can't cd in DOS window, but able to access thru explorer
Mike Frost
thread I started so I guess I'm partially responsible), but I'm slightly
stumped:
A group has trustee directory assignments to the root of a volume, plus
two subfolders of the volume (right under the volume root). They have a
drive mapping set up to map to the volume root.
A group member logs on and is able to browse - through Explorer - the
contents of the volume and all subfolders. When they go to a DOS shell,
they are unable to change to any subfolders - gives them an "invalid
directory". Again, their drive mapping is to the root of the volume.
What am I missing here?
Thanks!
Mike
Felton Green
You've not explained how you're mapping, the rights and such, or which
client.
Here is a blurb on the map command:
MAP
Why Use MAP?
Use MAP to
View current drive mappings
Create or change network drive mappings
Create or change search drive mappings
Map a drive to a fake root directory
Map the next available drive
Command Formats
View current drive mappings
MAP [drive:]
Create or change network drive mappings
MAP path MAP drive: = [ drive: | path] MAP [ option] drive:
Create or change search drive mappings
MAP [option] drive: = [drive:path]
Map a drive to a fake root directory
MAP [ROOT] drive:= [drive: | path]
Replace drive with the drive letter mapped to the directory you want to work
with.
Replace path with the directory path you want to work with.
Replace option with one of the command options on the next page.
Include ROOT to map a drive to a fake root directory.
Command Options
Replace option with the appropriate option as explained below.
INS[ert]
Use this option to change search drive mappings.
DEL[ete]
Use this option to delete a default, network, or search drive mapping.
REM[ove]
Use this option to delete a default, network, or search drive mapping.
N[ext]
Use this option to map the next available drive to a specified path. To
execute this option, type
MAP n[ext] path name <Enter>
Additional Information
Some software applications write files to and read files from the root
directory only. Because users do not have rights in the root directory, they
cannot retrieve or write to files they create in those applications. NetWare
v3.x allows users to map a drive to a fake root directory where they have
the rights they need.
Drive mappings are temporary. They are deleted when you log out or turn off
your workstation. Drives mapped to fake root directories are also deleted.
You can save drive mappings---including fake root mappings---in your login
script if you want them to be invoked each time you log in.
If you attempt to map a local drive to a network directory path, a prompt
similar to the following appears on your workstation screen.
Drive B: currently maps to a local disk Do you want to assign it as a
network drive? (Y/N) Y
If you want to assign the drive letter to a network drive, answer "Yes."
View Current Drive Mappings
View All Mappings
Type
MAP <Enter>
You see information similar to the following:
Drive A: maps to a local driveDrive B: maps to a local driveDrive F:=
COUNT/SYS: /HOME/KARENDrive G:= COUNT/SYS: /Drive H:= COUNT/ACCT: /ACCDATA
_____
SEARCH1:=Z:. [COUNT/SYS: /PUBLIC]SEARCH2:=Y:. [COUNT/SYS:
/PUBLIC/WP]SEARCH3:=X:. [COUNT/ACCT: /ACCREC]
View Specific Mappings
To view the mapping of drive F:, specify that drive in the command:
MAP F: <Enter>
You see information similar to the following:
Drive F:= COUNT/SYS: /HOME/KAREN
Create or Change a Drive Mappings
Suppose you are user KAREN on file server COUNT. To create or change a drive
mapping, complete one of the following.
Create a Default Mapping
To map drive G: to your home directory and use it as your default directory,
type
MAP G: = COUNT/SYS:HOME/KAREN <Enter>
Create a Network Mapping
Suppose you want to map a network drive to a directory in which you have
files. To see what network drive letters are available, type
MAP <Enter>
Choose a drive letter that is not being used, such as drive J:. Type
MAP J: = path <Enter>
Replace path with the directory path leading to the files to which you want
network drive J: mapped.
Extend a Mapping
To extend the mapping for drive G: (your default drive) from COUNT/SYS to
COUNT/SYS:HOME/KAREN, type
MAP HOME/KAREN <Enter>
Remap Your Default Drive
Suppose your default drive is mapped as
Drive G: = COUNT/SYS:
You want to remap drive G: as
Drive G: = COUNT/ACCT:ACCDATA
Type
MAP ACCT:ACCDATA <Enter>
Because file server COUNT is your default file server, you do not have to
include COUNT in the MAP command.
