/sys$common/syshlp/NCLHELP.HLB  —  Network Management, Access Control, Tru64 UNIX Policy
    On Tru64 UNIX, access control policy is as follows:

    o Any user is allowed to use the show command.

    o To execute any command that modifies network data, the user must
      have superuser privileges.

    o When commands default to the local node (either by not specifying
      a node, or using Node 0), NCL communicates with the CML
      application by way of pipes, and the priviledges are determined
      by the user id (UID) that NCL is running under.

    o When commands are issued to a remote node or to the local node by
      explicitly including the node name (for example, using
      node alpha on the system named alpha), then the access granted
      depends on the access control provided; the session control
      attributes defined for CML on the target node; and the proxy
      accounts set up on the target node.

    o The access control used with a command is determined as follows:

       -- If any explicit access control is included on the command line,
          that is what is used. The information can be provided either
          after the node name (for example, node alpha/smith/abc or
          through the use of a "by" clause, for example,
          by user = smith, password = abc).

       -- If no explicit access control is provided, then NCL checks if
          any default access has been previously set, and if so, uses
          that. Default access is set using the
          set ncl default access by user = USER, password = PASSWORD
          command. The current state of NCL's default access can be
          checked with the show ncl default access command.

       -- If neither of the these cases applies, no access information
          is used.

    o When an NCL command arrives at a target node, the access control
      accompanying the command, along with the session control proxy
      entries and session control application cml characteristics
      determine what will be allowed. By default (as DECnet is initially
      installed), all show commands are allowed, and commands that alter
      network data are allowed only if the root account and password are
      explicitly provided. To modify this behavior, refer to the
      appropriate manual entries on session control.
Close Help