Chapter 3 - Creating File Services
Overview of the VINES File System (VFS)
The VINES File System (VFS) lets you create and manage file services that support DOS, OS/2, and Macintosh workstations. As a superset of the DOS and OS/2 File Allocation Table (FAT) system and the Macintosh file system, VFS supports them all.
To help you manage VFS file services, VINES software provides a file service management program called VFILES, from which you can access the tools described in Table 3-1. These tools are also accessible directly from the system prompt.
This chapter introduces VFS, explains how to create a file service and make it available to users with the SETDRIVE program. For information on using the SETARL, SETATTR, and REPORT programs, see Managing VINES Security. For information on using the VFILES program, see "Using VFILES" in Chapter 4. For information on using the V commands, see Chapter 5.
The following two definitions will help you understand this chapter:
File System View - DOS and OS/2 FAT and Macintosh file systems constitute different views for VFS client programs such as SETARL. A view is the perspective from which access rights, attributes, and names of directories and files are displayed, edited, and saved. For example, you can edit and save access rights from the Macintosh view in SETARL and the screen will display the same access rights as the Get Privileges box on the Macintosh desktop.
File System Components - Directories, subdirectories, and files are the components of a file system.
Heterogeneous file sharing means that DOS, Windows, OS/2, and Macintosh users on a VINES network can share files stored on the same VINES file service or volume. The VINES File System (VFS) maintains the components of a file service and all associated information. This information includes:
The names of directories and files Their attributes and Access Rights Lists The date and time they were created, last accessed, and last modified
Caution: VFS does not provide the translation software required to share files between applications on different platforms. Depending on the application, you must purchase and install translation software separately. If you do not store and process files appropriately for the application, you can lose data.
Sharing Files Between Applications Across Platforms
If users transfer files from a DOS-based word processor to a Macintosh-based desktop publishing package, they must save the files in the appropriate format for transfer and run a translation utility. Some applications allow you to save files in a format appropriate for transfer, translate the files for you, and do not require a translation utility. Refer to the documentation that accompanies your applications before attempting to share files across file systems.
The major issues of heterogeneous file sharing include:
Naming rules Access rights Synchronization among the different file systems
The rest of this section explains how VFS addresses each issue and directs you to other sections that explain VFS and related client programs in more detail.
Names of Directories and Files
To support heterogeneous file sharing, VFS creates and maintains names for each component of a file service. VFS names are based on the naming rules of the file system in which the component is created and on the rules of the file system(s) in which the component is shared. VFS follows these guidelines to derive names:
If the component is created at a Macintosh, VFS follows AppleShare naming rules. To generate names in the other spaces, VFS follows the XOPEN rules (UNIX V). If the component is created from any other file system, VFS follows XOPEN naming rules established by Microsoft Corporation to coordinate DOS FAT and OS/2 High Performance File System (HPFS) names.
DOS and OS/2 Fat naming rules are more restrictive than Macintosh naming rules. To minimize problems, create names that adhere to DOS and OS/2 FAT naming rules. For details on naming rules of all supported file systems, see Appendix A.
To integrate different file systems, VFS preserves their native access rights and attributes, and presents both the native file system view and a composite VINES view. VFS lets you choose the view you use to set access rights and attributes, and lets you see how settings in one view affect settings in another view.
In case of conflict, VFS enforces the most secure settings.
Macintosh
The Macintosh file system has its own Access Rights List called Get Privileges. Macintosh lets you assign attributes to files (for example, the Locked attribute) and create a special case for a folder, known as a drop box.
The DOS and OS/2 FAT file system has file attributes but lacks an Access Rights List (ARL). The SETARL program provides a VINES ARL for DOS and OS/2, and supports the native Macintosh ARL. In addition, you can set access rights for both directories and files.
VINES ARL contains a set of mandatory entries, called the Primary List. The Primary List consists of:
Owner Group World
Every directory and file in a VINES file service has an ARL with at least an Owner, a Group, and World (always *@*@*). While these mandatory entries support Macintosh, they also ensure that VINES adheres to the POSIX specification.
A VINES ARL also contains a set of five optional entries, called the Extended List. This list has a maximum rights mask, called Maximum Rights, which is a set of access rights that overrides any settings for individual entries in the Extended List. If you upgraded from a 4.xx release of VINES, you will find your original VINES ARLs in the Extended Lists.
VFS verifies access by checking the file system view from which the ARL was last saved and if the user requesting access is on the ARL. VFS checks for the user's StreetTalk name in the following order:
1. Owner
2. Individual StreetTalk names in the Extended List
3. Group
4. Groups or StreetTalk lists in the Extended List
5. Organizations in the Extended List
6. World
The access rights granted to a user differ according to the file system view from which the ARL was last saved:
VINES View - VFS grants the access rights assigned to the first entry it encounters that matches the user name.
