Menu
Novell access controls get makeover

Novell access controls get makeover

NetWare administrators should be pleased that Novell will extend the same access controls and rights they use in NetWare to the company's Nterprise Linux Services, whose initial implementation is expected to ship this week.

Access controls specify which users or groups within an organization can access files or folders and what they can do after accessing them. When access controls are assigned to users or groups of users in NetWare, they are known as trustee rights, permissions, access privileges and access rights.

Novell says it will release Novell-style file management/file services on Linux in two releases next year. This release includes access rights and privileges, trustee rights and permissions.

"In the early release we plan to make a lot of the management capabilities, including the access control lists and some of the management tools available on existing Linux file systems, such as ReiserFS and ext3," says Ed Anderson, vice president of product management for Novell.

"Later in 2004, we are planning on releasing full file and print services for Linux," Anderson says. "In the second release, we plan to have the Novell File System running on Linux's Network File System."

In NetWare, access rights for files and folders are classed by the permission they involve -- Access Control, Create, Erase, File Scan, Modify, Read, Supervisory and Write. Users can be assigned to groups, and within groups users can have different rights. In Linux, there are only three access rights - Read, Write and Execute -- which, by contrast, are less detailed and flexible and don't let IT administrators create as secure file access.

IT managers say that having the same access control features they have in NetWare is critical to Linux.

"There are two reasons -- the first reason is because we've come to know and love them," says Scott Hutchinson, network administrator for the Sheriff's Information Systems Costa County in Martinez, Calif.

"More importantly, if you don't have security that's controllable to the level of NetWare, a lot of the power and control (over file and directory access) is gone," he adds. Hutchinson has 12 NetWare 4 and 5 servers.

Hutchinson says with NetWare he can assign users to specific groups for specific purposes.

"We can have users in multiple groups or have users in two groups that have rights to the same folder because they are in the groups for different reasons," he says.

For instance, managers need access to more information than typical users. If there is a group called Marketing, which contains marketing managers and employees, the managers might be able to see a payroll file in a folder, while the other users wouldn't.

"In Linux, each user can belong to multiple groups, but you can only assign the ownership of a folder to one user and to one group," Hutchinson says.

"Another example is our database administrators (DBA), who manage several databases throughout the organization. Each group individually only has rights to their own database, but the DBAs need to have rights to all the databases," he says.

"Rather than adding that user to all of the groups, we just create a group called DBA in NetWare, and the DBA group has rights to those databases," Hutchinson says. "You can't do that in Linux."

Anderson says this is not the first time Novell has tackled the problem of rights assignment. With its NetWare for Unix product introduced in 1989, Novell mapped NetWare file services on top of Unix, whose access rights correspond to Linux.

In the second half of 2004, Novell will again revise Nterprise Linux Services by adding support for Novell's NetWare Core Protocol (NCP). NetWare file servers use NCP to process workstation requests and handle file and directory access.

The other task customers will be able to perform with this release is to bring up a Linux server and mount a newer Novell Storage Services (NSS) or NCP volume on it, so existing file volumes can run on Linux. NSS was introduced with NetWare 5 in 1998.

"Rather than having to migrate all your data across the wire, you could simply move the volumes from one server to another," Hutchinson says.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments