ACCESS (dfs)(5N) COMMAND REFERENCE ACCESS (dfs)(5N)
NAME
access - control remote access to local files.
SYNOPSIS
/usr/lib/dfs/access
DESCRIPTION
This file determines which users on which remote hosts may
access the local file system.
It is formatted as a host followed by a seres of names of
the form
orca: sam, joe, root=joe, . .
The colon separates the remote hostname (orca) from the
users (sam,joe,...). As shown above, names with equalsign
specify a userid mapping (i.e: allow access from root on
orca as joe on this host). Lines beginning with '#' are
comments.
Remember that access determines if the daemon will attempt
to execute the system call on behalf of the requesting host.
However, the standard UTek owner-group-other protection
scheme will ultimately determine the accessibility of the
file by the remote process.
/usr/lib/dfs/access is an ASCII file used to modify the
access database; the actual aliasing information is placed
into a binary format in the files /usr/lib/dfs/access.dir
and /usr/lib/dfs/access.pag using the command
/usr/lib/dfs/newdfs. These are dbm(3d) files.
It is recommended that for editing access you use vidfs(8n).
It will make a number of checks on the validity of the
entries in the access file. When setting up access keep two
points in mind. First, users mentioned in access must
already be in the password file /etc/passwd. They do not,
however, have to have login privileges nor do they need a
home directory. You can prevent them from logging on by
setting their encrypted password to '*' or any other single
letter (because no password encrypts to a single character).
Secondly, the local userid assigned to the remote user
wishing to access the local file system must match the
userid assigned to that remote user on the remote host.
It is possible to specify an 'alias' in access, for example:
host1:jeff,root
host2:leon,root=leon
The first entry allows access by root from host1. However
for security reasons allowing access by root is not often
Printed 10/17/86 1
ACCESS (dfs)(5N) COMMAND REFERENCE ACCESS (dfs)(5N)
appropriate. The second entry allows access by root from
host2, but the local system treats the request as if it came
from leon and so access is based on leon's rights, not those
of root. Note that if two users have the same alias, only
one of those aliases will take effect. In other words it is
not possible for multiple users to have an entry with the
same alias because when a request is received from that
alias, there is no way of knowing whose access rights to
use. This issue is resolved when newdfs builds the access
database based on the first entry it finds.
It is possible to allow access for all users from a remote
hosts for example:
tekecs:*
Specifying * allows access by all users on that host except
root.
FILES
/usr/lib/dfs/access raw data for DFS access
database.
/usr/lib/dfs/access.pag
/usr/lib/dfs/access.dir DFS access database.
/usr/lib/dfs/newdfs Program to make and install
database.
/usr/lib/dfs/convert Shell
script to convert from old
/etc/hosts.dfs.access file.
SEE ALSO
dfsd(8n), vidfs(8n).
Printed 10/17/86 2
%%index%%
na:72,82;
sy:154,197;
de:351,2568;3063,868;
fi:3931,722;
se:4653,122;
%%index%%000000000103