The user IDs, group IDs, and passwords for all users within a server's domain are stored in a user accounts database (NET.ACC) on the server. On a LAN Server-Entry workstation with either the FAT or HPFS file system, the access control profile information is stored in the NET.ACC file. On a LAN Server-Advanced workstation with the 386 HPFS installed, the access control profiles for the 386 HPFS files and directories are stored within the file system. This means:
o
The access control profiles for all other resources (for example, FAT files, print spooler queues, and serial device queues) and drive-level access control profiles for 386 HPFS drives are stored in the NET.ACC file. Up to 8192 access control profiles can be stored in the NET.ACC file. A 386 HPFS workstation stores an unlimited number of access control profiles for directories and files residing on the 386 HPFS drives.
The access control list consists of different entries, called Access Control Entries (ACE). For every access restriction of an ID you can find an entry. The entry consists of the user ID or the group and the permission. The entries are created when an access profile is crested for a special file or directory. Each ACE is sometimes called as Access Control Profile (ACP).
Inherited Access Control
For files aliases, an access control profile usually must be created before users can use this resource. However, an access control profile is inherited automatically if the files resource is either created remotely or resides on an HPFS drive and the 386 HPFS is installed on the server.
When you create a directory either locally or remotely on a 386 HPFS server, the newly created directory inherits the access control profile information of the parent directory. Because of the way the file allocation table (FAT) works, you can inherit only a remotely created directory's access control profile on a FAT file server. You must have access to the access control profile on the server to be able to inherit it. You must be logged on with an ID that is allowed access to the parent access control profile. If successful, a new profile is created with the same permissions as the parent of the new directory.
Effects Of Renaming Or Deleting Directories
If you rename a directory, you must manually delete and recreate any access control profiles for subdirectories under the directory. Renaming a directory does not automatically update access control profiles for the subdirectories. This only applies to HPFS or FAT file systems. The 386 HPFS access control profiles remain with the renamed directory.
If you delete a directory on a local drive, the associated access control profile is not deleted. However, if you delete a directory on a local 386 HPFS drive, the access control profile is deleted. If you delete the directory of a redirected drive, the access control profile is always deleted, whether it is on a local 386 HPFS drive or not. Check the list of access control profiles on each server periodically, and delete those that have no existing files resource.
Backing Up Access Control Information
Access control information cannot be copied when backing up systems to tape because the ACL (access control list) is now in the file node. It is recommended that the BACKACC utility is used to back up the ACLs in 386 HPFS into a file and then backup the whole disk using the tape backup program.