Manualshelf

OSF DCE Administration Guide--Core Components

ManualsBrandsHP ManualsServerHP NonStop G-Series
391392393394395396397398399400
Creating and Maintaining Principals, Groups, and Organizations
Chapter 28 for a description of ACLs.) For example, assume the ACL for file X
contains two entries: one permits group A write access and one permits group B read
access. Then, any principal who is a member of both groups A and B can read and
write to file X.
30.7.1.1 Project Lists and Rights
Principals accrue project list access rights only from the groups that are associated
with the name or alias with which they log in. They do not accrue rights from their
names and all of their aliases. For example, assume that a principal named gustav is a
member of groups A and B. Under the alias gus, gustav is also a member of groups C
and D. When the principal logs in as gustav, the principal accrues access rights from
groups A and B only. When the principal logs in with the alias gus, the principal
accrues access rights from groups C and D only.
To display the groups in which a principal (or its alias) is a member, use the principal
show command described in Chapter 34.
30.7.1.2 Prohibiting Inclusion on Project Lists
If a group is prohibited from inclusion in a project list, its rights are not accrued. For
example, assume again that file X’s ACL includes two entries: one that permits group
A read access to file X and one that permits group B write access to file X. Assume
that the project list inclusion property is set to disallow group B from project lists. A
principal who is a member of both groups A and B who tries to access file X is allowed
only read permissions, not write permissions. If the project list inclusion property
allows group B to be on project lists, a member of groups A and B receives both read
and write access.
You may decide to prohibit some groups from inclusion on the list. You may, for
example, want to prohibit any reserved groups with access rights similar to root from
inclusion on any project lists.
30.7.2 Adding Groups and Organizations
Use the dcecp group create command to add groups and the dcecp organization
create command to add organizations. When you add a group or organization, you
must specify the group’s or organization’s primary name. In addition, you can supply
the attribute options listed in Table 30-3.
Note that, when you use the dcecp group create command and dcecp organization
create command, you can create multiple groups or organizations with one command
in the same way that you can create multiple principals. See Section 30.5.1 for details.
124243 Tandem Computers Incorporated 30 15