The Security Space
The figures entitled The Top-Level Security Directory, The sec/group Directory, and The sec/principal Directory illustrate the Security namespace within the DCE cell namespace. The subsections that follow provide a description of each entry. The subdirectories that comprise the Security namespace are principal, group, org, policy, replist, and xattrschema.
To operate on the ACLs on any of these namespace entries, you need to include the name of the Security junction. For example, when you use the DCE control program's (dcecp) acl * commands, the group name acct-admin is referenced as /.:/sec/group/acct-admin, its database object name.
However, when you use the dcecp program's principal *, group *, or organization * commands operate on a principal, group, or organization name without /.:/sec and principal, group, or organization included as part of the name. For example, to view the attributes of the group acct-admin, you issue the group show command specifying the group name acct-admin without this path.
The Top-Level Security Directory
The sec/group Directory
The sec/principal Directory
In the following topics, descriptions of entries in an initial Security namespace are given. Included is the suggested UNIX user identifier (UNIX UID) or group identifier (UNIX GID) that they are assigned to. Vendors should use these values if possible. The password and group override files can replace them with correct local values, if necessary. Some entries are assigned the next available identifier, starting with 100; therefore, these may vary from cell to cell. They are indicated as Generated.
More:
The Top-Level Security Directory
The sec/group/subsys Directory
The sec/principal/hosts Directory