We have several OES2 SP2 Linux Servers with NSS Volumes.

I need my users to prevent from browsing through filesystem and copying files to their homedrives, etc..

but they need to have read rights to that files (executable program files, f.e.).

If I give them "r" (read) right and no "f" (filescan), they cannot access the executables anymore, even if the startup links posts to the right file.
Also a .cmd file in the loginscript cannot be executed anymore without filescan right

It doesn't matter if using mapped drives or UNC paths.

So is it not possible to grant read rights without filescan ??