UNIX Ownerships and Permissions

UNIX ownerships and permissions can be set on key AcuConnect files. Note, however, that your site could jeopardize security if you include entries in the server access file that explicitly allow users running as root on the clients to run as root on the server. We strongly recommend against the inclusion of such entries.

Note that the runtimes that are started by AcuConnect on the server inherit the environment of the user who started AcuConnect. Therefore, we recommend that you log on as the DEFAULT-USER and then use the "su" command to gain root privileges and start up AcuConnect. This ensures that any users mapped to the DEFAULT-USER account do not have any more privileges than you intend.

Achieving sound AcuConnect system security depends on the configuration and management of the following security elements:

the AcuConnect server access file--the database of authorized AcuConnect users

the UNIX security protections set up for the acuconnect executable file, server configuration file, server access file, and remote program files and directories.

the UNIX ownerships assigned to the acuconnect executable file, server configuration file, server access file, and remote program files and directories

the UNIX access permissions (read, write and execute) set on the acuconnect executable file, server configuration file, server access file, and remote program files and directories.

UNIX ownerships and permissions on the acuconnect executable, server configuration file and server access file must be strictly maintained. If the ownerships and permissions are more permissive than those specified, acuconnect will not start.