T 3.26 Inadvertent sharing of the file system

Novell Netware Version 4 distinguishes between object access rights and file access rights. Object access rights imply all rights to create, to modify, to view and to delete objects within the NDS. File access rights imply reading, writing, deletion etc. of files and directories. The NDS object "Server" acts as the sole interface between the object system and file system.

For this reason, every user registered as a supervisor for a server object also gets supervisor-rights for the entire, related file system, because the supervisor attribute cannot be filtered by an IRF (inherited rights filter). As a result, the user might inadvertently gain access to confidential data.