HP OpenVMS Systems

ask the wizard
Content starts here

Limiting Access to DFS Disks?

» close window

The Question is:

 
To whom it may concern,
 
WE are currently running DFS VERSION 2.2-3
We have a security issue between the Client
and Server. Our problem is that we want to
limit the usage of an access point to one
user at a given time.  To this end we have
modified the proxy account on the server to
have maxjobs=1. The problem is that anyone
on the client can create the account we are
using to compile executables and then has
full access to the DFS disk/server.
Modifying the proxy account has not helped.
Can DFS limit the number of simultaneous
users to a given accesss point?
 
Regards,
 
Rafael Ruiz
 
 


The Answer is :

 
  DECdfs tries to closely emulate a locally-connected disk device.
 
  If the files in question were on a locally-mounted disk, the
  same restrictions exist -- a user with full local access would
  be able to perform the same operations on the local disk as they
  can on the DECdfs disk.
 
  The server (proxy) username on the DECdfs server is used solely
  to determine access rights, the process quotas are ignored.
  Alternatively, you can map a unique server (proxy) and
  appropriate protections for each user, and use host-based
  checks (via SYLOGIN.COM checks or otherwise) to control which
  of clients have access to the target disk, possibly via ACLs
  on the target that permit (or deny) access to the target from
  the server (proxy) username.
 
  Alternate approaches available here could include code management
  schemes and tools, as this question appears similar to be one of
  source code control.
 

answer written or last revised on ( 18-FEB-1999 )

» close window