Map to another Volume
To map drive M: to the PUBLIC directory in volume SYS on your default file
server COUNT, type
MAP M: = SYS:PUBLIC <Enter>
If file server COUNT is not your default file server, you must include the
file server name in your command:
MAP M: = COUNT/SYS:PUBLIC <Enter>
If another drive, such as drive Z:, is already mapped to COUNT/SYS:PUBLIC,
you can type
MAP M: = Z: <Enter>
Map to Your Default Drive
You can map network drives to the same path as your default drive. Suppose
your default drive is drive G: mapped to volume SYS: on file server COUNT as
follows:
Drive G: = COUNT/SYS:
To map a network drive (for example, drive P:) to the same path as your
default drive (drive G:), change to your default drive and type
MAP P: = G: <Enter>
Delete a Network Drive Mapping
To delete network drive G:, type
MAP DEL G: <Enter>
or
MAP REM G: <Enter>
A message similar to the following appears on your screen, verifying that
the drive has been deleted.
Definition for drive G: has been removed.
Create or Change Search Drive Mappings
You can create, modify, or delete a search drive mapping. Complete one of
the following.
Create a Search Drive Mapping
Suppose you are user TERRY and your search drives appear as follows:
SEARCH1:=Z:. [COUNT/SYS: /PUBLIC]SEARCH2:=Y:. [COUNT/SYS: /PUBLIC/WP]
The next available search drive is SEARCH3 (S3). To map a search drive to
directory ACCREC on volume ACCT:, type
MAP S3: = COUNT/ACCT:ACCREC <Enter>
When you type MAP again, you see that the new search drive mapping has been
added:
SEARCH1:=Z:. [COUNT/SYS: /PUBLIC]SEARCH2:=Y:. [COUNT/SYS:
/PUBLIC/WP]SEARCH3:=X:. [COUNT/ACCT: /ACCREC]
Change a Search Drive Mapping
Suppose that you want to remap search drive 3 so that instead of searching
drive X: mapped to COUNT/ACCT:ACCREC, search drive 3 searches the next
available drive letter mapped to COUNT/SYS:HOME/TERRY.
To remap search drive 3 in this way, use one of the following commands:
MAP S3: = COUNT/SYS:HOME/TERRY <Enter>
or
MAP INS S3: = COUNT/SYS:HOME/TERRY <Enter>
The first command converts drive X: to a regular network drive and reassigns
search drive 3 to the next available drive letter (in this case, drive W:)
mapped to COUNT/SYS:HOME/TERRY:
Drive X:= COUNT/ACCT: /ACCREC _____
SEARCH1:=Z:. [COUNT/SYS: /PUBLIC]SEARCH2:=Y:. [COUNT/SYS:
/PUBLIC/WP]SEARCH3:=W:. [COUNT/SYS: /HOME/TERRY]
The second command reassigns drive X: from search drive 3 to search drive 4,
leaving search drive 3 temporarily vacant. Then the command inserts the next
available drive (in this case, drive W:) mapped to COUNT/SYS:HOME/TERRY into
the vacancy:
SEARCH1:=Z:. [COUNT/SYS: /PUBLIC]SEARCH2:=Y:. [COUNT/SYS:
/PUBLIC/WP]SEARCH3:=W:. [COUNT/SYS: /HOME/TERRY]SEARCH4:=X:. [COUNT/ACCT:
/ACCREC]
Delete a Search Drive Mapping
To delete search drive 3, type
MAP DEL S3: <Enter>
or
MAP REM S3: <Enter>
A message similar to the following appears on your screen, verifying that
the drive has been deleted:
Mapping for SEARCH3: has been deleted.
Map a Drive to a Fake Root Directory
Some applications read files from and write files to the root directory.
Since you do not want users working at the root level, you can map a drive
to a fake root directory where the user has rights.
NOTE: Fake roots only work with the NetWare 386 v3.0 version of NETX.COM If
you are using older NetWare versions, you cannot create fake roots.
Map to Your Default Drive
Suppose you are user TERRY on file server COUNT and your default drive is
mapped as follows:
F: = COUNT/SYS:HOME/TERRY <Enter>
You need access to the root directory to run one of your applications. Since
you don't have rights to the root directory, map a fake root to TERRY where
you do have all rights. Type
MAP ROOT F: = HOME/TERRY <Enter>
The default file server and volume are COUNT/SYS:, so you don't need to
include them in the command.
