NetWare 6.5 User Rights Listing
I had a hard time finding something that would list what a user has access to in eDirectory. I then found out about trustee.nlm. It is already part of the NetWare system. If you run it, you see:
Syntax:
LOAD TRUSTEE [options] SAVE (ALL | path ) outputFile
LOAD TRUSTEE [options] RESTORE inputFile
LOAD TRUSTEE REMOVE (ALL | path )
LOAD TRUSTEE REMOVENULL (ALL | path )
LOAD TRUSTEE REMOVEINVALID (ALL | path )
LOAD TRUSTEE EFFECTIVE objectName outputFile
LOAD TRUSTEE EFFECTIVEDIR objectName outputFile
LOAD TRUSTEE EXCESSFILE outputFile
LOAD TRUSTEE EXCESSNDS outputFile
Press any key to continue
Anywho, I needed to find effective directory rights, and needed to do it for all users and groups. I couldn’t figure out how to do this just for the users and groups, so I had to come up with my own solution.
From a command prompt on Windoze workstation, I ran:
nlist user » list.txt
nlist group » list.txt
This prints out all the users and groups from the current context into a file. But it also lists with it several other fields that I didn’t need (i.e. Dis, Log, Exp, Min, etc.)
So, awk to the rescue:
awk ‘{print $1}’ list.txt » cleanlist.txt
This grabs the first word in the file which happens to be the object name and outputs it to a new file. I also cleaned up the file afterwards for a few comments that were not needed (using vi).
Now we have the userlist, but we need to prepend and append the right commands and syntax so it should look like this:
trustee effectivedir “cn=BOB.ou=SLC.o=DA1” sys:output.txt
I did this by opening the cleanlist.txt in vi, then:
:g/^/s//trustee effectivedir “cn=/g
and
:g/$/s// sys:output.txt/g
This is a search and replace command in vi. It searches for the first of the line “^” and prepends it with “trustee effectivedir “cn=”
The last command above then searches for the end of line character “$” and appends “sys:output.txt”
It hen does this to every line in the file.
Finally, I’m going to setup a cron script to run monthly that will create the file with all the rights listed. We can then grep the file for specific volumes or directories.
This might be done more easily, but wasn’t able to find anything with Novell’s current tools.
Also, this doesn’t account for any other users/objects added later. I’ll need to find something more dynamic if possible.