PreviousNext

Extending Server Configurations

Some servers may require configuration information that is not supported by the set of attributes provided with your DCE software. You can add arbitrary information to your server configuration information by creating additional extended registry attributes ERAs with the xattrschema object.

For example, say you have a server that needs an attribute that specifies an object family. You create such an attribute using the xattrschema object. The following example creates an ERA called srvconf/objfamily. The operation specifies the permissions needed to query, update, test, and delete the ERA, and it specifies the ACL manager that supports the permissions.

dcecp> xattrschema create /.:/hosts/silver/config/xattrschema/srvrconf/objfamily \

> -attribute {{annotation {object family}} {encoding uuid} \

> {aclmgr {srvrconf r w r d}

dcecp>

Once you have created a new attribute, use a server modify operation as explained in the topic titled Changing Server Configurations to insert the necessary data. More information about ERAs is provided in Creating and Using Extended Registry Attributes.

You can review the attributes associated with an ERA by using an xattrschema show operation as shown in the following example:

dcecp> xattrschema show /.:/hosts/silver/config/xattrschema/srvrconf/objfamily

{aclmgr {srvrconf {{query r} {update w} {test r} {delete d}}}}

{annotation {object family}}

{applydefs no}

{encoding uuid}

{intercell reject}

{multivalued yes}

{reserved no}

{scope {}}

{trigbind {}}

{trigtype none}

{unique no}

{uuid 1bef2222-e687-11cd-b74a-0000c08adf56}

dcecp>

ERAs in server configuration information are protected by two levels of ACLs. One ACL type protects the container in which the ERA resides. The second ACL type protects the individual ERA.

The ERA container ACL is named:

/.../cellname/hosts/hostname/config/xattrschema

The ERA container ACL has the following permissions:

c (control) Modify the container ACL
r (read) Read ERA in the container
i (insert) Create new ERA information
I (Insert) Although the I permission is present, it does not apply to ERA items. The permission applies to server control facilities which are explained in Permissions for Accessing Server Control Facilities.
Use the dcecp acl object to view or modify the container ACL. For example, the following operation views the ERA container ACL on host silver.

dcecp> acl show /.:/hosts/silver/config/xattrschema

{user appl_admin criI}

{unauthenticated r}

{any_other r}

dcecp>

The ACL for an individual ERA is named as follows:

/.../cellname/hosts/hostname/config/xattrschema/ERA_name

ACLs on individual ERAs can prevent unauthorized principals from creating, reading, changing, or deleting ERA information. The following example shows permissions established for the srvconf/objfamily ERA. In this example, the c permission has no effect because it was not assigned when the ERA was created with the xattrschema create operation. All users can query and test the ERA. Only the user named appl_admin can also update and delete the ERA.

dcecp> acl show /.:/hosts/silver/config/xattrschema/srvrconf/objfamily

{user appl_admin crwd}

{unauthenticated cr}

{any_other cr}

dcecp>

This ACL takes its default values from the container's Initial Object ACL. You can operate on the Initial Object ACL by using the -io option to acl operations. The following example shows the Initial Object ACL for the xattrschema container on host silver:

dcecp> acl show /.:/hosts/silver/config/xattrschema -io

{unauthenticated cr}

{any_other cr}

dcecp>