Network Rights
One aspect of security that the Network Supervisor must understand fully is the issue of Rights. You
must be aware of the rights that each user has in each directory and subdirectory of the network hard
drive(s) or Volume(s). This should also form part of the documentation that you have for your
network ( we will deal with this later). These rights allied with Netware File and Directory rights
determine what a user is allowed to do in a particular area of the Fileserver hard drive.
NETWARE DIRECTORY RIGHTS
ACCESS CONTROL Enables a user to give other users rights to a directory and to modify the
directory's rights mask; Netware 286's ACCESS CONTROL right enables a user to give and take
away from other users any combination of rights. Netware 386's ACCESS CONTROL right is
similar, except that the SUPERVISORY right cannot be given to someone else
CREATE Enables the user to create a file or subdirectory in the directory
ERASE Enables the user to erase an existing file or remove a subdirectory in the directory
FILE SCAN Enables a user to list the files in the directory
MODIFY Enables a user to rename a file or subdirectory or change the attributes of a file or
subdirectory
READ Enables a directory trustee to read the contents of existing files
SUPERVISORY Do not allocate this right to users in general. Only supervisor equivalents should
have this right. A user with this right has the equivalent of all other rights to the directory and all its
subdirectories. The SUPERVISORY right also overrides the rights withheld by a directory's inherited
rights mask. When a user has SUPERVISORY rights to a directory, no rights can be subtracted from
subdirectories below that directory.
WRITE Enables a directory trustee to change or add to the contents of existing files
NETWARE FILE RIGHTS
ACCESS CONTROL Enables a user to give other users rights to the file or to modify that file's
rights mask; you cannot use the ACCESS CONTROL right to give other users the SUPERVISORY
right to the file
CREATE Enables a user to use Netware 386's SALVAGE utility to recover the file if it has
been deleted
ERASE Enables a user to erase the file
FILE SCAN Enables a user to list the file even when she or he does not have the FILE SCAN
right to that file's directory
MODIFY Enables a user to rename the file or change the attributes of the file
READ Enables a file trustee to read the contents of the file
SUPERVISORY Gives the user all rights to the file and enables the user to give other users the
SUPERVISORY right to the file. The user can also change the rights mask of the file
WRITE Enables a file trustee to change or add to the contents of the file
RIGHTS REQUIRED TO DO COMMON TASKS
Read from a closed file: READ
See a filename: FILESCAN
Search a directory for files: FILESCAN
Write to a closed file: WRITE, CREATE, ERASE and MODIFY
Execute an EXE file: READ, FILESCAN
Create and write to a file: CREATE
Copy files from a directory: READ, FILESCAN
Copy files to a directory: WRITE, CREATE, FILESCAN
Make a new directory: CREATE
Delete a file: ERASE
Salvage deleted files: READ and FILESCAN on files and CREATE at directory
Change directory or file attributes: MODIFY
Rename a file or directory: MODIFY
Change the inherited rights mask: ACCESS CONTROL
Change trustee assignments: ACCESS CONTROL
Modify a directory’s disk space assignment between users: ACCESS CONTROL
Viewing Rights
To view your effective rights in a directory the user can use the RIGHTS command.
The syntax is
RIGHTS [path]
For example
RIGHTS F:\HOME\USER1
will tell you your rights in the F:\HOME\USER1 subdirectory.
| 
