Previous PageNext Page

Chapter 9 - File Services


Components of File Sharing

The file volume, a storage area on a server disk
Network software in a user's DOS, Windows, or OS/2 workstation that redirects file operations to network file volumes
Software that runs on the server and handles requests to read from and write to files on the server's file volume
Management programs (StreetTalk Explorer, MSERVICE, SETDRIVE, and SETARL) that you use to create, maintain, and protect the file volume on the network

Network File Volumes and Local Disk Drives

Drive Designators

Figure 9-1. Network and Local Drives

File Volume Size

Accessing a Workstation Disk Drive

Using Directories on Network File Volumes

One root (top-level) directory
A number of subdirectories that you create as needed

Example Entering Directory Commands

Example Setting Drive Designators

Figure 9-2. One File with Two Drive Designators

Example Designating the Top-level Directory

OS/2 File System and Extended Attribute Support

Setting Up a Directory Hierarchy

Keep files out of the top-level directory to make your file volumes easier to manage. Put only subdirectories for users, applications, and groups in the top-level directory.
Store the information for a particular project in one file volume and create subdirectories for different kinds of project information.
Set up a file volume for each group on the network. Create subdirectories for users or for document types, depending on how the users in the group work together. Users can create their own subdirectories for different projects, applications, and so on.

File System Naming Rules

DOS and OS/2 standard File Allocation Table (FAT)
Windows 95 and Windows NT long file names (LFN)
Macintosh AppleTalk Filing Protocol (AFP)
UNIX file system

Summary of Naming Rules

Table 9-1. File System Naming Rules

Long File Names (LFN)

, (comma)
; (semicolon)
= (equals sign)
[ ] (square brackets)

Is not 8.3 compliant
Is not all upper case
Contains characters not allowed in an 8.3 name

Case Insensitivity

DOS lets you enter upper-case or lower-case letters. However, DOS converts and then displays any lower-case letters you enter as upper-case letters. For example, if you enter report.doc, DOS displays the name as REPORT.DOC.
Windows NT lets you enter upper-case or lower-case letters and displays them as you entered them. For example, if you enter Report.doc, Windows NT displays the name as Report. doc. However, while Windows NT is case-aware, it is not case-sensitive. You cannot create another file named report.doc
Macintosh also lets you enter file names using upper-case and lower-case letters, but preserves the case that you use. For example, if you enter Report, the file system displays the file name as Report.


Illegal Characters in File Names

Sharing Files with Different Formats

Figure 9-3. File Sharing

Mapping DOS Extensions

How VINES Handles Macintosh (AFP) Names

Example Viewing Macintosh File Names from DOS

DOS and OS/2 Naming Rules

V Commands

VDIR - Displays long and short file and directory names. VDIR works only on VINES file volumes.

VCOPY - Copies files and directories including Macintosh resource forks and data forks and OS/2 extended attributes. VCOPY can also copy access rights lists.

VRENAME - Changes names associated with a file. You can use VRENAME from a DOS, Windows, or OS/2 workstation to change the name of a Macintosh file as seen from a Macintosh workstation.

Performance Considerations

Planning Guidelines

Select a server that is on the same LAN segment as users of the file volume, especially if the applications they use involve a lot of input and output.
Create as few file services as possible. Put application programs in subdirectories rather than starting new file services.
Select a disk that has room for expansion. Estimate the eventual size of the file volume and allow for growth.
Put heavily used services on several disks to balance the load on the server disks. With native VINES, avoid using disk1 if possible, since that disk contains VINES system files and is heavily used.
In a multi-server network, add the file service to a group that the server maintains. The file service should also reside on that server. This way, the service's StreetTalk location information and the service itself are in one place. Chapter 7 explains why a service and a group should be on the same server.
If users access file services over serial lines or over slow-speed dial-in lines, monitor the memory usage on servers where the services reside. You may have to fine tune memory parameters (cache space and cache buffer size) or reconfigure your network to increase throughput between users and file services. For more information, see Monitoring and Optimizing Servers.

File Security Issues

For each directory and file on the network, you can set up an access rights list (ARL) that protects them.
For files on the network, attributes control how users or application programs can access file or directories.

Access Rights Lists (ARLs)


Identifiers that determine who can use a directory or file
Rights associated with each identifier that describe how directories or files can be used


Owner - Every ARL must have an Owner. The Owner of the top-level directory is the user who created the file service. If that user creates subdirectories, the user is also the Owner of the subdirectories. An Owner cannot be a group, organization, or list. An Owner can transfer ownership to another user.

Group - The default is <any group>. You can change this to any StreetTalk group or list. The Group identifier is not restricted to a StreetTalk group, but it is recommended that you enter a StreetTalk group name and avoid entering a list.

World - A user who is not an Owner or a member of Group belongs to World. World is the StreetTalk *@*@* template. This entry cannot be changed.

Extended List Identifier

A user's name
Lists of StreetTalk users
Other StreetTalk groups in your organization
Other StreetTalk organizations on your network

Order of Precedence

1. Owner

2. User name in the extended list

3. Group

4. Groups or lists in the extended list

5. Organizations in the extended list

6. World

Rights Assignable to Directories

Control (C) - Lets a user change the access rights list. Control access does not give the user any other access rights over the directory.

Search (S) - Lets a user search for all file and directory names contained in a directory. Opening a file requires this right. Without Search access users can't do anything with the files and subdirectories contained in a directory.

Read (R) - Lets a user see all the file and directory names contained in the directory. Typically, you use Read access when you want information to be shared and also want to keep it stable.

