FSTrust

Version PK-2.02
(Nov 22, 1998)


 DISCLAIMER:
     THIS  PRODUCT  IS  SUPPLIED  "AS  IS".  DREAMLAN 
     DISCLAIMS ALL WARRANTIES,  EXPRESSED OR IMPLIED,
     INCLUDING, WITHOUT  LIMITATION,  THE  WARRANTIES
     OF  MERCHANTABILITY   AND  OF  FITNESS  FOR  ANY
     PURPOSE.  DREAMLAN   ASSUMES  NO  LIABILITY  FOR
     DAMAGES,  DIRECT  OR  CONSEQUENTIAL,  WHICH  MAY
     RESULT FROM THE USE OF THIS PRODUCT.

Introduction

FSTrust is comprised to two programs: gTRUSTEE and pTRUSTEE. The gTRUSTEE program retrieves file and directory trustee information from either a bindery (NetWare 3.1x) server or NDS (NetWare 4.x and 5.x) server and stores the information into an ASCII text file. Under NetWare 4/5, each server has its own set of user object ID for a given NDS user object. For example, for NDS user object Peter, on Server A the object ID may be 012345 while on Server B, the same NDS object may have an object ID of 892345. Therefore, if you backup the file system trustee information using object ID instead of object name, you could lose the file system trustee information if you restore a file after an NDS reinstall. Therefore, to overcome this problem, gTRUSTEE stores the information using full NDS names.

pTRUSTEE is the tool that puts the file system trustee information back onto the server volumes.

Four immediate application of FSTrust comes to mind:

  1. If your backup software is not NetWare aware, file and directory trustee information (as well as NDS data) are not backed up. You can use FSTrust to backup and restore file system trustee data.
  2. If you need to move a directory structure from one volume to another or from one server to another. You can simply NCOPY the data over and use FSTrust to quickly reassign the file system trustees.
  3. Use FSTrust (gTRUSTEE specifically) to document your current file system trustee assignment. Since the generated data file is in a fixed format, you can choose to import them into a database or other applications to generate reports.
  4. You can use the generated data file to change file and directory trustee assignments off-line, before doing the update enmass. You can also use it as a tool to standardize trustee assignments across your network.

gTRUSTEE can also be used to gather file system trustee information from NetWare 3.1x servers using bindery access mode. This is useful if you are migrating data from a 3.1x environment to NDS.

Although designed with NetWare 4/5/NDS in mind, but now with v1.24 and higher, you can also restore the trustee and ownership information back to a 3.1x server!


What's New


Notes

  1. 1. When running gTRUSTEE in the bindery mode, if you also have NDS attachments active, the program may get confused and not able to locate the file and directory trustee information correctly. In such case, log out from the NDS tree. (This seem to have been addressed by v1.01).

  2. File and directory trustee information are gathered. Starting with version 1.04, FSTrust also extract and restore Inherited Rights Mask/Filter (IRM/IRF) and file ownerships.

  3. When gathering file system trustee information from a NetWare 4 server using the bindery mode, all none user objects are recorded as [Unknown] users. These assignments are not restored by pTRUSTEE.

    When gathering file system trustee information from a NetWare 4 server and if gTRUSTEE can not resolve a userid to NDS name (perhaps due to invalid object id), the trustee name is recorded as [Unknown]. This entry is not restored by pTRUSTEE (much like the bindery mode case above).

  4. To use the bindery/migration options, make sure you have set the proper bindery context on the server to which the target volume is attached.

  5. There are times when a workstaion is attached to multiple NetWare 4/5 servers (more than 2?), and you are running gTRSUTEE from a local drive, gTRUSTEE may not see the files and any subdirectories under the path you specified. Version 1.01 seems to have been addressed the issue, but it has not been widely tested yet. Therefore, if you do encounter this problem, one workaround is to make the target volume your current working directory and gTRUSTEE will work just fine.

  6. In order for gTRUSTEE to correctly extract the NDS names with the proper context information, the utility (internally) switch context to [Root]. If you do not have a copy of [Root] locally, the utility may take longer to run.

  7. When restoring the trustee assignment under bindery/migration mode using pTRUSTEE, make sure your workstation is in the proper context in which the "old bindery" user objects exist.

  8. The maximum number of characters for a directory/file path and NDS object name is 256 characters. In practice, this is a rare limit to reach. However, you should be aware of it in case you notice a name got truncated.

  9. The bindery Supervisor object id is handled separately and differently; it is recorded as [Supervisor][BIN] in the TRUSTEE.DAT file.

    The NDS [Public] object is handled separately and differently as well. It is recorded as [Public][NDS] in the TRUSTEE.DAT file.

  10. When using the -N option, an alias is not dereferenced into the original object name while searching.

  11. When using the -N option, make sure you specify the fully path for the NDS name since gTRUSTEE changes context to [Root]. The name does not need to include CN= and OU= etc. Partial naming rule is accepted.

  12. The directory/file search routine used is not the fastest one around, as it does not use NetWare API to do that. Just haven't the time to polish that up yet. However, it is sufficiently fast. A quick, simple, benchmark shows that, from a 486SX25 workstation (over 10Mbps Ethernet), gTRUSTEE can scan a volume with about 160 directoies and 3,000 files in about 3 minutes.

