Manualshelf

NIO CommKit Host Interface Installation and System Administration Manual

ManualsBrandsHP ManualsSoftwareHP-UX 11i v1 Networking Software
51525354555657585960
3-22
Control Tables (from AT&T 255-110-127)
srvtab
Server Table Validation and Matching
Since /etc/opt/dk/srvtab is a directory, the file corresponding to the requested
service is examined. If that file does not exist, the wild card file * is used.
Call requests are denied with an access denied [see dkerr(3x)] rejection code
if the end of the table is reached before a match occurs. All lines containing
a # character in the first column and all lines without the proper number of
fields are ignored. Following the format validation of a server line, three
comparisons are made with the call request information:
1. The requested service is compared to the service specified in the server
table entry. If the services do not match, the scan moves on to the next line
of the server table.
2. The originating group for the call is then compared against the originat-
ing group pattern in the server table entry according to the rules specified in
the System Field section. If the originating group fails the check, the scan
moves on to the next line.
3. Finally, the originating user ID contained in the call request information
is processed by the method specified in the user field of the server table
entry. If the user ID processing results in an invalid user ID on the called
host, the scan moves on to the next line.
The first server table line that passes all the specified tests is considered a
match. When a match occurs, the call is accepted and the program specified
in the server table entry is invoked with the appropriate arguments according
to the server table flags.
Group.user Facility
The .user suffix to the originating group pattern is a useful facility for
restricting access by certain (often privileged) users. However, you must set
up the server table carefully or the desired effect may not be achieved.
An example server table fragment, that illustrates an actual problem one
administrator had using the .user originating group pattern suffix, is shown
below.
lc/sporty/camaro pupu - *n /opt/dk/bin/pupu pupu:from:%f
*.0xxxxxxxxxxxxxxpupu - guest /opt/dk/bin/pupu pupu:from:%f
lc/sporty/*!xxxx pupu - *n /opt/dk/bin/pupu pupu:from:%f
* xxxxxxxxxxxxxxxpupu - & /opt/dk/bin/pupu pupu:from:%f