The access rights in the VINES view are not cumulative. If users have Control access to a file, it means only that they can change the Access Rights List. To open, edit, and save the file, they must also have Read and Write access. For complete details on access rights, see Managing VINES Security.
Mac View - VFS adheres to the AppleShare verification method. If a user name matches both the Group and World fields, the user is granted a combination of the access rights.
Example Setting Access Rights in the VINES View
Duncan Fraser@Sal@WCTUS is on the Extended List. As he belongs to the Group *@Sal@WCTUS, Duncan is granted the rights provided to that group in the Extended List. However, if Duncan's name is in two lists, in a list and a group, or in two groups on the Extended List, then Duncan receives the rights granted to the first list or group that appears on the Extended List. The order in which lists or groups appear on the Extended List is therefore important.
Example Setting Access Rights in the Macintosh View
The name Duncan Fraser@Sal@WCTUS matches the Group (*@Sal@WCTUS) and World. The Group is granted See Folders and See Files access, while World is granted Make Changes. Duncan receives See Folders, See Files, and Make Changes rights when the ARL is saved from the Macintosh view.
VFS's first priority is preserving security; its second is preserving the native behavior of the file systems supported, as long as the two do not conflict. Synchronization ensures that file system components receive maximum protection and that modes, locking, attributes, and renaming affect the components consistently.
VFS displays and uses access rights based on the file system view from which the rights were last saved.
Example Preserving Security First
To demonstrate that VFS preserves security first, access rights shown in Table 3-2 are for:
A folder last saved from the Macintosh view Two users (A and B) whose names are on the Extended List
The VINES column shows the rights granted to these users when they access the folder from a DOS or OS/2 workstation. Note that giving a user all the Macintosh privileges does not give the user Control access under VINES. Under the Macintosh file system, only the Owner can change a folder's access rights.
Planning Considerations
Other file system characteristics to consider when planning a file service that supports multiple file systems include:
File modes File and record locking File attributes (including OS/2 Extended Attributes) Renaming of components
Open or Sharing Modes
DOS and Macintosh provide a feature called Open or Sharing Mode, which allows a user to open a file and prevents other users from reading or writing to the file.
File/Record Locking
DOS and Macintosh have a byte-range locking feature. To preserve security, VFS treats the file as locked for all file system views if files are locked from one native file system.
File Attributes
VFS supports the file attributes of DOS and Macintosh file systems. If you copy OS/2 files using the VCOPY command, VCOPY copies the Extended Attributes.
Renaming Directories or Files
If you change the name of a directory or a file from one type of workstation, the name changes at all the other workstations according to the naming rules.
From DOS workstations, avoid renaming any files that begin with an exclamation mark (!). These file names are most likely the truncated DOS equivalents of long (over eight characters) file names created at a Macintosh workstation. The V commands (VDIR, VCOPY, and VRENAME) help you manage file and directory names from a DOS or OS/2 workstation. Use the VDIR command, for example, to look at all the names for a file.
These commands are described in detail in Chapter 5 of this guide, the Command Reference, and the User's Guide for DOS and OS/2.
Example Renaming Files
If you rename a file from a DOS workstation to MYFILE.DOC, the name of this file on a Macintosh desktop and an OS/2 workstation also changes to MYFILE.DOC.
To create a file service, your StreetTalk name must be on the AdminList of both:
The group in which you want to create the service The server on which the file service will reside
From StreetTalk Explorer:
1. Click the New File Service icon or select File, New, File Service.
2. Enter a StreetTalk name for the file service and a description, and click Next.
3. Do one of the following:
- If your network has only one server, the Select a Drive window appears. To continue, go to step 4.
- If your network has more than one server, the Select a Server menu appears. Selecte the server on which you want to add the new service and click Next. The Select a Drive window appears.
4. Select the disk drive the service will use and click Next. The create and Start window appears.
5. To start the service when you create it, click Start After Creation and click Next.
6. Click Manage to manage the new file service. The properties sheet appears. You can change the description or set log levels.
If you make changes, click Apply. Click OK when you finish.
After you create a file service, you should set the ARLs to give users access to the service and create any directories as necessary. See "Setting Up a New File Service" below.
From the System Prompt
1. From a PC on the network, enter MSERVICE at the system prompt. The Manage Services menu appears.
2. Choose ADD a server-based service. The Add A Service screen appears.
3. Enter a StreetTalk name for the file service and a description. You may want to indicate which file systems the service is going to support in the StreetTalk name or in the Description field.
4. Do one of the following:
- If your network has only one server, the Select Type Of Service menu appears. To continue, go to step 5.
- If your network has more than one server, the Select a Server menu appears. Choose the server on which you want to add the new service. The Select Type Of Service menu appears.
