...одинаковые параметры....
NOVELL TECHNICAL INFORMATION DOCUMENT
TITLE: Trustee.nlm v 1.10c
TID #: 2966735
README FOR: trust110c.exe
SUPERSEDES:
trust110.exe
NOVELL PRODUCTS and VERSIONS:
NetWare 6
NetWare 5.1
NetWare 4.2
ABSTRACT:
This is a Public Release of the TRUSTEE.NLM.
The program was tested on NetWare 4.x, 5.x and 6.x servers.
-----------------------------------------------------------------
DISCLAIMER
THE ORIGIN OF THIS INFORMATION MAY BE INTERNAL OR EXTERNAL TO
NOVELL. NOVELL MAKES ALL REASONABLE EFFORTS TO VERIFY THIS
INFORMATION. HOWEVER, THE INFORMATION PROVIDED IN THIS DOCUMENT
IS FOR YOUR INFORMATION ONLY. NOVELL MAKES NO EXPLICIT OR IMPLIED
CLAIMS TO THE VALIDITY OF THIS INFORMATION.
-----------------------------------------------------------------
INSTALLATION INSTRUCTIONS:
Copy to the SYS:\SYSTEM directory of the NetWare server on which this NLM is to
be loaded.
ISSUE:
ISSUE:
Changes since trust110a.exe (TID2964994):
- Modified ScanExcessNDSRights() to report W right to ACL for every object, not
only NCP Server objects
- Removed leading dot from user name when authenticating, to prevent -610
errors.
- We no longer call RingTheBell because of user complaints
- -601 errors will report Warning instead of an Error in every case
- Meaningful messages written for the error codes reported so far
- Version changed to v1.10c
Changes since v1.10
- Bug fix: /V caused path to be written twice to the output file
- Bug fix: restoring user quota failed for volume names ending with a colon
- Exclude volumes NSS_ADMIN and _ADMIN when performing SAVE ALL
Changes since v1.05a:
- Handling of additional file system properties: attributes, owner, user
quota, directory quota
- Ability to process files or directories only
- Verbose mode made optional to free up sys:\trustee.log for system and
status messages
- Ability to include all files and directories to the output file, even in
case of empty or default settings
(makes it easier to change the settings doing a search & replace)
Changes since v1.05:
- Correctly handles volume root directory in all cases
Usage:
- LOAD TRUSTEE [options] SAVE (ALL | <path>) <outputFile>
Saves all file system properties into a CSV file starting from the given path
(or, using the ALL parameter, all the directories and files on the volume).
Use options to include selected properties only, or to process files
or directories separately (see the Option explanation below).
Example:
LOAD TRUSTEE SAVE ALL VOL1:\Home\Admin\Trustee.txt
Saves all properties from all local volumes to the specified file
LOAD TRUSTEE /EDI SAVE VOL1:\Programs VOL1:\Home\Admin\Trustee.txt
Saves all directory quotas and IRMs starting at the given path
- LOAD TRUSTEE [options] RESTORE <inputFile>
Restores file system properties from the CSV file created by the previous
function.
Use options to restore selected properties only, or to process files
or directories separately (see the Option explanation below).
Example:
LOAD TRUSTEE RESTORE VOL1:\Home\Admin\Trustee.txt
Restores every settings found in the input file
LOAD TRUSTEE /D /ETI RESTORE VOL1:\Home\Admin\Trustee.txt
Restores only directory trustees and IRMs from that file
- LOAD TRUSTEE REMOVE (ALL | <path>)
Removes all trustee rights starting from the given path (or, using the ALL
parameter,
all the directories and files on the volume). Will ask for confirmation when
specifying
the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVE ALL
Removes all trustees from all volumes on this server
LOAD TRUSTEE REMOVE VOL1:\Programs
Removes all trustees starting at the given path
- LOAD TRUSTEE REMOVENULL (ALL | <path>)
Removes all trustee rights starting from the given path (or, using the ALL
parameter,
all the directories and files on the volume), where empty rights are
assigned.
Will ask for confirmation when specifying the ALL parameter or a path on the
SYS volume.
Example:
LOAD TRUSTEE REMOVENULL ALL
Removes all empty trustees from all volumes on this server
LOAD TRUSTEE REMOVENULL VOL1:\Programs
Removes all empty trustees starting at the given path
- LOAD TRUSTEE REMOVEINVALID (ALL | <path>)
Removes all trustee rights starting from the given path (or, using the ALL
parameter,
all the directories and files on the volume) where the object ID is unknown
or invalid
(ID to name mapping returns -601). Will ask for confirmation when specifying
the ALL parameter or a path on the SYS volume.
Example:
LOAD TRUSTEE REMOVEINVALID ALL
Removes all invalid trustees from all volumes on this server
LOAD TRUSTEE REMOVEINVALID VOL1:\Programs
Removes all invalid trustees starting at the given path
- LOAD TRUSTEE EFFECTIVE <objectName> <outputFile>
Reads through all the directories and files on the server (on all volumes)
and
lists into the designated file (in CSV format) the effective rights of a
user.
