6.1 Security Overview

System security for AcuServer^® file server software is designed to address two fundamental security issues:

controlling access to data files

prevention of unauthorized use of AcuServer to perform privileged activities (such as modifying privileged files)

The first issue, controlling access to data files, is addressed in two ways: first, via the AcuServer server access file (discussed in detail in this chapter), and second, through the standard UNIX or Windows NT/2000 file access provisions. Whether a user of AcuServer can access a given file depends on two things: (1) the user ID assigned the requester in the server access file, and (2) either the Windows NT/2000 security set up for your files, or the UNIX ownerships and permissions set on the particular file.

On both Windows or UNIX networks, you have the option to use your operating system security rather than AcuServer system security. By setting the SECURITY_METHOD configuration variable on both the client and the server, you can override the server access file and use the full range of native security features on files and directories on the server instead. See SECURITY_METHOD in section 4.2.2, "Server Configuration Variables," for information and considerations.

The second issue, preventing unauthorized privileged use, is addressed through strict enforcement of the security measures that you have established through the server's operating system.

On a Windows NT , Windows 2000, or Windows 2003 server, AcuServer system security is designed to work with files that reside on an NTFS file system. (AcuServer can work with a FAT file system, but the files are less secure.)

If you currently use a FAT file system, there are two utilities you can use to create an NTFS file system: FORMAT and CONVERT. If you use the FORMAT utility with the option "/fs:ntfs" it will reformat your hard drive and set it up as an NTFS file system. You will lose any existing data on the hard drive if you use the FORMAT utility. If you use the CONVERT utility with the option "/fs:ntfs" it will convert your FAT file system into an NTFS file system. The existing data will be preserved with the CONVERT utility. Note that these utilities are part of the Windows NT , Windows 2000, or Windows 2003 operating environment and are not supported by Acucorp.

After you set up the NTFS file system, you may set read and write access permissions on your files by using the Windows NT/2000 security features. Please refer to your Windows documentation for more information about NTFS file systems and security procedures. Make sure that the "AcuAccess" file and the "a_srvcfg" file can be written only by those accounts and groups that you want to have write privileges.

If your files reside on a FAT file system, they are less secure. The files are accessible to anyone who can access the file system on that machine, unless you establish shared directories. When you create a shared directory, you can assign permissions that apply to all files and subdirectories in the shared directory.

NTFS file systems may also have shared directories. The permissions on the shared directory operate in addition to any NTFS permissions you have established. Shared directory permissions specify the maximum access allowed.

When AcuServer is running as a Windows NT/2000 service, it usually belongs to an implicit group called "SYSTEM." Make sure that the "SYSTEM" group (or whichever group that you are using for your acuserve services) is added to your file permissions with "Full Control."

Files created by AcuServer are owned by the Administrators group and allow "Full Control" for "SYSTEM" and "Administrator." "Everyone" is given the permissions specified by the third digit in the umask in the AcuAccess file.

UNIX ownerships and permissions can be set on key AcuServer files. Note, however, that your site could jeopardize security if you include entries in the server access file that explicitly allow users running as root on the clients to run as root on the server. We strongly recommend against the inclusion of such entries.

Achieving sound AcuServer system security depends on the configuration and management of the following security elements:

the AcuServer server access file (the database of authorized and excluded AcuServer users)

the Windows NT , Windows 2000, or Windows 2003 security protections set up for the acuserve executable file, server configuration file, server access file, and remote data files and directories. Recall that the NTFS file system is more secure.

the UNIX ownerships assigned to the acuserve executable file, server configuration file, server access file, and remote data files and directories

the UNIX access permissions (read, write and execute) set on the acuserve executable file, server configuration file, server access file, and remote data files and directories.

UNIX ownerships and permissions on the acuserve executable, server configuration file and server access file are specified in section 2.4.1. These specifications must be strictly maintained. If the ownerships and permissions are more permissive than those specified, AcuServer will not start.