mailing list archives
Re: Bypassing Inherited Rights Filters in Novell Directory Services.
From: Bob Fiero <bfiero () MENTALFLOSS NET>
Date: Sun, 10 Sep 2000 13:10:23 -0400
At 07:24 PM 9/7/2000 -0700, you wrote:
Here's an example. An administrator, .BOB.ACME, has Supervisor [S] rights to
the .ACME container. There is a container, .SECRET.ACME, which BOB should not
have any access to.
If you understood NDS sufficiently, you wouldn't give Bob [S] rights to a
container where you need to keep him from objects under that container.
Regardless of what you do, Bob has [S] rights that you granted him, and
those rights can be applied...as in giving himself or any other user access
to objects within that container. How is that a bug?
Not that I know NDS inside and out or anything...but give [W] Write rights
(or any other rights), you can take them away further down the tree...Give
[S] rights, that gives a user the ability to change rights on objects
within that container. I don't see this as a bug, but perhaps as a
mis-understanding of how NDS works.
The single most effective thing you can do to protect yourself on the
Internet...Never use Microsoft products or protocols.
Increase your Win98 system speed, stability, and security. Remove IE.