To delete a fake root, type
MAP ROOT F: <Enter>
When you type MAP, you see a double space and slash after TERRY, indicating
that the root directory for drive F: is now TERRY:
F:=COUNT/SYS:HOME/TERRY /
Change to subdirectory FILES in directory TERRY to see more clearly how to
identify the fake root.
F:=COUNT/SYS:HOME/TERRY /FILES
NOTE: From a fake root, you cannot use the CD command to return to the
original root. To change the fake root back to the original root, remap the
drive.
Map to another File Server
Suppose you are attached to file servers COUNT and MKTG. Your default server
is COUNT, but you need to create a fake root directory on server MKTG so you
can use accounting applications. Your drive mapping to accounting
applications on server MKTG is as follows:
H: = MKTG/SYS:ACCT/TERRY
From any drive on server COUNT, type
MAP ROOT H: = MKTG/SYS:ACCT/TERRY <Enter>
Change to server MKTG and type MAP. You see the following.
H:=MKTG/SYS:ACCT/TERRY /
Map to a New Directory
Suppose you are attached to file servers COUNT and MKTG. Your default server
is COUNT, but you want to map a fake root to directory ACCT on file server
MKTG. From any drive on server COUNT, type
MAP ROOT H: = MKTG/SYS:ACCT <Enter>
The fake root directory of drive H: on server MKTG is now ACCT. Type
MAP H:=MKTG/SYS:ACCT / <Enter>
The double space and slash after ACCT indicate that ACCT is the root
directory for drive H:. If you change to subdirectory TERRY, you see
H:=MKTG/SYS:ACCT /TERRY
Rights Security
Rights security controls which directories, subdirectories, and files a user
can access and what the user is allowed to do with them.
Rights security is controlled by trustee assignments and by the Inherited
Rights Mask.
Trustee assignments grant rights to specific users (or groups) that specify
how they can use a file or directory (for example, only for reading).
A trustee assignment grants users the right to see to the root of a
directory. However, the users can't see any subdirectories unless they have
rights to the subdirectories.
Inherited Rights Masks are given to files and directories when they are
created.
The only rights the user can "inherit" for a file or subdirectory are rights
that are allowed by the Inherited Rights Mask.
The default Inherited Rights Mask includes all rights. But this does not
mean that users have all rights; users have only the rights granted in their
trustee assignments.
For example, if a user is granted the Read right with a directory trustee
assignment, the right to read files in a subdirectory could be revoked by
having the Read right removed from the subdirectory's Inherited Rights Mask.
Trustee Rights
Trustee assignments and Inherited Rights Masks use the same eight trustee
rights to control access.
Each right is represented by its initial. NetWare utilities display the
initial letters of these rights between brackets, as shown below.
[S R W C E M F A]
By convention, if some rights have either been revoked or have not been
assigned, the absence is indicated by a blank space:
[ R F ]
The meaning and effect of each right depends on whether the right is
assigned to a file or a directory.
Each right is defined twice below, once in "Directory Rights" and again in
"File Rights."
Directory rights control general access to a directory, its files, and its
subdirectories. When granted at the directory level, the rights apply to all
the files and subdirectories in that directory unless redefined at the file
or subdirectory level.
To grant or modify a directory trustee assignment, use "FILER"; "GRANT";
"REMOVE"; "REVOKE"; "SYSCON" (Utilities Reference).
To modify a directory's Inherited Rights Mask, use "ALLOW"; "FILER"
(Utilities Reference).
File rights control access to specific files in a directory. They are used
to redefine the rights that users inherit from directory rights.
To grant or modify file trustee assignments, use "FILER"; "GRANT"; "REMOVE";
"REVOKE"; "SYSCON" (Utilities Reference).
To modify the file's Inherited Rights Mask, use "ALLOW"; "FILER" (Utilities
Reference).
Effective Rights
Effective rights are the rights a user can exercise in a given directory or
file. To determine a user's effective rights, you must know
What rights were granted in the trustee assignments for the user;
What rights were granted in the trustee assignments for any groups the user
belongs to;
What rights were revoked with Inherited Rights Masks.
To view effective rights, use "FILER"; "RIGHTS"; "WHOAMI" (Utilities
Reference).
The following examples explain how effective rights are determined for a
directory and a file. In the diagrams, Inherited Rights Mask is abbreviated
to IRM and trustee assignment to TA.
