The foundation of AcuServer system security is the server access file. The server access file is an encrypted Vision file, named "AcuAccess" by default. This file is located in the /etc directory on UNIX servers and the root drive, which is normally the c:\etc directory on Windows NT, Windows 2000 to 2008 servers. You may rename the access file, and you can have multiple access files (for multiple instances of acuserve, for example) if desired.
The server access file contains one or more access records. These records define which users of which clients are permitted access to AcuServer.
The server access file is designed to support a wide range of access security, from very open to very restrictive. You choose the level of security best suited to your needs.
Access records may include wild cards that allow all clients or all users (except root under UNIX and administrator under Windows NT, Windows 2000 to 2008) access to AcuServer. You can also create individual access records for each user of each client, as well as individual records listing users who are explicitly excluded from accessing files.
The individual access records allow you to specify the user ID that AcuServer will use when executing requests for users matching the given record. In this way you can assign a user ID that has exactly the privileges needed, and no more (typical of group access accounts).
In addition, every access record can include a password entry, which the application or user must match before AcuServer will establish a connection. If this password is set to "*", the user is explicitly denied access to AcuServer.
The security system is almost completely transparent to the end user. The user is made aware of the security system only when remote file access requires interactive password authentication.
Creation and modification of the server access file requires root privileges on UNIX, and administrator privileges on Windows NT, Windows 2000 to 2008.
On UNIX servers, the access file must be owned by root and cannot be writable by anyone other than root. If the access file does not exist, is not owned by root, or is writable by users other than root, AcuServer will not start. On Windows NT and Windows 2000 to 2008 servers, the access file must be owned by administrator or the administrators group and cannot be writable by anyone without administrator privileges. If the access file does not exist, is not owned by administrator or the administrators group, or is writable by users without administrator privileges, AcuServer will not start.