next up previous contents index
Next: Account aliases Up: Security issues Previous: Access to files

Access control lists

      It is possible to restrict write access to the FATMEN catalogue using an ACL file. The ACL file consists of 3 fields.

  1. User name
  2. Node name
  3. Path name
Any of the fields may be wild-carded. When an update operation is attempted, FATMEN checks the username, nodename and pathname against those defined in the file FATMEN.ACL. This file resides in the directory or on the mini-disk containing the catalogue for which the update is being attempted. Thus, in the case of the CDF experiment, the file will be in the directory pointed to by the symbol or variable FMCDF.

Lines beginning with an exclamation mark, an asterix, a hash or slash asterix treated as comments.

Example of an ACL file

/*              FATMEN.ACL file for CDF experiment at Fermilab         */

! ! !
! ! ! CDF FATMEN Superusers: can modify any directory
! ! !
LINGFENG * //FNAL/CDF
! ! !
! ! ! CDF FATMEN Test users: can modify the subtree //FNAL/CDF/FATMEN
! ! !
CDF_FATM * //FNAL/CDF/FATMEN    
! ! !
! ! ! CDF FATMEN General users: can modify <user> tree.
! ! ! e.g. FRODO can modify //FNAL/CDF/USERS/FRODO
! ! !
<user> * //FNAL/CDF/USERS/<user>
! ! !
! ! ! CDF FATMEN General users: user ID does not match user name:
! ! !
GPYEH * //FNAL/CDF/USERS/YEH
! ! !
! ! ! CDF FATMEN TOP group Superusers:
! ! !
GPYEH * //FNAL/CDF/TOP
! ! !
! ! ! CDF FATMEN TOP DILEPTON subgroup Superusers:
! ! !
LUC * //FNAL/CDF/TOP/DILEPTON
CHIKA * //FNAL/CDF/TOP/DILEPTON
CENYI * //FNAL/CDF/TOP/DILEPTON


Janne Saarela
Mon May 15 09:59:59 METDST 1995