Manualshelf

Distributed Name Service (DNS) Management Operations Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
DNS File and Database Security
DNS Management and Operations
31258 Tandem Computers Incorporated 3–9
If the default file names do not meet the requirements of the naming conventions used
at your site, you can easily change them. To do this, use the following command for
each file name you wish to change. This must be done before you enter the
INITIALIZE DNS command:
SET
logical file
, FILE
file name
In the following example, DNS-NAME-FILE is changed to DNSNAME, and DNS-
ALPHA-FILE is changed to $DATA.RNDDNS:
ASSUME DNSFILE
SET DNS-NAME-FILE, FILE DNSNAME
SET DNS-ALPHA-FILE, FILE $DATA.RNDDNS
DNS File and Database
Security
DNS security features let you control who can use the various DNSCOM and
programmatic commands. Each DNS configuration has an owner.
By default, the DNS owner is the ID of the user who executes the INITIALIZE DNS
command for that configuration; or, as in the case of the example in Figure 3-1, it is
otherwise explicitly set by a SET DNSOWNER command. The owner assumes
ownership of the DNS processes and files in the configuration. That person can use
the ALTER DNS command to assign a new owner or change the security of the files.
To determine which users can start the DNS configuration and which can perform
specific commands, the owner uses DNSCOM to set the DNS security attribute. You
specify that attribute as a string of four characters, just as you would in the FUP
SECURE command. However, these four characters have different interpretations
within DNS. The types of permissions allowed for a DNS file are defined below:
XXXX
||||
Read authority ___||||___ Definition authority
Write authority ____||____ Execute authority
A user or an application with read authority can establish a session with a DNS name
manager and give commands that return information about DNS or the database.
Because most DNSCOM commands result in requests to the DNS name manager, a
person who does not have read authority to a configuration cannot do very much with
that configuration.
A user or an application with write authority can add, alter, and delete the definitions
of domains, objects, managers, aliases, composites, and groups.