5. Choose VINES file service. The Choose Disk screen appears.
6. Choose the disk the service will use. The system prompts you to start the service immediately:
- Choose YES to start the service.
- Choose NO to postpone starting the service.
The system informs you that the service is created.
7. Press ESC. The Manage A Service menu appears.
8. Choose CONTROL the service. The Control A Service menu appears.
9. Choose MANAGE files to begin managing the new file service. The VFILES Main menu appears.
To manage the file service, you must assign it to a network drive. Because you have not yet assigned the newly created service to a network drive, the VFILES program selects an unused network drive and assigns the new service to that drive.
The VFILES Main menu lets you access VFS-related programs, including SETARL, SETDRIVE, SETATTR, REPORT, and the three V commands - VDIR, VCOPY, and VRENAME. In addition, the VFILES program lets you create directories and subdirectories for your users. For more information on the VFILES program, see "Using VFILES" in Chapter 4.
When you create a new file service, you are the Owner of its root directory and have complete access to it. By default, your group has no access and the Extended Access Rights List is empty. You can use the /R:pathname switch with SETDRIVE in user profiles. You must still assign DOS, Windows, and OS/2 users in your group Search and Read access to the root directory to enable them to see their directories.
Macintosh
For Macintosh users, SETDRIVE in user profiles does not have any effect. You must assign Macintosh users See Folders access to the root directory of a file service to enable them to click on the file volume in the Chooser and see their folders in the root directory.
1. After you create the file service, choose MANAGE files from the Control A Service menu. The VFILES Main menu appears. Figure 3-1 shows the VFILES Main menu.
2. Choose Set Access Rights. The Set Access Rights screen appears.
3. Change the access rights to the root directory of the file service so that appropriate users can access the new subdirectories and files. See Managing VINES Security for details.
4. When you finish changing access rights, press ESC to return to the VFILES Main menu.
5. Choose Manage Directories and Files to create directories and subdirectories for your users. See "Creating Directories on File Volumes" in Chapter 4 for more information.
6. After creating the first level of directories, choose Set Access Rights from the VFILES Main Menu to set the access rights for the new directories. The setting of these directories affects any new directories and files created in those directories.
7. After setting access rights on the first level, you can create subdirectories. Do not change the access rights for the subdirectories unless you want the subdirectories and their files to have different access rights than the parent directories.
8. Make the file service available to users by putting SETDRIVE commands in their user profiles. See "Making File Services Available to Users" later in this chapter for more information.
File services do not have any default configuration values. Every file service can support DOS, Windows, OS/2 (FAT only), and Macintosh users. However, you should be aware of the following defaults:
A SharedFiles file service is automatically created when the first server on the network is installed. A default limit of six drives that DOS, Windows, and OS/2 users can set to network file volumes is set. Drive Z is automatically mapped to VINES Files@servername@Servers.
VINES automatically creates one file service when the first server on a network is installed. The service is called:
first-group SharedFiles@first-group@first-org
where the variables first-group and first-org are the group and organization names entered at the server console during installation. This file service is preset to network drive E in the Sample Profile of first-group. Use SETDRIVE in any user profile to change this default.
User Drives and Network Volumes
By default, each user can set six drive letters to network file volumes. Use the PCCONFIG program to change this limit, allowing from 1 to 26 drive letters. This limit includes drive Z. See Managing Workstations for instructions on using PCCONFIG to change this limit.
Unless you specify otherwise, drive Z is set to the volume VINES Files@Servername@Servers for each user. Servername corresponds to the nearest network server with the same software revision as the workstation. Use the SETDRIVE command in user profiles to change this default.
Making File Services Available to Users
Use the SETDRIVE command in a user profile to make a file service available to the user and to map a drive letter to a particular subdirectory in a file volume. SETDRIVE assigns network drives (letters E to Y) to file volumes that are file service names.
In addition, use the SETDRIVE command to ensure that users automatically go to specific directories when they change to a particular network drive. This also ensures that users do not see the root directory of a file volume when they log in.
To assign a user a particular file volume for a particular login session, use either the SETDRIVE command or the SETDRIVE program. This section explains both the command and the program.
Macintosh
Using SETDRIVE in Macintosh user profiles does not affect the file volumes available to them at this time. When Macintosh users log in through the Chooser, they see all the available file volumes in the zone(s) available to them. To restrict their access to file volumes, use the VINES SETARL program from any type of workstation.
The SETDRIVE command has the following syntax:
SETDRIVE [drive service-name] [/R:pathname] [/L] [/X]
Table 3-3 defines the SETDRIVE variables.
You can include the SETDRIVE command in a user profile and include the drive service-name and /R:pathname arguments. The /R: switch works only if the target file volume resides on a server that runs VINES 4.0 or greater. Use appropriate PATH and CD commands in the user profile to ensure user access to the appropriate directories.
