Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
371372373374375376377378379380
OSF DCE Administration Guide—Core Components
30.4 Universal Unique Identifiers and UNIX IDs
The DCE Security Service automatically associates a principal’s, group’s, or
organization’s primary name with a UUID. UUIDs identify objects, which is a function
performed by UNIX numbers (UNIX IDs) in UNIX systems. (The registry database also
contains UNIX numbers, but they are used solely for compatibility with UNIX
programs.)
Normally, you do not have to be aware of UUIDs. They are created and maintained
automatically. However, be aware that, although the DCE Security Service prints names
and you can access objects by name, it identifies all objects internally by UUID. If you
delete a principal from the registry, you also delete the principal’s UUID. Any objects
(files, programs) that are owned by the principal are associated with an ‘‘orphaned’’
UUID; that is, a UUID with no corresponding name. This means that the object is now
owned by a deleted principal. If no other principals were previously given access to the
object, the object cannot be accessed.
To solve this problem, use the dcecp principal create command with the -uuid option to
associate the UUID with a name and thus ‘‘adopt’’ the orphaned object. UUIDs are
assigned automatically when the object is created by using the DCE control program’s
principal create command. Therefore, you cannot simply add a new user and acquire a
previously used UUID. You must execute the dcecp principal create command with the
-uuid option for this purpose.
UNIX numbers in the registry must fall within the range of numbers you set as a registry
property. When you supply a UNIX number in the command line for creating or
modifying an account, you should avoid numbers under 100 since these are generally
reserved for system accounts.
30.5 Adding and Maintaining Principals
Use the dcecp principal create command to create principals. A principal must exist
before you can create an account for the principal. When you use the dcecp principal
create command, you must supply the principal’s primary name as an argument. In
addition, you can supply the attribute options summarized in Table 30-1.
TABLE 30-1. Attribute Options to Create Principals
_________________________________________________________________________
Option Meaning
_________________________________________________________________________
_________________________________________________________________________
An optional name that is used to more fully describe a
primary name. To include spaces, enclose the full name in
braces. The default is blank.
-fullname namestring
_________________________________________________________________________
30 4 Tandem Computers Incorporated 124243