Re: Bypassing Inherited Rights Filters in Novell Directory Services.

[Bob Fiero <bfiero () MENTALFLOSS NET>]

At 07:24 PM 9/7/2000 -0700, you wrote:
> Here's an example. An administrator, .BOB.ACME, has Supervisor [S] rights to
> the .ACME container. There is a container, .SECRET.ACME, which BOB should not
> have any access to.

If you understood NDS sufficiently, you wouldn't give Bob [S] rights to a
container where you need to keep him from objects under that container.
Regardless of what you do, Bob has [S] rights that you granted him, and
those rights can be applied...as in giving himself or any other user access
to objects within that container. How is that a bug?

Not that I know NDS inside and out or anything...but give [W] Write rights
(or any other rights), you can take them away further down the tree...Give
[S] rights, that gives a user the ability to change rights on objects
within that container. I don't see this as a bug, but perhaps as a
mis-understanding of how NDS works.

---

The single most effective thing you can do to protect yourself on the
Internet...Never use Microsoft products or protocols.

Increase your Win98 system speed, stability, and security. Remove IE.
http://www.98lite.net