The foundation of AcuConnect system security is the server access file. The server access file is an encrypted Vision file, named "AcuAccess" by default, and located in the "/etc" directory on UNIX servers and the "\etc" directory on Windows NT or Windows 2000 servers. You may rename the file if you like. The server access file contains one or more access records. These records define which users of which clients are permitted access to AcuConnect.
The server access file is designed to support a wide range of access security, from very open to very restrictive. You choose the level of security best suited to your needs.
Access records may include wild cards that allow all clients or all users (except root under UNIX and Administrator under Windows NT/2000) access to AcuConnect. Or you can create individual access records for each user of each client. By having individual access records, you can restrict access to only those users specifically named in the access file.
The individual access records allow you to specify the user ID that AcuConnect will use when executing requests for users matching the given record. In this way you can assign a user ID that has exactly the privileges needed, and no more (typical of group access accounts).
In addition, every access record can include a password entry which the application or user must match before AcuConnect will establish a connection. The security system is almost completely transparent to the end user. Only when remote file access requires interactive password authentication is the user made aware of the security system.
Creation and modification of the server access file requires root privileges on UNIX, and Administrator or Administrators group privileges on Windows NT and Windows 2000.
On UNIX servers the access file must be owned by root. The access file cannot be writable by anyone other than root. If the access file does not exist, is not owned by root, or is writable by users other than root, AcuConnect will not start.
On Windows NT and Windows 2000 servers, you should protect the access file by allowing only the Administrator or someone in the Administrators group to have write access to it. If the access file does not exist, is not owned by Administrator or the Administrators group, or is writable by users other than Administrator or the Administrators group, AcuConnect will not start.
More: