in path
- Ability to save and restore using relative path
- Ability to remove user and volume level quotas
Changes in v1.10.4:
- Few minor performance changes
Changes in v1.10c:
- Modified ScanExcessNDSRights() to report W right to ACL for every object, not only NCP Server objects
- Removed leading dot from user name when authenticating, to prevent -610 errors.
- We no longer call RingTheBell because of user complaints
- -601 errors will report Warning instead of an Error in every case
- Meaningful messages written for the error codes reported so far
Changes in v1.10a:
- Bug fix: /V caused path to be written twice to the output file
- Bug fix: restoring user quota failed for volume names ending with a colon
- Exclude volumes NSS_ADMIN and _ADMIN when performing SAVE ALL
Changes in v1.10:
- Handling of additional file system properties: attributes, owner, user quota, directory quota
- Ability to process files or directories only
- Verbose mode made optional to free up sys:\trustee.log for system and status messages
- Ability to include all files and directories to the output file, even in case of empty or default settings
(makes it easier to change the settings doing a search & replace)
Changes in 1.05a:
- Correctly handles volume root directory in all cases
Usage:
- LOAD TRUSTEE [options] SAVE (ALL | )
Saves all file system properties into a CSV file starting from the given path
(or, using the ALL parameter, all the directories and files on the volume).
Use options to include selected properties only, or to process files
or directories separately (see the Option explanation below).
Example:
LOAD TRUSTEE SAVE ALL VOL1:\Home\Admin\Trustee.txt
Save all properties from all local volumes to the specified file
LOAD TRUSTEE /EDI SAVE VOL1:\Programs VOL1:\Home\Admin\Trustee.txt
Save all directory quotas and IRMs starting at the given path
LOAD TRUSTEE /ETO /R SAVE DATA:\Home DATA:\Trustee.txt
Save all trustees and owners starting at the given path, storing relative path
- LOAD TRUSTEE [options] RESTORE
Restores file system properties from the CSV file created by the previous function.
Use options to restore selected properties only, or to process files
or directories separately (see the Option explanation below).
Example:
LOAD TRUSTEE RESTORE VOL1:\Home\Admin\Trustee.txt
Restore every settings found in the input file
LOAD TRUSTEE /D /ETI RESTORE VOL1:\Home\Admin\Trustee.txt
Restore only directory trustees and IRMs from that file
LOAD TRUSTEE /ETO /R USERS:\Home RESTORE USERS:\Trustee.txt
Restore all trustees and owners from file to the given base path
Input file is supposed to contain relative path only
- LOAD TRUSTEE REMOVE (ALL | )
Removes all trustee rights starting from the given path (or, using the ALL parameter,
all the directories and files on the volume). Will ask for confirmation when specifying
the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVE ALL
Remove all trustees from all volumes on this server
LOAD TRUSTEE REMOVE VOL1:\Programs
Remove all trustees starting at the given path
- LOAD TRUSTEE REMOVENULL (ALL | )
Removes all trustee rights starting from the given path (or, using the ALL parameter,
all the directories and files on the volume), where empty rights are assigned.
Will ask for confirmation when specifying the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVENULL ALL
Remove all empty trustees from all volumes on this server
LOAD TRUSTEE REMOVENULL VOL1:\Programs
Remove all empty trustees starting at the given path
- LOAD TRUSTEE REMOVEINVALID (ALL | )
Removes all trustee rights starting from the given path (or, using the ALL parameter,
all the directories and files on the volume), where the object ID is unknown or invalid
(ID to name mapping returns -601). Will ask for confirmation when specifying
the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVEINVALID ALL
Remove all invalid trustees from all volumes on this server
LOAD TRUSTEE REMOVEINVALID VOL1:\Programs
Remove all invalid trustees starting at the given path
- LOAD TRUSTEE EFFECTIVE
Reads through all the directories and files on the server (on all volumes) and
lists into the designated file (in CSV format) the effective rights of a user.
If a user does not have rights to a file or directory, it is not listed.
Example:
LOAD TRUSTEE EFFECTIVE "user.department.company" SYS:\effright.txt
Lists effective rights of that user for the entire server
LOAD TRUSTEE EFFECTIVE "cn=user.ou=department.o=company" SYS:\effright.txt
Lists effective rights of that user for the entire server
- LOAD TRUSTEE EFFECTIVEDIR
Reads through all the directories on the server (on all volumes) and lists
into the designated file (in CSV format) the effective rights of a user. If a
user does not have rights to a directory, it is not listed.
Example:
LOAD TRUSTEE EFFECTIVEDIR "user.department.company" SYS:\effright.txt
Lists effective rights of that user for the entire server (directories only)
LOAD TRUSTEE EFFECTIVEDIR "cn=user.ou=department.o=company" SYS:\effright.txt
Lists effective rights of that user for the entire server (directories only)
- LOAD TRUSTEE EXCESSNDS
Asks for an admin name and password, uses these to authenticate into NDS and
starting from [Root], it analyzes all objects. It reports the following cases
- that are considered to be dangerous - into the given file:
- S right to an object
- S right to an attribute
- W right to the ACL attribute of an object
Example:
LOAD TRUSTEE EXCESSNDS SYS:\suspect.txt
List excess or dangerous NDS rights for the entire tree
- LOAD TRUSTEE EXCESSFILE
Scans all volumes on the server, and reports the following cases
- that are considered to be dangerous - into the given file:
- [Public] has rights to anything except sys:login
- any rights to sys:system or a file or subdirectory inside
- any rights to sys:etc or a file or subdirectory inside
- any rights given to any volume root
- more than RF rights to sys:login
- more than RF rights to sys:public
Example:
LOAD TRUSTEE EXCESSFILE SYS:\suspect.txt
List excess or dangerous file system rights for the entire server
Options can be specified with the SAVE and RESTORE commands:

