Modifying ACLs on the Master Security Server
Upon initial cell creation, security is string and little remote access is allowed - ACL settings on dced objects are tight. To allow for more flexibility in remote administration, you may want to modify the ACLs on certain dced objects. As root, run the dced_acl_patcher scripts on the master Security Server. This opens the ACL settings, while still preventing the cell_admin from having root access to all machines in the cell via dced.
To modify the ACLs, follow these steps:
1. Log in as root on the master Security Server.
2. Kill dced and patiently wait for it to terminate - termination can take up to several minutes.
% kill -s TERM pid
3. Restart dced with the -r option:
% dced -r
Wait 30 seconds for dced to start.
4. Run the dced_acl_patcher script, which does not prompt you for information:
% dced_acl_patcher
See the topic entitled The DCE Cell Namespace for a comparison of the ACLs as they exist before and after running dced_acl_patcher.