OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

211

212

213

214

215

216

217

218

219

220

OSF DCE Administration Guide—Core Components

ACL management software on that system examines the ACL entries that are associated

with the principal name that represents the clerk or server. The software then grants or

denies the operation, based on the permissions granted to the requesting principal in the

ACL entries.

The DCE control program (dcecp) provides commands that add, modify, copy, delete,

and display ACLs that are associated with CDS names, clerks, and servers. See the OSF

DCE Administration Reference for detailed information on the commands. The

remainder of this chapter describes DCE authorization as it applies speciﬁcally to

CDS. Before you try to create or modify permissions to CDS names, clerks, or

servers, read Part 6 of this guide for complete information on the DCE

authorization mechanism.

16.2 ACL Types Supported by CDS

CDS supports the following DCE ACL types:

• Object ACL—You can use the Object ACL type to grant permissions to any CDS

name (that is, object entries, soft links, child pointers, clearinghouses, and

directories), as well as to CDS clerks and servers. When associated with a CDS

directory, the permissions you grant with the Object ACL type apply only to the

directory itself, not to the directory’s contents or to any child directories.

• Initial Object Creation ACL—The Initial Object Creation ACL type applies only to

CDS directory names. Use this ACL type to grant permissions speciﬁcally to a

directory’s future contents, including soft links, application-deﬁned object entries,

child pointers, and clearinghouse object entries. The permissions you grant by using

the Initial Object Creation ACL type apply only to the future contents of the

directory, not to the directory itself. The permissions are inherited only by names

that are created in the directory after you create the ACL entry; permissions are not

propagated to names that already exist in the directory.

To edit an Initial Object Creation ACL, you use the -io option of the dcecp acl

modify command.

• Initial Container Creation ACL—The Initial Container Creation ACL type applies

only to CDS directory names. Use this ACL type to grant permissions to a directory

that automatically propagate (the default) to all child directories that you may later

create under that directory. The permissions you grant by using the Initial Container

Creation ACL type are inherited only by the child directories that you create after

you create the ACL entry; permissions are not propagated to child directories that

already exist.

To edit an Initial Container Creation ACL, you use the -ic option of the dcecp acl

modify command.

16 − 2 Tandem Computers Incorporated 124243