[/V] [/A] [/R[ basePath]] [/F] [/D] [/E[T][I][O][A][U][D]]
/V ... verbose mode (include all lines written to the output,
or read from the input file into sys:\trustee.log)
/A ... all entries, even unchanged or default ones
(makes it possible to change them in a text editor
and restore back)
/R ... use relative path (specify basePath for restore only)
/F ... files only
/D ... directories only
/ET ... trustee entries only
/EI ... IRM entries only
/EO ... owner entries only
/EA ... attribute entries only
/EU ... userquota entries only
/ED ... dirquota entries only
If no parameters are specified, the program gives a short description on usage.
The program lists its activities into the sys:\trustee.log file.
Sample output file:
TRUSTEE.NLM v1.10
"ATTR","SYS:\Apache\Apache.nlm","LONG","APShDi",""
"OWNER","SYS:\Apache\Apache.nlm","LONG","[Supervisor]",""
"TRUSTEE","SYS:\TRUSTEE\temp","LONG","user.org","RWCEMFA"
"IRM","SYS:\Network Trash Folder","LONG","S",""
"DIRQUOTA","SYS:\TRUSTEE\temp","LONG","3200",""
"USERQUOTA","DATA","LONG","user.org","3200"
ATTR
path The complete path, starting with the volume name
namespace DOS or LONG
attrs Abbreviated attribute names
Ro Read-Only
H Hidden
Sy System
A Archive needed
X Execute only
T Transactional
P Immediate purge
Sh Shareable
Di Delete inhibit
Ci Copy inhibit
Ri Rename inhibit
na Not used, leave it empty

OWNER
path The complete path, starting with the volume name
namespace DOS or LONG
owner Full distinguished object name
na Not used, leave it empty
TRUSTEE
path The complete path, starting with the volume name
namespace DOS or LONG
trustee Full distinguished object name
rights Trustee rights
R Read
W Write
C Create
E Erase
M Modify
F File scan
A Access control
IRM
path The complete path, starting with the volume name
namespace DOS or LONG
irm Rights allowed to flow down from upper levels
R Read
W Write
C Create
E Erase
M Modify
F File scan
A Access control
na Not used, leave it empty
DIRQUOTA
path The complete path, starting with the volume name
namespace DOS or LONG
quota Assigned quota in KB, must be a multiple of 4
Specify -1 on input to remove the quota
na Not used, leave it empty
USERQUOTA
vol Volume name
namespace DOS or LONG
owner Full distinguished object name
quota Assigned quota in KB, must be a multiple of 4
Specify -1 on input to remove the quota
Compatibility: The program was tested on NetWare 4.x, 5.x and 6.x servers.
Always use the latest support pack, or you might experience different issues on NSS volume

change log

Changes in v1.10.6:
- Enhanced command line parameter checking and syntax help
- Bug fix around IRM handling, volume names without a terminating colon caused
"Skipped incomplete entries, /R basePath might be missing" failures during restore
- Virtual volumes (_ADMIN and NSS_ADMIN) automatically excluded from scanning
while listing excess or effective file system rights
- System files and directories automatically excluded from restore:
sys:\cdrom$$.rom
:\deleted.sav
:\~DFSINFO.8-P
:\backout.tts
:\VOL$LOG.ERR
:\TTS$LOG.ERR
:\VOLDATA.TDF
:\_swap_.mem
:\uxaction.log
:\Network Trash Folder

file contents

Compressed File Name: trust110g.zip

Files IncludedSizeDate
readme_5004280.htmlN/A2008-05-05 05:34:27

disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.

Novell is a registered trademark of Novell, Inc. in the United States and other countries. SUSE is a registered trademark of SUSE Linux AG, a Novell business. *All third-party trademarks are the property of their respective owners.

© 2007 Novell, Inc. All Rights Reserved.