Manualshelf

Distributed Name Service (DNS) Management Operations Manual

ManualsBrandsHP ManualsServerHP NonStop G-Series
41424344454647484950
DNS File and Database Security
DNS Management and Operations
3–10 31258 Tandem Computers Incorporated
A user or an application with execute authority can execute commands that change
the state or configurations of DNS. With execute authority, you can start and stop a
DNS configuration and change the attributes of DNS files and processes.
A user or an application with definition authority can add, alter and delete the
definitions of subsystem-object types, alias types, composite types, and subsystems.
The characters you use to specify security values are the same as for FUP. The owner
specified by O and U is the current DNS owner, and the group specified by G and C is
the DNS owner’s group. The A and N codes denote any user on a node or network.
In the following example, security attribute is changed to CCOO:
ALTER DNS, SECURITY "CCOO"
Suppose that the READ and WRITE authority at this node (\A for this example) is set
to the value of C (any member of the owner’s community). As a result, any member of
the DNS owner’s group within the network can execute inquiry commands against the
DNS configuration (provided that the member has remote passwords that allow him
or her to open the name manager process on node \A).
In this case, members of the owner’s group are said to have read and write authority at
this node. But only the owner can define types and subsystems, change the state or
configuration of DNS, and start or stop DNS.
For more information about these security values, refer to the FUP section of the
Guardian 90 Operating System Utilities Reference Manual or the Guardian 90 Operating
System User’s Guide.
Changing DNS Ownership As mentioned earlier, the Guardian 90 operating system user ID that owns a DNS
configuration is called the DNS owner of that configuration. After the first
INITIALIZE DNS command for a configuration is entered, only the owner can enter
subsequent INITIALIZE DNS commands for a configuration. As the current owner,
you can change ownership to any other user ID. In particular, if you plan to export
name definitions to other nodes, you should ensure that the owner is someone with
remote passwords for the destination nodes.
To change DNS ownership, use the ALTER DNS command. For example, to pass DNS
ownership to the user ID ACCOUNT.SAM, you would first issue the STOP DNS
command to stop the current DNS configuration, then enter:
ALTER DNS, DNSOWNER OPS.SAM