Directory effective rights. In directories, effective rights are determined
by one of two methods:
Calculating the effective rights to the parent directory and then
determining which rights the Inherited Rights Mask allows to filter through.
Granting a user a trustee assignment to a directory.
In a directory, trustee assignments override the directory's Inherited
Rights Mask. If trustee assignments are granted, a user's effective rights
are determined solely by the trustee assignments (user plus group trustee
assignments).
File effective rights are determined in nearly the same way as subdirectory
effective rights:
By calculating the effective rights to the directory and then determining
which rights the file's Inherited Rights Mask allows to filter through
By granting a user a trustee assignment to the file
By determining the user's effective rights to the parent directory
Assigning Rights
You can grant any combination of rights, although some combinations are not
useful. For example,
You can grant a user the Supervisory right in a directory and revoke all
other rights. However, that user still has all rights to the directory.
You can grant a user only Read and File Scan rights in a directory for an
application that creates temporary files when accessed. This user cannot
work because the Create, Erase, and Modify rights have not been granted.
You need to grant rights carefully. If you grant users more rights than they
need, they can delete, corrupt, or steal data. If you grant them too few
rights, they cannot do the work assigned to them.
When you assign rights to application directories, check the application
documentation. If possible, separate the files that users create when they
use the application from the executable files for the application.
Normally, users need only R and F rights to directories with executable
files, while they need R, F, C, E, and M rights to directories in which they
create files.
If a search drive is mapped to applications directories, the users can
access the applications from another directory in which they have the
additional rights they need to create files.
--
Felton Green (SysOp)
Novell Support Connection
Brainshare is coming!
Brainshare is coming!
Will you be there?
"Mike Frost" <mfr...@sscinc.com> wrote in message
news:3A0C445C...@sscinc.com...
Mike Frost
Here are some additional details:
The mappings are part of the System Login Script which specifies mappings for
specific groups, so no manual mappings. They are using Client 32 on 95
workstations.
In terms of "rights and such", they have trustee rights to the root of the
volume (as I had explained previous).
I just can't figure out why there arent able to change to a subdirectory in a
DOS window, but they can browse the folders from Explorer.
Mike
Felton Green
Try giving that particular group the rights to the directory and see what
happens.
Have you run bindfix?
Dave Kearns-NSCV
-dave
Mike Frost
No. And they do have trustee rights to the subdirs they are trying to get
into. I'm trying a few other things now to see if I can figure this out.
Mike
Dave Kearns-NSCV
>
> No. And they do have trustee rights to the subdirs they are
> trying to get into.
>
"no" you're not trying the write short name, or "no" you didn't think
of that or ?????
-dave
Mike Frost
workstation to see if it happens there as well, and it didn't, so I went back
to my 98 laptop and it works there now too. And the users are working as
well.
I hate these kinds of "it seems to have fixed itself" problems. Makes me
nervous.
Mike
Mike Frost wrote:
> Dave,
>
> No. And they do have trustee rights to the subdirs they are trying to get
> into. I'm trying a few other things now to see if I can figure this out.
>
> Mike
>
> Dave Kearns-NSCV wrote:
>
> > Are they using the correct "short form" of a long directory name?
> >
> > -dave
> >
> > "Mike Frost" <mfr...@sscinc.com> wrote in message
Mike Frost
work on this box.
Dave Kearns-NSCV wrote:
> "Mike Frost" <mfr...@sscinc.com> wrote in message
> news:3A0C5F74...@sscinc.com...
> >
> > No. And they do have trustee rights to the subdirs they are
> > trying to get into.
> >
>
Felton Green
I would check the disk for surface defects.... and get a good verified
backup as soon as possible.
--
Felton Green (SysOp)
Novell Support Connection
Brainshare is coming
Brainshare is coming!
Do you plan on going?
Dave Kearns-NSCV
longer than 8 characters.....
-dave
"Mike Frost" <mfr...@sscinc.com> wrote in message
news:3A0C7B16...@sscinc.com...
Mike
directories had fewer than 8 characters, and the problem "fixed itself"
( . . cringe . . ).
Mike
Mike
A migration of our 3.x boxes to 4.2 is in the works, and full backups are
always done. These machines are old (the logs go back to 1994), so it's
about time.
Mike
Felton Green
Are talking backup logs on the machine? I'd delete them if I were you so
that the space used can be freed up.
Felton Green
"Fixed" itself. I just love those kind of problems. <lyng mode off>
LFN should work. What process did you go through to test it?