PreviousNext

Permissions for Accessing Server Control Facilities

ACLs (access control lists) prevent unauthorized principals from creating, reading, changing, or deleting information maintained by the server control facilities.

The server control facility maintains two kinds of server control information. Server configuration information (named srvrconf in DCE) consists of the information needed to start servers. Server execution information (named srvrexec in DCE) consists of information needed to control or stop servers when they are running.

Server configuration information is protected by two types of ACLs. One ACL protects the container in which the server control information resides. A second ACL type protects each individual server's configuration information.

Similarly, server execution information is protected by two types of ACLs. One ACL protects the container in which the server execution information resides. A second ACL type protects each running server's execution information.

This topic shows how to manage ACLs that protect server control information. For detailed information about setting and using ACL protections, read the topic titled Using Access Control Lists in the OSF DCE Administration Guide - Core Components.

Permissions for the Server Configuration Container

The server configuration information resides in a container. The container, a backing storage mechanism implemented as a file on UNIX systems, is owned by root and is also protected by an ACL. These ACL permissions control who can access information in the container. Each DCE host has one server configuration container ACL with the following name:

/.../cellname/hosts/hostname/config/srvrconf

The server configuration container ACL has the following permissions:

c (control) Modify the container ACL
r (read) Read configuration information in the container
i (insert) Create new configuration information
I (Insert) Create new configuration information for a server that runs as a privileged user (for example, as root on a POSIX system). Such operations also require the i permission.
Use the dcecp acl object to view or modify ACLs. For example, use the following operation to view the ACL for the server configuration container object on host silver.

dcecp> acl show /.:/hosts/silver/config/srvrconf

{user appl_admin criI}

{unauthenticated r}

{any_other r}

dcecp>

Because /.:/hosts/silver/config/srvrconf is a container, it also has an Initial Container ACL and an Initial Object ACL. You can operate on these initial ACLs by using the -ic and -io options to acl operations. Note that the Initial Container ACL has no effect because currently, you cannot create child containers under /.:/hosts/hostname/config/srvrconf.

Permissions for Accessing Server Configuration Information

Each server's configuration information is protected by its own ACL. These ACLs can prevent unauthorized principals from creating, reading, changing, or deleting server configuration information, and from starting, stopping, enabling and disabling servers.

Each ACL is named for the server configuration information it protects and has a name like:

/.../cellname/hosts/hostname/config/srvrconf/server_name

This ACL has the following permissions:

c (control)
Modify the ACL

d (delete)
Delete the server configuration information

f (flag)
Start server with custom flags

r (read)
Read the server configuration information

w (write)
Modify the server configuration information

x (execute)
Start server

Use the acl object to view or modify ACLs. For example, use the following operation to view the ACL for the video_clip server on host silver.

dcecp> acl show /.:/hosts/silver/config/srvrconf/video_clip

{user appl_admin cdfrwx}

{unauthenticated r}

{any_other r}

dcecp>

This ACL takes its default values from the container's Initial Object ACL. You can operate on the Initial Object ACL by using the -io option to acl operations. The following example shows the Initial Object ACL for the video_clip server:

dcecp> acl show /.:/hosts/silver/config/srvrconf -io

{unauthenticated r}

{any_other r}

dcecp>

Permissions for the Server Execution Container

When servers are started, the DCE daemon copies server configuration information into the server execution database. The dced process also adds more information about the running server such as a UUID, the server's communication endpoints and its process name and ID. The execution information controls the running server; for instance, the process ID is used to stop a server. When a server exits, the DCE daemon removes its server execution information.

The server execution information resides in a container. The container, a backing storage mechanism implemented as a file on UNIX systems, is owned by root and its access through dced is protected by an ACL. These ACL permissions control who can access information in the container. Each DCE host has one server execution container ACL with the following name:

/.../cellname/hosts/hostname/config/srvrexec

The server execution container ACL has the following permissions:

c (control) Modify the container ACL
r (read) Read execution information in the container
i (insert) Create new execution information
I (Insert) Create new execution information for a server that runs as a privileged user (for example, as root). Such operations also require the i permission.
Use the acl object to view or modify ACLs. For example, use the following operation to view the ACL for the server execution container object on host silver.

dcecp> acl show /.:/hosts/silver/config/srvrexec

{user appl_admin criI}

{unauthenticated r}

{any_other r}

dcecp>

Because /.:/hosts/silver/config/srvrexec is a container, it also has an Initial Container ACL and an Initial Object ACL. You can operate on these initial ACLs by using the -ic and -io options to acl operations. Note that the Initial Container ACL has no effect because currently, child containers do not exist under /.:/hosts/hostname/config/srvrexec.

Permissions For Accessing Server Execution Information
Each server's configuration information is protected by its own ACL. These ACLs can prevent unauthorized principals from creating, changing, reading, or deleting server configuration information, and from starting, stopping, enabling and disabling servers.

Each ACL is named for the server execution information it protects and has a name like:

/.../cellname/hosts/hostname/config/srvrexec/server_name

This ACL has the following permissions:

c (control)
Modify the ACL

r (read)
Read server execution information

w (write)
Modify the server execution information

s (stop)
Stop server

As an example, use the following operation to view the ACL for the server execution information for the video_clip server on host silver.

dcecp> acl show /.:/hosts/silver/config/srvrexec/video_clip

{user appl_admin crws}

{unauthenticated r}

{any_other r}

dcecp>

This ACL takes its default values from the container's Initial Object ACL. You can operate on the Initial Object ACL by using the -io option to acl operations. The following example shows the Initial Object ACL for the video_clip server:

dcecp> acl show /.:/hosts/silver/config/srvrexec -io

{unauthenticated r}

{any_other r}

dcecp>