Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
131132133134135136137138139140
DCE Application Administration
This section shows how to manage ACLs that protect server control information. For
detailed information about setting and using ACL protections, see Chapter 28.
10.1.1.3.1 Permissions for the Server Configuration Container
The server configuration information resides in a container. The container, a backing
storage mechanism implemented as a file on UNIX systems, is owned by root and is also
protected by an ACL. These ACL permissions control who can access information in the
container. Each DCE host has one server configuration Container ACL with the
following name:
/.../cellname/hosts/hostname/config/srvrconf
The server configuration Container ACL has the following permissions:
c (control) Modify the Container ACL
r (read) Read configuration information in the container
i (insert) Create new configuration information
I (Insert) Create new configuration information for a server that runs as a
privileged user (for example, as root on a POSIX system). Such
operations also require the i permission.
Use the dcecp acl object to view or modify ACLs. For example, use the following
operation to view the ACL for the server configuration container object on host silver:
dcecp> acl show /.:/hosts/silver/config/srvrconf
{user appl_admin criI}
{unauthenticated r}
{any_other r}
Because /.:/hosts/silver/config/srvrconf is a container, it also has an Initial Container
ACL and an Initial Object ACL. You can operate on these initial ACLs by using the -ic
and -io options to acl operations. Note, however, that because you cannot currently
create child containers under /.:/hosts/hostname/config/srvrconf, the Initial Container
ACL has no effect.
10.1.1.3.2 Permissions for Accessing Server Configuration Information
Each server’s configuration information is protected by its own ACL. These ACLs can
prevent unauthorized principals from creating, reading, changing, or deleting server
configuration information, and from starting, stopping, enabling, and disabling servers.
Each ACL is named for the server configuration information it protects and has a name
like the following:
/.../cellname/hosts/hostname/config/srvrconf/server_name
124243 Tandem Computers Incorporated 105