Write (W) - Lets users with Search access create, change the attributes, delete (provided users also have Delete access), and rename files and directories contained in the directory. Without Search access users can create a drop box, directory where they can put files, but not access them.

Delete (D) - Lets users delete files or directories when combined with Search.

Rights Assigned to Files

Control (C) - Lets a user change the ownership, access rights, and group identifiers.

Execute (E) - Lets a user execute the file, for example, to use the file as a program file.

Read (R) - Lets a user open the file for reading.

Write (W) - Lets a user open the file for writing.

Rights Assigned to New Directories and Files

Access Rights of AdminList and Group Members

How to Set Security

Directories and New Files

Figure 9-4. VINES View of Directory and New Files ARL


Figure 9-5. VINES View of File ARLs

Guidelines for Access Rights

For the strictest security, only a member of an AdminList or Owner of a directory or file should have rights to it. Members of the Group and World identifiers should have no access rights. Members of extended lists should only be users and not lists, groups, or organizations.

When a files service is started, only the Owner and AdminList will have access to its directories and files. Don't change the default.

VINES defaults provide for strict security on files and directories unless you add any names to the extended list or include a large number of names on your AdminList.

For medium security, give Owner all rights and members of the Group identifier all rights except Control (C) and Delete (D) access. Members of the World identifier should have no access rights. Restrict the Group identifier to StreetTalk groups.
For loose security, give Owner and Group all rights. Give the World identifier Search (S) and Read (R) rights. The Group identifier may include lists as well as StreetTalk groups.
To speed the execution of file operations, extended list entries should not be StreetTalk lists that have other lists. "Nested" lists impair performance.


Figure 9-6. ARLs on Payroll File Service

Figure 9-7. ARLs on the Sales File Service

VINES Access Rights Worksheet

Figure 9-8. VINES Access Rights Worksheet

Sharing Files in a Mixed Environment

Macintosh View

Macintosh Privileges

See Folders - Lets a user open a folder and see its contents.

See Files - Lets a user read the files in a folder. Users can open the files for reading, but they cannot make any changes.

Make Changes - If you assign only this privilege, you create a drop box, a folder in which users can put files but cannot access them. If you assign Make Changes and See Files, users can create, delete, rename, and change attributes of files in a folder. The combination of Make Changes and See Folders lets users modify folders.

Sharing Directories

Table 9-2. Access Rights on Shared Directories


Sharing Files

Table 9-3. Access Rights on Shared Files

Inheritance Rules

Macintosh Inheritance Rules

VINES Inheritance Rules

Figure 9-9. Macintosh and VINES Inheritance Rules

Which Rules?

Macintosh Access Rights Worksheet

Figure 9-10. Macintosh Access Rights Worksheet

Blocking the User's View of Access Rights


File and Directory Attributes

Note: Do not confuse file and directory attributes with StreetTalk attributes. StreetTalk attributes are properties of StreetTalk objects. They let you categorize and search for resources with StreetTalk names. File and directory attribute control access to files and directories. Chapter 3 describes StreetTalk attributes.

VINES Attributes

Table 9-4. VINES File Attributes

Table 9-5. DOS File Attributes

Table 9-6. Macintosh File Attributes

VINES Sharing Attribute

Directory Attributes

Table 9-7. VINES Directory Attributes

Table 9-8. DOS Directory Attributes

Table 9-9. Macintosh Folder Attributes

Setting Attributes

Read Only
No Delete
No Rename

Attribute Worksheets

Figure 9-11. File Attribute Worksheet

Figure 9-12. Directory Attribute Worksheet

Providing User Access to File Volumes

Managing File Services

Choosing a Backup Strategy

Routine Tasks

Edit user profiles to provide access to file services.
Create directories as needed.
Set the proper access rights for each directory.
Install new applications on the network and set file attributes for read-only, sharing, and execution.
Monitor how a file service uses disk space.
Direct users to clean up their directories periodically to free up disk space.
Start or stop the file service as needed.
Ensure that backups occur on schedule. Chapter 12 describes backups and contains some worksheets to help you plan doing them.
Move file services from one server to another to provide additional disk space or to increase performance.
Restore data from backup when needed.

Administrator's Check List

Plan the location and naming of the file service. If possible, locate the service on the same server as the group that uses the service.
If your user environment is mixed, select file names that will remain the same in all environments.
Add a file service to the appropriate group and server and start the file service.
Divide the file volume into subdirectories. Set up subdirectories named after each application or user or both.
Set access rights on files and directories as required.
Copy the appropriate application programs and other information from workstations to the proper directories of the file volume.
Set the attributes of any files that require them. For example, mark the programs that are for execution-only.
For each user, use the SETDRIVE command to set a network drive to the appropriate file volume and to set a subdirectory as the top-level directory. Put the command in the user's profile or in the Sample Profile of the user's group.
In each DOS, Windows, or OS/2 user profile, insert a CD (change directory) command that points to appropriate subdirectories on each file volume for that user. Use the PATH command to identify directories that contain executable files the user needs.
Distribute information to users as needed, including names of file volumes, where to find applications, names of directories, and so on.
Determine how backups will get done and track the process as it happens.
Use StreetTalk Explorer, the OPERATE and MSERVICE commands and the server logs to keep track of disk space and file volume usage. On StreetTalk for Windows NT, use the appropriate Windows NT utilities to perform these task. Create new file volumes as the needs of your users change.

Key Terms

Further Reading

Previous PageTop Of PageNext Page