Appendix A - Access Rights for VINES Toolkit Users
This appendix provides information on the UNIX view available in the VINES SETARL program. The UNIX view is intended for use by VINES Toolkit users only. This appendix assumes that you are familiar with the SETARL program, which is described in Chapter 4.
To request a particular view or to limit the views that can appear, use the DOS SET command with the environment variable VIEWS= and the arguments V (VINES), M (Macintosh), and U (UNIX). You can use this command at the DOS command line before entering the SETARL program to control a single session with SETARL. Or, you can place SET VIEWS in a user profile or other batch file to set up default views for every session.
To see the UNIX view, you first need to use the DOS SET command with the VIEWS= environment variable set to U (UNIX) and any other file system view required.
For example, the command:
SET VIEWS=V,U
specifies that the VINES and UNIX views be displayed.
Once the VIEWS environment variable is set, the program returns error messages when you attempt to display a view that has not been set. For example, if you have set views to the UNIX view only, and you try to display the Macintosh view, you receive an error message. To display the view, issue an appropriate SET VIEWS command at the DOS command line and then access SETARL.
The syntax for this command is:
SET VIEWS=[file_system_view]
where [file_system_view] may be V (VINES, which in SETARL indicates DOS and OS/2), M (Macintosh), or U (UNIX), or any combination of the three.
Accessing the UNIX View in SETARL
When you access the SETARL program, use the /VIEW switch to request a particular view. For example:
SETARL /VIEW:U
requests the UNIX view of the ARL for the current directory.
Note: The VINES file system view appears by default if you enter SETARL without the /VIEW switch. However, if you have used SET VIEWS=M,U, the VINES view does not appear. The view that was last saved appears first.
When the SETARL main menu appears on the screen, the views you have selected with SET VIEWS= and the /VIEW switch appear in circular order - VINES, Macintosh, UNIX, and then VINES again. If you specified UNIX with the /VIEW switch, the UNIX view appears first, followed by the VINES view and then the Macintosh view. Keep in mind that the views you see depend on how the VIEWS= environment variable is set.
At the SETARL main menu (Set Access Rights), you can use all the commands in the same way you would for the VINES and Macintosh views. Refer to Chapter 4 and the help text for details. The UNIX view of a directory's ARL (Primary List) is shown below.
Remember that, before you can edit or copy an ARL from a particular view, you must display that view. To change the view currently displayed, press F4.
When the SETARL program displays directory listings (Select Path, Select Destination, and Select Source), you see only the DOS names of directories and files. To display an ARL for a UNIX file that does not have a DOS name, you must know the UNIX name of that file, and use the VRENAME command to give that file a name that is legal in DOS.
For details on using the VRENAME command, see Managing VINES Services or the Command Reference.
The UNIX view of any type of ARL displays the access rights Read, Write, and Execute. Table A-1 defines UNIX access rights.
Extended List - Maximum Rights
If you change the access rights of a group from UNIX (that is, using the CHMOD or CHGRP commands), that change is reflected in the Maximum Rights. The Extended List is affected only if a right previously granted to a user is denied by the change made under the UNIX file system.
The question in the SETARL screen, "UNIX clients inherit using VINES rules?" asks you to decide whether or not you want new subdirectories and files to inherit access rights following VINES rules or the native file system's rules. In the VINES view, you do not have a choice; VINES rules are assumed. In the Macintosh and UNIX views, however, you can choose between VINES rules or the native file system's rules. Note that only VINES rules can be used by other operating systems. You cannot use UNIX rules on Macintosh folders and files.
What you select affects the directories and files created from the native file system. By default, folders and files created from a Macintosh inherit using Macintosh rules, and directories and files created from UNIX inherit using UNIX rules.
VINES Rules
New subdirectories inherit the directory and new file ARLs of the parent directory. New files inherit access rights according to the parent directory's new file ARL. When a new file or subdirectory is created, the names and access rights in both the Primary and Extended Lists of the parent directory are copied to the ARLs of the new file or subdirectory.
Macintosh Rules
New files are governed by the parent folder's access privileges settings. Files can also be "locked" under Macintosh. The default privileges for any new Macintosh folders are that Owner has all access privileges, while Group and World (or, "Everyone" in the Macintosh window) have none. Note that the Owner of a folder must have the See Folders privilege on the parent folder to be able to see a subfolder.
The Owner of a new folder is the creator of the folder, and is the only one who can change the privileges. The Group is that of the Owner, and World (Everyone) is all users on the network.
UNIX Rules
In UNIX, you can specify the access rights upon creation of a file or directory. The creator is the Owner of a file or directory. The group the creator belongs to is the Group.
For existing files and directories, you can use the chmod, chown, or chgrp commands to change the access rights from UNIX. In addition, if you select UNIX rules for the ARL, then VFS uses the umask on creation of a new file or directory.
Table A-2 and Table A-3 show how the access rights set in one file system view are translated, or "mapped," to another file system view for directories and files.
Macintosh
Note that for files, even though VFS defines file-level protection for Macintosh files, the equivalent access rights on the parent folder are required for the access wanted. For example, a Macintosh user would need See Files on the parent folder as well as See Files on the file itself. In contrast, a VINES user would only need Search on the parent directory and Read on the file.
Example Mapping Access Rights
Anna Meier creates a directory from a DOS, Windows, or OS/2 workstation, and in the VINES view, she assigns Read and Write access to John Stevens. John has Read and Write access to the directory when using a DOS, Windows, or OS/2 workstation, but he has no access to that directory from a Macintosh workstation.