Adding an Access Record

To add an access record, you must assign a value to each of the five access record fields:

• Client Machine Name

  The "*" symbol indicates that the record will match all clients for which there are no other records. (This will be the default setting for all clients that do not have a specific record.) You can also enter the official machine name for a client machine. You cannot use alias names in this field.

• Client Username

  If you do not specify a client username, leaving the field blank, any user name will match. For Windows clients that do not define a USERNAME or USER environment variable, this field should be left blank or set to USER. See Access Records for more information.

• Local Username

  The Local Username is the name that AcuServer will use when executing access requests for requesters that match the first two fields of this record.

  Note that if the Local Username is not a valid name on the server, the server will attempt to use the value of the server configuration variable DEFAULT_USER (if defined). If DEFAULT_USER is not defined, the connection will be refused (AcuServer returns an error 9D/103).

  If the local username is the same as the client user name, leave the Local Username field blank.

• Password

  Inclusion of a password is optional. AcuServer ignores any password included in the AcuAccess record when you use the Windows NT security named pipe option rather than AcuServer system security.

  Passwords can be up to 64 characters long. The set of allowable characters includes upper and lower case letters, numbers, the space character, and most special characters (all ASCII characters numbered 32 to 126). Delete, escape, and other non-printable characters are not allowed.

  To prevent a user from attempting to log in to AcuServer, assign that user the password "*". The excluded user will receive an error 9D/103, indicating that access is denied.

• Umask

  The umask is a three-digit code that sets the read and write permissions on new files created for the requester by AcuServer. For more about umask, see the end of and your UNIX operating system documentation.

  If you accept all of the defaults when creating the record, and you are using the command line, the entry will look like:

  Client Machine Name    Client Username    Local Username    Password    Umask
  -------------------    ---------------    --------------    --------    -----
  *                                         <same as client>  <none>      002
  

  If you are using the ACP and accept all of the defaults, the entry will look like:

  

  This is the most permissive access record that can be created. This record will match any client and allow any user to connect to the server, provided that either:

  • The user has an account of the same name on the server
  • The DEFAULT_USER variable is defined with the name of a valid user

  Through inclusion or exclusion of wild cards, named entries, passwords, and umasks, it is possible to construct a server access file that allows open, unrestricted access; rigid, tightly controlled access; or most any level in between.