Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
221222223224225226227228229230
Controlling Access to CDS Names
For example, to edit the permissions in the Object ACL that is associated with a CDS
entry for a clearinghouse named /.:/Paris1_CH, you would enter the following
command:
dcecp> acl modify /.:/Paris1_CH -entry -change {unauthenticated -}
To edit the permissions in the Object ACL that is associated with the /.:/Paris1_CH
clearinghouse itself, you would enter the following command:
dcecp> acl modify /.:/Paris1_CH -change {unauthenticated -}
Another example is the soft link /.../eng_printer. The target of this soft link is
/.../boston.com/print_server. To edit the soft link leaf entry that is in the CDS
namespace, enter the following command:
dcecp> acl modify /.../eng_printer -change -entry \
{group subsys/dce/cds-admin rwdtc}
16.9 How CDS Servers Gain Access to the Namespace
CDS servers require permission to the cell root directory and to lower-level directories
to successfully execute the following CDS commands:
clearinghouse create
directory create (For directories and replicas)
directory delete (For directories and replicas)
directory synchronize
To automate the process of granting all CDS servers the permissions that they require,
the CDS cell configuration process creates an authorization group for CDS servers under
the fixed name subsys/dce/cds-servers. The principal name of the initial server in the
cell is added to this group as part of the configuration process. Immediately after the
group is created, the configuration process grants full permissions (r, w, i, d, t, c, a)t o
the cell root directory of the new namespace on behalf of the group. ACL entries of the
Object ACL and Initial Container Creation ACL types are created by specifying
subsys/dce/cds-servers as the principal in each ACL entry. This ensures that the group
has full access to all future directories and their contents.
Thereafter, whenever a new server is configured in the cell, the server configuration
process automatically adds the principal name of the new server to the group. Through
this process, all CDS servers in the cell receive adequate permissions to all directories in
the namespace.
124243 Tandem Computers Incorporated 16 11