  13. When the -A (append) option is used, all (output) datafiles are appended to with the new data.

  14. If you specify -X twice on the command-line, you could disable scanning both files and directories. No check is made here to prevent you from doing it.


Installation

No special installation steps or program need to be used. Simply copy gTRUSTEE and pTRUSTEE to SYS:PUBLIC of your servers. You must have the Unicode files for the country code and code page that your workstation use available in the the respective NLS directories, for example, SYS:PUBLIC\NLS.

If you choose to place the FSTrust files in a different directory, you may need a search map to SYS:PUBLIC\NLS in order for the application to find the Unicode files.


Usage

gTRUSTEE:

gTRUSTEE is a command-line based utility. Therefore, you need to supply the necessary options when invoking the utility. The syntax for using gTRUSTEE is:

gTRUSTEE -dh? -v volname -p dirpath -s server [-n objname] [-raioZ] [-X F|D]

where (none of the parameters are case sensitive)

File and directory trustee data is stored in a data file called TRUSTEE.DAT; if the bindery mode is enabled, the data file is called the same name.

Examples

gTRUSTEE -s Server1

will get the trustee info of SYS:PUBLIC on Server1 and save to file TRUSTEE.DAT.

gTRUSTEE -s Server2 -p TEST -v DATA

will get the trustee info of DATA:TEST on Server2 and save the data to TRUSTEE.DAT.

Special gTRUSTEE Options

Pressing the ESC key any time will abort the program. This is useful if you started scan on a large volume and wish to abort.

pTRUSTEE:

pTRUSTEE is a command-line based utility. Therefore, you need to supply the necessary options when invoking the utility. The syntax for using pTRUSTEE is:

pTRUSTEE -h?3bio -s server [-t] [-r] [-a]

where

Example

pTRUSTEE -s Server1

Restores the trustee info from file TRUSTEE.DAT to Server1. Server1 here is assumed to be a NetWare 4 server. Note that the volume and directory information is already in the data file.

pTRUSTEE -s Server2 -b -3

Restores the trustee info from file TRUSTEE.DAT to Server2, where Server2 is a NetWare 3.1x server.

Special pTRUSTEE Options

Pressing the ESC key any time will abort the program. This is useful if you started update a large volume and wish to abort.


Configuration

Special Notes About the TRUSTEE.DAT and OWNER.IRM Files

  1. As you noticed from just looking at the TRUSTEE.DAT file, the syntax is pretty straightforward. You can easily add or remove trustee assignments by modifying the file. However, please make sure you follow the EXACT syntax as you see. Each entry is made up of FOUR (4) lines.

    It is important to identify on the second line if the entry is a file (F) or a directory (D).

    The identifier on the third line is not currently used, but may be used in the future to indicate if the object named is a user, group, or other NDS object types. The rights on the fourth (and last) line can be specified in any order.
  2. When extracting information using the bindery mode (-b option in gTRUSTEE), a [U] is associated with an user object name and a [G] is associated with a group object name. Since NetWare 3.1x only allows either a user or a group to be trustees, no other object types are supported in the bindery mode of gTRUSTEE.
  3. You can include a very special keyword in the TRUSTEE.DAT file called [K]Create_Directory

    Normally when a file/directory does not exist on the target volume, trustee assignments can not be made. With the use of the above keyword flag near the top of the TRUSTEE.DAT file, missing directories will be created and trustee assignments made. However, missing files will not be created.

    This keyword must be entered into the TRUSTEE.DAT file manually and it MUST appear as above (case-dependent).

    You should not edit any lines above the "Please do not edit this file..." unless you understand the consequence.

The same holds true for the OWNER.IRM file.


Registration

Two variations of FSTrust are available. The version included here is a Freeware version. This version will not do the following:

  1. It will not scan for file trustee assignments.
  2. It will not generate a report file.
  3. It will not report an NDS object's file system assignments.
  4. It will not support bindery/migration mode.
  5. It will not create missing directories.
  6. It will not clear trustee assignments.
  7. It will not abort from the pressing of ESC key.
  8. It will not scan for IRM.
  9. There is no technical support for the Freeware version.

You are granted an unlimited usage at no cost. However, you are not allowed to sell or package this utility as part of another software package or service contract. Bottom line: you can not make money using this Freeware version. All standard Freeware limitation applies.

Should you find the need, a registered verison is available by registering on-line through the following Web sites:

The NDS tree name is required as it is used to generate a key. The registration cost is $99 US. Canadian registration is $135 CDN plus GST. All other countries, please remit in US funds.

You can also FAX a company Purchase Order or credit card information to +1 (905) 887-3836. Please make sure you either include your tree name information on the FAX or send a follow up email.

This will be a NETWORK license, limited to ONE NDS TREE. This license does not permit you to include it as part of another software package or service contract. Reseller inquiries welcome. Special site agreements for multiple trees is available.


Other Information

FSTrust is written in C using Microsoft C optimizing compiler and Novell's SDK. Some string manipulating routines are from the CXL library.

Inclusion of this utility on CD-ROMs (except for backup purposes) without permission from DreamLAN Network Consulting Ltd. is expressly prohibited.


Revision History