OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series

351

352

353

354

355

356

357

358

359

360

OSF DCE Administration Guide—Core Components

28.2.2 ACL Entry Types for Principals and Groups

ACL entry types let you deﬁne entries for the following:

• Principals and groups

— Principals and groups in the local cell

— Principals and groups in foreign cells

— Delegate entries

— All principals in the local cell for whom individual ACL entries have not been

created.

— All principals in the local and all foreign cells whose privilege attributes do not

match any of the other ACL entries.

• Masks used for authenticated and unauthenticated users

• As-yet-undeﬁned entry types that can be copied and displayed (if not interpreted) by

dissimilar DCE releases.

If any principal or group is not authenticated, the permissions in the entry are further

constrained by the unauthenticated mask (described later in this chapter). All entries for

authenticated principals, except user_obj and other_obj entries, are further constrained

by the mask_obj mask (also described later in this chapter).

The following list shows the entry types for principals and groups, their meaning, and

their entry format. All ACLs have a default cell deﬁned in them, as referred to in the

table. It is changeable, and serves to deﬁne the cell for various data types.

This list uses the following syntax variables:

principal_name The name of a principal in the registry database

group_name The name of a group deﬁned in the registry database

cell The global pathname of a cell in the format /.../name.

permissions The permissions made available by the object’s ACL manager.

The principal and group ACL entry types are as follows:

user_obj Establishes permissions for the object’s real or effective

user. An example is the owner of a ﬁle. The entry

format is

{user_obj permissions}

group_obj Establishes permissions for members of the object’s real

or effective group. An example is the group of a ﬁle.

The entry format is

{group_obj permissions}

other_obj Establishes permissions for all other principals in the

default cell, unless they are speciﬁcally named in ACLs

28 − 6 Tandem Computers Incorporated 124243