NOVELL TECHNICAL INFORMATION DOCUMENT

TITLE:  Trustee.nlm v1.10a
TID #:  2964994
README FOR:  Trust110a.exe

SUPERSEDES:
trust110.exe

NOVELL PRODUCTS and VERSIONS:
NetWare for Small Business 4.2
NetWare 4.2
NetWare 5.1
NetWare 6

ABSTRACT:

This is a Public Release of the TRUSTEE.NLM.
The program was tested on NetWare 4.x, 5.x and 6.x servers.


-----------------------------------------------------------------
DISCLAIMER
THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO 
NOVELL.  NOVELL MAKES ALL REASONABLE EFFORTS TO VERIFY THIS 
INFORMATION.  HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT 
IS FOR YOUR INFORMATION ONLY.  NOVELL MAKES NO EXPLICIT OR IMPLIED 
CLAIMS TO THE VALIDITY OF THIS INFORMATION.
-----------------------------------------------------------------


INSTALLATION INSTRUCTIONS:

Copy to the SYS:\SYSTEM directory of the NetWare server on which this NLM is to
be loaded. 


ISSUE: 

Changes since v1.10
 - Bug fix: /V caused path to be written twice to the output file
 - Bug fix: restoring user quota failed for volume names ending with a colon
 - Exclude volumes NSS_ADMIN and _ADMIN when performing SAVE ALL

Changes since v1.05a:
  - Handling of additional file system properties: attributes, owner, user
quota, directory quota
  - Ability to process files or directories only
  - Verbose mode made optional to free up sys:\trustee.log for system and
status messages
  - Ability to include all files and directories to the output file, even in
case of empty or default settings
    (makes it easier to change the settings doing a search & replace)

Changes since v1.05:

  - Correctly handles volume root directory in all cases

Usage:

- LOAD TRUSTEE [options] SAVE (ALL | <path>) <outputFile>
  Saves all file system properties into a CSV file starting from the given path
(or, using the ALL parameter, all the directories and files on the volume).
  Use options to include selected properties only, or to process files
  or directories separately (see the Option explanation below).

  Example:
  LOAD TRUSTEE SAVE ALL VOL1:\Home\Admin\Trustee.txt
    Saves all properties from all local volumes to the specified file
  LOAD TRUSTEE /EDI SAVE VOL1:\Programs VOL1:\Home\Admin\Trustee.txt
    Saves all directory quotas and IRMs starting at the given path

- LOAD TRUSTEE [options] RESTORE <inputFile>
  Restores file system properties from the CSV file created by the previous
function.
  Use options to restore selected properties only, or to process files
  or directories separately (see the Option explanation below).

  Example:
  LOAD TRUSTEE RESTORE VOL1:\Home\Admin\Trustee.txt
    Restores every settings found in the input file
  LOAD TRUSTEE /D /ETI RESTORE VOL1:\Home\Admin\Trustee.txt
    Restores only directory trustees and IRMs from that file

- LOAD TRUSTEE REMOVE (ALL | <path>)
  Removes all trustee rights starting from the given path (or, using the ALL
parameter,
  all the directories and files on the volume). Will ask for confirmation when
specifying
  the ALL parameter or a path on the SYS volume.

  Example:
  LOAD TRUSTEE REMOVE ALL
    Removes all trustees from all volumes on this server
  LOAD TRUSTEE REMOVE VOL1:\Programs
    Removes all trustees starting at the given path

- LOAD TRUSTEE REMOVENULL (ALL | <path>)
  Removes all trustee rights starting from the given path (or, using the ALL
parameter,
  all the directories and files on the volume), where empty rights are
assigned.
  Will ask for confirmation when specifying the ALL parameter or a path on the
SYS volume.

  Example:
  LOAD TRUSTEE REMOVENULL ALL
    Removes all empty trustees from all volumes on this server
  LOAD TRUSTEE REMOVENULL VOL1:\Programs
    Removes all empty trustees starting at the given path

- LOAD TRUSTEE REMOVEINVALID (ALL | <path>)
  Removes all trustee rights starting from the given path (or, using the ALL
parameter,
  all the directories and files on the volume) where the object ID is unknown
or invalid
  (ID to name mapping returns -601). Will ask for confirmation when specifying
  the ALL parameter or a path on the SYS volume.

  Example:
  LOAD TRUSTEE REMOVEINVALID ALL
    Removes all invalid trustees from all volumes on this server
  LOAD TRUSTEE REMOVEINVALID VOL1:\Programs
    Removes all invalid trustees starting at the given path

- LOAD TRUSTEE EFFECTIVE <objectName> <outputFile>
  Reads through all the directories and files on the server (on all volumes)
and 
  lists into the designated file (in CSV format) the effective rights of a
user. 
  If a user does not have rights to a file or directory, it is not listed.

