User Authorization

Connect:Direct® for UNIX can authorize local and remote users to perform certain Connect:Direct for UNIX tasks. In order to use Connect:Direct for UNIX, each user must have a record defined in the user authorization file, called userfile.cfg. Each local user must have a record in the user authorization file, and remote users may be mapped to a local user ID in a proxy relationship.

To provide a method of preventing an ordinary user from gaining root access through Connect:Direct for UNIX, a second access file called the Strong Access Control (SACL) file is created when you install Connect:Direct for UNIX and is named sysacl.cfg. The root:deny.access parameter, which is specified in the sysacl.cfg file, allows, denies, or limits root access to Connect:Direct for UNIX. If the SACL file is deleted or corrupted, access to Connect:Direct for UNIX is denied to all users.