DFS Security and Access Control

· Issue administrator commands.

· Create or remove filesets.

· Perform system backups.

In DFS, administrative lists define the principals that can perform actions affecting specific server machines. Use the bos commands to create and maintain administrative lists. Use the dcecp program to create administrative groups and place these groups on administrative lists. Adding and removing users from groups rather than altering the administrative lists themselves simplifies system administration.

Groups of DFS server machines that are administered as a single unit are known as DFS administrative domains. Whenever you add or remove server machines in a DFS domain, you must also alter the keytab file for that machine. A keytab file contains a server encryption key, which is used to provide security between servers and their clients. Use the bos commands to maintain a server's keytab file.

To verify or modify ACLs use the dcecp program's acl commands.