  Example:
  LOAD TRUSTEE EFFECTIVE "user.department.company" SYS:\effright.txt
    Lists effective rights of that user for the entire server
  LOAD TRUSTEE EFFECTIVE "cn=user.ou=department.o=company" SYS:\effright.txt
    Lists effective rights of that user for the entire server

- LOAD TRUSTEE EFFECTIVEDIR <objectName> <outputFile>
  Reads through all the directories on the server (on all volumes) and lists 
  into the designated file (in CSV format) the effective rights of a user. If a
user does not have rights to a directory, it is not listed.

  Example:
  LOAD TRUSTEE EFFECTIVEDIR "user.department.company" SYS:\effright.txt
    Lists effective rights of that user for the entire server (directories
only)
  LOAD TRUSTEE EFFECTIVEDIR "cn=user.ou=department.o=company" SYS:\effright.txt
Lists effective rights of that user for the entire server (directories only)

- LOAD TRUSTEE EXCESSNDS <outputFile>
  Asks for an admin name and password, uses these to authenticate into NDS and 
starting from [Root], it analyzes all objects. It reports the following cases 
  - that are considered to be dangerous - into the given file:

  - S right to an object
  - S right to an attribute
  - W right to the ACL attribute of an NCP Server object

  Example:
  LOAD TRUSTEE EXCESSNDS SYS:\suspect.txt
    Lists excess or dangerous NDS rights for the entire tree

- LOAD TRUSTEE EXCESSFILE <outputFile>
  Scans all volumes on the server and reports the following cases
  - that are considered to be dangerous - into the given file:

  - [Public] has rights to anything except sys:login
  - any rights to sys:system or a file or subdirectory inside
  - any rights to sys:etc or a file or subdirectory inside
  - any rights given to any volume root
  - more than RF rights to sys:login
  - more than RF rights to sys:public

  Example:
  LOAD TRUSTEE EXCESSFILE SYS:\suspect.txt
    Lists excess or dangerous file system rights for the entire server

Options can be specified with the SAVE and RESTORE commands:
  
    [/V] [/A] [/F] [/D] [/E[T][I][O][A][U][D]]
    /V ... verbose mode (include all lines written to the output,
            or read from the input file into sys:\trustee.log)
    /A ... all entries, even unchanged or default ones
            (makes it possible to change them in a text editor
            and restore)
    /F ... files only
    /D ... directories only
    /ET ... trustee entries only
    /EI ... IRM entries only
    /EO ... owner entries only
    /EA ... attribute entries only
    /EU ... userquota entries only
    /ED ... dirquota entries only

If no parameters are specified, the program gives a short description on usage.
The program lists its activities into the sys:\trustee.log file.

Sample output file:

TRUSTEE.NLM v1.10
"ATTR","SYS:\Apache\Apache.nlm","LONG","APShDi",""
"OWNER","SYS:\Apache\Apache.nlm","LONG","[Supervisor]",""
"TRUSTEE","SYS:\TRUSTEE\temp","LONG","user.org","RWCEMFA"
"IRM","SYS:\Network Trash Folder","LONG","S",""
"DIRQUOTA","SYS:\TRUSTEE\temp","LONG","3200",""
"USERQUOTA","DATA","LONG","user.org","3200"

ATTR
  path The complete path, starting with the volume name
  namespace DOS or LONG
  attrs Abbreviated attribute names
             Ro Read-Only
             H Hidden
             Sy System
             A Archive needed
             X Execute only
             T Transactional
             P Immediate purge
             Sh Shareable
             Di Delete inhibit
             Ci Copy inhibit
             Ri Rename inhibit
  na Not used, leave it empty
  
OWNER
  path The complete path, starting with the volume name
  namespace DOS or LONG
  owner Full distinguished object name
  na Not used, leave it empty

TRUSTEE
  path The complete path, starting with the volume name
  namespace DOS or LONG
  trustee Full distinguished object name
  rights Trustee rights
             R Read
             W Write
             C Create
             E Erase
             M Modify
             F File Scan
             A Access control

IRM
  path The complete path, starting with the volume name
  namespace DOS or LONG
  irm Rights allowed to flow down from upper levels
             R Read
             W Write
             C Create
             E Erase
             M Modify
             F File Scan
             A Access control
  na Not used, leave it empty

DIRQUOTA
  path The complete path, starting with the volume name
  namespace DOS or LONG
  quota Assigned quota in KB, must be a multiple of 4
  na Not used, leave it empty

USERQUOTA
  vol Volume name
  namespace DOS or LONG
  owner Full distinguished object name
  quota Assigned quota in KB, must be a multiple of 4

Compatibility: The program was tested on NetWare 4.x, 5.x and 6.x servers.
               Always use the latest support pack or you might experience
different issues on NSS volumes.


Self-Extracting File Name: Trust110a.exe

Files Included          Size         Date          Time
..\
 TRUST110A.TXT   (This file)
   TRUSTEE.NLM         15680    2-17-2003   10:17:30 am



-----------------------------------------------------------------
Any trademarks referenced in this document are the property of their respective
owners.  Consult your product manuals for complete trademark information.
-----------------------------------------------------------------