Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Implementation of HPFS386 Drive Level Access Control Lists

IP.com Disclosure Number: IPCOM000105819D
Original Publication Date: 1993-Sep-01
Included in the Prior Art Database: 2005-Mar-20
Document File: 2 page(s) / 75K

Publishing Venue

IBM

Related People

Lillie, BT: AUTHOR [+2]

Abstract

Drive level Access Control Lists (ACLs) were not designed into HPFS386. Therefore, this function was absent for HPFS386 drives. This discloses an implementation that IBM LAN Server 2.0, Advanced Server package, uses to provide drive level ACLs for HPFS386 drives.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Implementation of HPFS386 Drive Level Access Control Lists

      Drive level Access Control Lists (ACLs) were not designed into
HPFS386.  Therefore, this function was absent for HPFS386 drives.
This discloses an implementation that IBM LAN Server 2.0, Advanced
Server package, uses to provide drive level ACLs for HPFS386 drives.

      IBM LAN Server 1.2 and 1.3 uses Access Control Lists (ACLs) to
control access to resources.  An ACL is a list of the users and
groups that may access a resource, along with the permissions those
users and groups have to the resource.  An ACL also contains the type
of auditing that should be done when that resource is accessed.  ACLs
and user and group IDs are stored in the User Accounts Subsystem
(UAS) database file named NET.ACC.  ACLs can be created for files,
directories, and drives.  A drive ACL gets used as the "default"
permission for any directory or file on that drive that does not have
its own ACL.  Thus, drive ACLs make access control administration
less cumbersome.  When the LAN administrator wants like access to all
subdirectories of a drive, the administrator needs only to manipulate
one ACL (the drive ACL), and not many ACLs (one for each
subdirectory).  ACLs are manipulated through the NetAccess API, which
is a part of NETAPI.DLL.

      The IBM LAN Server 2.0 Advanced Server package includes a
module (HPFS386) that is both a filesystem and file server.  HPFS386
ACLs are not stored in the NET.ACC file.  ACLs on HPFS386 files and
directories are stored within the filesystem as structures on disk
associated with the file or directory.  HPFS386 originated from
Microsoft and is part of Microsoft's LAN Manager 2.0 product.  The
original design of HPFS386 did not include the drive ACL concept and
therefore drive ACLs could not be created for HPFS386 drives.  A
scheme of providing drive ACLs for HFPS386 drives needed to be
invented so that IBM LAN Server 2.0 could still provide the drive ACL...