OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

211

212

213

214

215

216

217

218

219

220

OSF DCE Administration Guide—Core Components

perform the operation.

The creator of a name is automatically granted all permissions that are appropriate for

the type of name that is created. For example, a principal that is creating an object entry

is granted read, write, delete, test, and control permissions to the object entry. A

principal that is creating a directory is granted read, write, insert, delete, test, control,

and administer permissions to the directory.

Note: Unlike the security mechanisms that are enforced by most other ﬁle

systems, CDS does not require a principal to have access to all

intermediate elements in the pathname (full name) of a name in order to

perform an operation on the name. For example, consider an object entry

object1 stored in the /.:/sales directory. In CDS, you can grant a principal

access to the object entry /.:/sales/object1 without necessarily granting the

principal access to either the /.:/sales directory or the cell root directory

(/.: ).

16.6 Controlling Access to CDS Clerk and Server

Management Operations

CDS authorization allows you to control the use of CDS commands that involve local

management operations on CDS clerks and servers. Principal names for each clerk and

server are stored in the security namespace. An object entry that contains the binding

information for each clerk and server is stored in the CDS namespace in the /.:/hosts

subdirectory. Servers are represented as /.:/hosts/hostname/cds-server. Clerks are

represented as /.:/hosts/hostname/cds-clerk.

Each clerk and server maintains a separate ACL that contains entries specifying the

principals allowed to perform these operations. Unlike the ACLs that are associated

with names in the namespace, the ACLs that are associated with clerks and servers exist

exclusively to provide local control of the use of these commands.

Whenever a new clerk or server is initialized, an ACL is created on the clerk or server

system. An initial ACL entry is also created, granting the machine principal and the

namespace authorization group (subsys/dce/cds-admin) read, write, and control

permissions to the clerk or server process on that system. All other principals, both

authenticated and unauthenticated, are granted read permission. The creation of this

ACL entry ensures that, immediately after its creation, any user logged into the system

as the machine principal is permitted to execute privileged clerk or server CDS

commands.

Note: Use of the machine principal for this purpose is provided as a convenience

and assumes that the account itself (user name and password) is already

moderately secure. Namespace administrators may prefer to modify this

scheme and grant permission to particular clerks and servers on behalf of

other individual principals or authorization groups.

To edit an ACL that is associated with a CDS clerk or server, you use the dcecp acl

modify command with the -change option. For example, to change the permissions for

the user michaels in the ACL that is associated with the CDS clerk on node orion, enter

16 − 6 Tandem Computers Incorporated 124243