If a user does not have rights to a file or directory, it is not listed.
Example:
LOAD TRUSTEE EFFECTIVE "user.department.company" SYS:\effright.txt
Lists effective rights of that user for the entire server
LOAD TRUSTEE EFFECTIVE "cn=user.ou=department.o=company" SYS:\effright.txt
Lists effective rights of that user for the entire server
- LOAD TRUSTEE EFFECTIVEDIR <objectName> <outputFile>
Reads through all the directories on the server (on all volumes) and lists
into the designated file (in CSV format) the effective rights of a user. If a
user does not have rights to a directory, it is not listed.
Example:
LOAD TRUSTEE EFFECTIVEDIR "user.department.company" SYS:\effright.txt
Lists effective rights of that user for the entire server (directories
only)
LOAD TRUSTEE EFFECTIVEDIR "cn=user.ou=department.o=company" SYS:\effright.txt
Lists effective rights of that user for the entire server (directories only)
- LOAD TRUSTEE EXCESSNDS <outputFile>
Asks for an admin name and password, uses these to authenticate into NDS and
starting from [Root], it analyzes all objects. It reports the following cases
- that are considered to be dangerous - into the given file:
- S right to an object
- S right to an attribute
- W right to the ACL attribute of an NCP Server object
Example:
LOAD TRUSTEE EXCESSNDS SYS:\suspect.txt
Lists excess or dangerous NDS rights for the entire tree
- LOAD TRUSTEE EXCESSFILE <outputFile>
Scans all volumes on the server and reports the following cases
- that are considered to be dangerous - into the given file:
- [Public] has rights to anything except sys:login
- any rights to sys:system or a file or subdirectory inside
- any rights to sys:etc or a file or subdirectory inside
- any rights given to any volume root
- more than RF rights to sys:login
- more than RF rights to sys:public
Example:
LOAD TRUSTEE EXCESSFILE SYS:\suspect.txt
Lists excess or dangerous file system rights for the entire server
Options can be specified with the SAVE and RESTORE commands:
[/V] [/A] [/F] [/D] [/E[T][I][O][A][U][D]]
/V ... verbose mode (include all lines written to the output,
or read from the input file into sys:\trustee.log)
/A ... all entries, even unchanged or default ones
(makes it possible to change them in a text editor
and restore)
/F ... files only
/D ... directories only
/ET ... trustee entries only
/EI ... IRM entries only
/EO ... owner entries only
/EA ... attribute entries only
/EU ... userquota entries only
/ED ... dirquota entries only
If no parameters are specified, the program gives a short description on usage.
The program lists its activities into the sys:\trustee.log file.
Sample output file:
TRUSTEE.NLM v1.10
"ATTR","SYS:\Apache\Apache.nlm","LONG","APShDi",""
"OWNER","SYS:\Apache\Apache.nlm","LONG","[Supervisor]",""
"TRUSTEE","SYS:\TRUSTEE\temp","LONG","user.org","RWCEMFA"
"IRM","SYS:\Network Trash Folder","LONG","S",""
"DIRQUOTA","SYS:\TRUSTEE\temp","LONG","3200",""
"USERQUOTA","DATA","LONG","user.org","3200"
ATTR
path The complete path, starting with the volume name
namespace DOS or LONG
attrs Abbreviated attribute names
Ro Read-Only
H Hidden
Sy System
A Archive needed
X Execute only
T Transactional
P Immediate purge
Sh Shareable
Di Delete inhibit
Ci Copy inhibit
Ri Rename inhibit
na Not used, leave it empty
OWNER
path The complete path, starting with the volume name
namespace DOS or LONG
owner Full distinguished object name
na Not used, leave it empty
TRUSTEE
path The complete path, starting with the volume name
namespace DOS or LONG
trustee Full distinguished object name
rights Trustee rights
R Read
W Write
C Create
E Erase
M Modify
F File Scan
A Access control
IRM
path The complete path, starting with the volume name
namespace DOS or LONG
irm Rights allowed to flow down from upper levels
R Read
W Write
C Create
E Erase
M Modify
F File Scan
A Access control
na Not used, leave it empty
DIRQUOTA
path The complete path, starting with the volume name
namespace DOS or LONG
quota Assigned quota in KB, must be a multiple of 4
na Not used, leave it empty
USERQUOTA
vol Volume name
namespace DOS or LONG
owner Full distinguished object name
quota Assigned quota in KB, must be a multiple of 4
Compatibility: The program was tested on NetWare 4.x, 5.x and 6.x servers.
Always use the latest support pack or you might experience
different issues on NSS volumes.
Self-Extracting File Name: trust110c.exe
Files Included Size Date Time
..\
TRUST110C.TXT (This file)
TRUSTEE.NLM 16291 8-11-2003 3:56:52 pm
-----------------------------------------------------------------
Any trademarks referenced in this document are the property of their respective
owners. Consult your product manuals for complete trademark information.
-----------------------------------------------------------------
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 81