mars-nwe/doc/TRUSTEES

last changed: 12-May-98

First simple trustee handling is added in 0.99.pl9.

some notes/restrictions:

NOT ALL functions will work correct with trustees rights.
Trustee handling still needs to be hard tested to avoid 
SECURITY holes.

- trustee handling must be activated by setting the volumes 't' flag.
- if activated for the SYS directory then the following default 
  trustees should be set.
  GROUP EVERYBODY: C         in SYS:MAIL
                   FR        in SYS:PUBLIC
  SUPERVISOR:      SRWCEMFA  in SYS:

  the standard user rights in mail diretories are not so important, 
  because user has unix rights in this diretory.
  every USER:      RWCEMF in SYS:MAIL/userid

  A non root supervisor and user with supervisor equivalences 
  get default full trustee rights in root directory. These rights
  could be altered in subdirectories to less rights.
  A root supervisor always has full rights.

- if SYS volume is marked as trusttee volume then some
  checking routines will reduce g+o unix accesses in
  SYS:MAIL subdirectories.
- symlink directories must get direct trustees, inheritated_mask
  is set to 0 to prevent user making symlinks to directories
  they do not have real access.
- when stepping through directories, 
  inheritated_mask will be set to 0 if st_dev changes.
- only root assigned user may give trustee rights to 
  file/dir which st_dev differs from VOLUMES st_dev.
- only additional rights are given by trustees, existing
  unix user rights are not reduced.
  therefore trustee volumes should get low unix rights.
  for example:  0711 for directories and 0600 for files.
- for many routines the user still needs the 'x' directory right.
- the trusttee search is limitated to user and first level groups.
  'group in group' and 'normal' security equivalences are not supported.
  Supervisor equivalences are supported.
- an user can only be member of 32 groups.
- some changes of trustees only have effect after new login.
- must never be switched on volumes which do not have fix inodes,
  because trustees are represented by device and inode number of the
  file or directory.

- standard trustee directory is /var/nwserv/trustees 
  ( see nwserv.conf section 47 )

- representation under this directory is:
  - for user trustees:
    volumename/device/ino0/ino1/ino2/t.ino3/id -> trustee
    ino0 .. ino3 = byte 0 .. 3 of inode
    id = user id as hex number.
  - for inherit right masks  ( we use 'userid' 0 )
    volumename/device/ino0/ino1/ino2/t.ino3/0  -> inherit_right_mask
  - and for scanning trustees:
    volumename/device/ino0/ino1/ino2/n.ino3 -> path
    path is relativ to volumes root path.
  - and for 'trustees are changed' notifications:
    volumename/ts -> sernum (hex value)
  all values are represented by symbolic links, not files similar
  to the attribute handling.
mars_nwe-0.99.pl19 2011-11-13 00:38:59 +01:00			`last changed: 12-May-98`

			`First simple trustee handling is added in 0.99.pl9.`

			`some notes/restrictions:`

			`NOT ALL functions will work correct with trustees rights.`
			`Trustee handling still needs to be hard tested to avoid`
			`SECURITY holes.`

			`- trustee handling must be activated by setting the volumes 't' flag.`
			`- if activated for the SYS directory then the following default`
			`trustees should be set.`
			`GROUP EVERYBODY: C in SYS:MAIL`
			`FR in SYS:PUBLIC`
			`SUPERVISOR: SRWCEMFA in SYS:`

			`the standard user rights in mail diretories are not so important,`
			`because user has unix rights in this diretory.`
			`every USER: RWCEMF in SYS:MAIL/userid`

			`A non root supervisor and user with supervisor equivalences`
			`get default full trustee rights in root directory. These rights`
			`could be altered in subdirectories to less rights.`
			`A root supervisor always has full rights.`

			`- if SYS volume is marked as trusttee volume then some`
			`checking routines will reduce g+o unix accesses in`
			`SYS:MAIL subdirectories.`
			`- symlink directories must get direct trustees, inheritated_mask`
			`is set to 0 to prevent user making symlinks to directories`
			`they do not have real access.`
			`- when stepping through directories,`
			`inheritated_mask will be set to 0 if st_dev changes.`
			`- only root assigned user may give trustee rights to`
			`file/dir which st_dev differs from VOLUMES st_dev.`
			`- only additional rights are given by trustees, existing`
			`unix user rights are not reduced.`
			`therefore trustee volumes should get low unix rights.`
			`for example: 0711 for directories and 0600 for files.`
			`- for many routines the user still needs the 'x' directory right.`
			`- the trusttee search is limitated to user and first level groups.`
			`'group in group' and 'normal' security equivalences are not supported.`
			`Supervisor equivalences are supported.`
			`- an user can only be member of 32 groups.`
			`- some changes of trustees only have effect after new login.`
			`- must never be switched on volumes which do not have fix inodes,`
			`because trustees are represented by device and inode number of the`
			`file or directory.`

			`- standard trustee directory is /var/nwserv/trustees`
			`( see nwserv.conf section 47 )`

			`- representation under this directory is:`
			`- for user trustees:`
			`volumename/device/ino0/ino1/ino2/t.ino3/id -> trustee`
			`ino0 .. ino3 = byte 0 .. 3 of inode`
			`id = user id as hex number.`
			`- for inherit right masks ( we use 'userid' 0 )`
			`volumename/device/ino0/ino1/ino2/t.ino3/0 -> inherit_right_mask`
			`- and for scanning trustees:`
			`volumename/device/ino0/ino1/ino2/n.ino3 -> path`
			`path is relativ to volumes root path.`
			`- and for 'trustees are changed' notifications:`
			`volumename/ts -> sernum (hex value)`
			`all values are represented by symbolic links, not files similar`
			`to the attribute handling.`