HP Distributed Print Service Administration Guide
244 Chapter8
Managing DCE Security for HPDPS
Giving Your DCE Groups Permissions to HPDPS Objects
2. List the ACL. For example enter:
list
3. These commands return a display similar to this:
# Initial SEC_ACL for objects created under: /.:/pdsec :
# Default cell = /…/pda_cell.your_organization.com
unauthenticated:r--t---
group:subsys/dce/cds-admin:rwdtc--
group:subsys/dce/cds-server:rwdtc--
group:pd_admin:rwd----
group:pd_operator:rw-----
any_other:r--t---
group:Dept_6_OPs:rw-----
4. To end the acl_edit session, enter:
exit
Use these same steps to view the IC ACL permissions by substituting
-ic for -io in the acl_edit command. To view the object permissions,
for example, if you wanted to view the permissions that a server or
printer grants to users, do not use either of these flags.
You have set the security directory IO and IC ACLs to give certain
permissions to certain groups. Now that you have done this, create all
the servers that will grant those permissions to those groups. Use the
pdstartspl command to create the spooler Spool6, and the pdstartsuv
command to create the supervisors Super201, Super202, and Super203.
Each of these servers, and every object that is or will be contained in
each of them, grants read and write permission for the Dept_6_OPs
group.
When you have created the servers, edit the IO ACL and IC ACL of the
security directory again. Use thethree step procedure at thebeginning of
this section. This time, remove the group from the IO and IC ACLs of the
security directory. This prevents servers created at a later time and their
objects from granting these same permissions.
Removing a Group from the Security Directory IO and IC ACLs
To remove the Dept_6_OPs group read and write permission from the
IO ACL of the security directory, use the acl_edit command with the
/.:/pdsec soft link.