Manualshelf

Technical data

ManualsBrandsCompaq ManualsPrinterLA36
41424344454647484950
Table 4–3: access-control-list Attribute Name-Type Field Properties (cont.)
Property Value of Name User Affected
name-type=group
name is a valid group
on the server
All users who are members of the
named group. The server looks
up the user name associated with
the request in the group map or
file (as specified in /etc/svc.conf)
and verifies that the user is a
member of that group.
name-type=netgroup
A valid netgroup All users who are members of
the named netgroup.
The following rules apply when a server accesses the ACL to verify
authorization of a user:
•Ifname-type is other than all-users, you must specify a value for
name. Also, the name of the user (as determined by looking up the UID
in a password file) making the request must be:
An exact match to name, if name-type=user.
A member of the group, if name-type=group.
A member of the netgroup, if name-type=netgroup.
It is likely that you will use the netgroup value of name-type
primarily for operator and administrator privilege levels, because it
restricts specific users to specific hosts.
______________________ Note _______________________
You should not add root to an ACL, without specifying a host
name (root@host_name), unless you want all root users from all
remote systems in your network environment to have privileged
access to servers.
4.3.1 Managing ACLs
You can create and modify ACLs from the command line or by using the
pdprintadmin GUI. This section describes how to create and manage
ACLs using both interfaces. You can use the abbreviation, a-c-l for the
access-control-list attribute.
Use the following command to add user smith as a printer operator
for server red_spl:
# pdset -c server \
-x access-control-list+="{name=smith \
name-type=user privilege-level=operator}" \
Managing Security 4–5