Environment
Novell Open Enterprise Server 11 (OES11)
Domain Services for Window
DSFW
Domain Services for Window
DSFW
Situation
Example of OES11 file system rights to the sysvol.
If
Run the command getfacl - R /var/opt/novell/xad/sysvol
If
Run the command getfacl - R /var/opt/novell/xad/sysvol
Resolution
Run the command getfacl - R /var/opt/novell/xad/sysvol to see the ACLs for sysvol recursively
# file: var/opt/novell/xad/sysvol
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/staging areas
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/scripts
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/scripts/Default User
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies
# owner: administrator
# group: domain\040admins
# flags: --t
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/gpt.ini
# owner: administrator
# group: domain\040admins
user::rw-
group::r-x #effective:r--
group:domain\040admins:rwx #effective:rw-
group:domain\040users:r-x #effective:r--
group:domain\040computers:r-x #effective:r--
group:group\040policy\040creator\040owners:rwx #effective:rw-
mask::rw-
other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
# file: var/opt/novell/xad/sysvol/staging
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/sysvol
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/staging areas
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/scripts
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/scripts/Default User
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies
# owner: administrator
# group: domain\040admins
# flags: --t
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/gpt.ini
# owner: administrator
# group: domain\040admins
user::rw-
group::r-x #effective:r--
group:domain\040admins:rwx #effective:rw-
group:domain\040users:r-x #effective:r--
group:domain\040computers:r-x #effective:r--
group:group\040policy\040creator\040owners:rwx #effective:rw-
mask::rw-
other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/USER
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/domain/Policies/{31B2F340-016D-11D2-945F-00C04FB984F9}/MACHINE/Microsoft/Windows NT/SecEdit/GptTmpl.inf
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
# file: var/opt/novell/xad/sysvol/staging
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---
# file: var/opt/novell/xad/sysvol/sysvol
# owner: administrator
# group: domain\040admins
user::rwx
group::r-x
group:domain\040admins:rwx
group:domain\040users:r-x
group:domain\040computers:r-x
group:group\040policy\040creator\040owners:rwx
mask::rwx
other::---
default:user::rwx
default:group::r-x
default:group:domain\040admins:rwx
default:group:domain\040users:r-x
default:group:domain\040computers:r-x
default:group:group\040policy\040creator\040owners:rwx
default:mask::rwx
default:other::---