Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
121122123124125126127128129130
OSF DCE Administration Guide—Core Components
9.3 Managing Host Data
Each host in a DCE cell maintains local data that is essential for operating in a DCE
environment. For instance, each host’s DCE identity relies on certain data items that
specify the host’s host name, cell name, and any cell aliases. Currently, these data items
are stored in a local file called dcelocal/dce_cf.db. These and other data items can be
modified remotely using the DCE control programs hostdata object.
The hostdata object has a much broader application, too; administrators will find it
extremely useful for accessing general data and files on remote hosts using secure and
platform-independent methods. The last part of this chapter examines this powerful
access method.
9.3.1 Permissions for Accessing Host Data
Access control lists (ACLs) prevent unauthorized principals from creating, changing, or
deleting hostdata information. Two types of ACLs protect hostdata information. One
type of ACL protects the container in which the hostdata items reside. A second type
protects each individual hostdata item.
This section shows how to manage ACLs that protect hostdata information. For detailed
information about setting and using ACL protections, see Chapter 28.
9.3.1.1 Permissions for the Hostdata Container
In DCE Version 1.1, the hostdata items reside in a container which is really a backing
storage mechanism maintained by dced. On UNIX systems this is usually a file called
dcelocal/var/dced/Hostdata.db. The file is owned by root and its access via dced is
protected by an ACL. These ACL permissions control who can access the data in the
container. Each DCE host has one hostdata Container ACL with the following name:
/.../cellname/hosts/hostname/config/hostdata
The hostdata Container ACL has the following permissions:
c (control) Modify the Container ACL
r (read) Read the list of hostdata items in the container
i (insert) Create new hostdata items
I (Insert) Although the I permission is present, it does not apply to hostdata items.
The permission applies to server control facilities, which are explained in
Chapter 10.
9 4 Tandem Computers Incorporated 124243