Be sure to set appropriate access rights and attributes throughout the network. Details on these security settings are provided in Managing VINES Security.
Example SETDRIVE in a User Profile
The following SETDRIVE command in a user profile lets a user access the \Sales\East\Smith subdirectory each time the user logs in:
setdrive b "sys files@Adm01@servers" /r:\sales\eastsmith
Example SETDRIVE at the System Prompt
To show all current drive mappings, enter:
setdrive /l
To delete a setting between drive T and its file volume, enter:
setdrive t /x
The SETDRIVE menu lets you view current file volume settings and provides access to the file volumes on your network for you and your users.
Macintosh
The SETDRIVE menu is currently available only from DOS, Windows, and OS/2 workstations.
With the SETDRIVE menu, you can:
Look at your current file volume settings Search for file volumes in other groups Set drives to file volumes for your current login session Add new file volume settings Delete unnecessary file volume settings
To set drives to file volumes for every login session, you must put the SETDRIVE command in user profiles.
OS/2
Drives set to file volumes apply globally across all OS/2 screen sessions. However, pathnames are unique to each OS/2 screen session.
1. Display the File Sharing menu by doing one of the following:
- At the system prompt, enter SETDRIVE.
- At the VFILES Main menu, choose Set Drive Mapping.
- At the system prompt, enter VINES. The VINES Main menu appears. Choose File Sharing.
The File Sharing menu appears.
2. Do one of the following:
- Choose SELECT from list below for file volumes in the current group. See "To Assign a Drive to a File Volume in the Current Group" later in this chapter for detailed instructions.
- Choose SEARCH for other volumes for file volumes in other groups. See "To Assign a Drive to a Volume Outside the Current Group" later in this chapter for detailed instructions.
3. Choose a file volume. The Set Drive to Volume menu appears.
Mapping Drives to File Volumes
You use the Set Drive to Volume menu, shown in Figure 3-2, to map drive designations to VINES file volumes. You access the Set Drive to Volume menu through the SETDRIVE program.
From the Set Drive to Volume menu, you can either:
Set a drive to a volume Delete a current drive setting
While the letters A through Z are available to set to any network file volume and directory within that volume, reserve the letters A through D for local file volumes (fixed disks) on DOS, Windows and OS/2 workstations. Reserve the letter Z for VINES Files.
DOS
Up to 26 drive/volume settings can be active at one time. However, for DOS and Windows users, the default setting in the PCCONFIG program for the number of drives set to file volumes is six. If any given user needs more than six settings, use the PCCONFIG program to change this default. See Managing Workstations for instructions.
OS/2
For OS/2 workstations, there is no default configuration. Up to 26 drive/volume settings can be active at one time.
Setting a Drive to a Volume in the Current Group
You can set more than one drive to the same file volume, but you cannot set the same drive to more than one file volume.
You can either assign a drive to a file volume in the group you are currently managing, or assign a drive to a file volume outside the current group.
To Assign a Drive to a File Volume in the Current Group
1. From the File Sharing menu, choose SELECT from list below. See "To Use the SETDRIVE Menu" earlier in this chapter for instructions on accessing the File Sharing menu. The cursor moves to the bottom half of the screen.
2. Choose the file volume. The Set Drive to Volume menu appears.
3. Choose SET drive to volume. The system prompts for the drive letter.
4. Enter the letter of the drive you want to set. The system displays the new setting.
To Assign a Drive to a Volume Outside the Current Group
1. From the File Sharing menu, choose SEARCH for other volumes. See "To Use the SETDRIVE Menu" earlier in this chapter for instructions on accessing the File Sharing menu. The Search for Volumes menu appears.
2. Choose one of the following:
- Volumes in Another Group
- Volumes in an Organization
- Volumes that Match a Pattern
3. Enter the appropriate search information. The procedure for searching for file volumes is the same as searching for any StreetTalk name. When the volume is found, the File Sharing menu appears.
4. Choose SELECT from list below. The cursor moves to the bottom half of the screen.
5. Choose the file volume. The Set Drive to Volume menu appears.
6. Choose SET drive to volume.
Note: If you already set the maximum number of drives, delete an old drive setting first. Use the DELETE function described in the next section.
7. Enter the letter of the drive you want to set. The system displays the new setting.
To Delete a Drive-to-Volume Setting
1. From the File Sharing menu:
- Choose SELECT from list below to choose a file volume in the current group.
- Choose SEARCH for other volumes for a file volume in another group.
2. Choose the file volume. The Set Drive to Volume menu appears.
3. Choose DELETE drive setting.
4. Enter one or more letters to indicate which drives to delete. Separate multiple letters by commas.
5. Press ENTER to delete the drive settings. The SETDRIVE program erases these settings from the screen.
