ADMIN.SERVER

ADMIN.SERVER

Top  Previous  Next

 

The ADMIN.SERVER command allows a system administrator to set security rules on definitions of QMNet public servers and VFS servers.

 

 

Format

 

ADMIN.SERVER {name}

 

where

 

nameis the name of the server for which the details are to be updated. If this is not present on the command line, a prompt appears.

 

 

If name does not correspond to an existing server, the ADMIN.SERVER command will offer to create a new server definition. This will prompt for the network address and optional port number and then enter the screen described below. If a port number is specified, this may be separated from the network address with a colon or a semicolon. If an IPV6 format address is used, which contains colons as part of its syntax, a semicolon must be used before the port number.

 

 

The default behaviour of the SET.SERVER or SET.VFS.SERVER command is to create a server definition that may be accessed by all users of the system. There is a potential security weakness here because the slave process started on the remote system to handle the connection runs as the user name specified in the server definition, regardless of the user name of the local user accessing the remote file. Security can be improved by arranging that the user name used for the remote slave process is dependent on the user name or user group of the local user. This can be achieved by use of the ADMIN.SERVER command. Because there is no way in which QM can determine the password for a specific user, it is not possible for the remote server login to automatically using the same user name and password as the session from which QMNet or the VFS is used.

 

The screen display from this command is as shown below.

 

Remote user: george

Local users: gsmith, dave

O/S groups :

QM groups  :

--------------------------------------------------------------

Remote user: root

Local users:

O/S groups : admin

QM groups  : admin

--------------------------------------------------------------

Remote user: sales

Local users: ALL

O/S groups :

QM groups  :

--------------------------------------------------------------

 

 

SALES  193.118.14.97                                  F1=Help 

Enter remote user name                                        

 

The display consists of a series of four line entries with a horizontal separator. Each entry identifies the remote user name that will be used for the remote slave process based on criteria related to the local user accessing the file. When creating a connection, the list is scanned from the top downwards looking for the first entry that is applicable to the user.

 

Remote userThe user name to be used for the slave process. Changing this name will also prompt for the associated password. Domain style user names should be entered as user@domain.

 

Local usersA comma separated list of user names on the local system who will connect as the associated remote user name. Specifying this field as ALL, allows connection by all users.

 

O/S groupsA comma separated list of operating system user group names. If the user is a member of a named group, access is granted with the associated remote user name. This field  is ignored on Windows.

 

QM groupsA comma separated list of QM user group names as set with ADMIN.USER. If the user is a member of a named group, access is granted with the associated remote user name.

 

In the above example, users logged in to the local system as gsmith or dave will connect to the remote server with user name george. Users who are members of either the operating system user group named admin or the QM user group of the same name will connect as user name root. All other users will connect as user name sales.

 

If the local user does not meet the conditions set by any entry in the list, connection to the server is not permitted. If a user fits the conditions for more than one entry in the list, the first one found applies.

 

The default action of the SET.SERVER command is to create a server definition in which the remote user is as specified in the command and the local users field is set to ALL.

 

 

To move through the entries in the displayed list, use any of the following keys:

 

Ctrl-N

Cursor down

Move down to next line

Ctrl-P

Ctrl-Z

Cursor up

Move up to previous line

 

Page down

Move down one page

 

Page up

Move up one page

 

The amend a line, simply type new data or use any of the standard editing keys:

 

Ctrl-A

Home

Position the cursor at the start of the input data

Ctrl-B

Cursor left

Move the cursor left one character

Ctrl-D

Delete

Delete character under cursor

Ctrl-E

End

Position the cursor at the end of the input data

Ctrl-F

Cursor right

Move the cursor right one character

Ctrl-H

Backspace

Backspace one character

Ctrl-K

 

Delete all characters after the cursor

 

Insert

Toggle insert/overlay mode. When overlay mode is enabled, data entered by the user replaces the character under the cursor rather than being inserted before this character.

F1

 

Display help text

F2

 

Move current entry up by one place

F3

 

Move current entry down by one place

F4

 

Import security settings from another server. A prompt box appears asking for the server name. Entry of a blank response aborts the action.

 

Clearing the remote user name deletes the associated entry.

 

To insert a new entry, navigate to the bottom of the list and type in new data. The entry can be moved up if necessary with the F2 key.

 
To terminate the edit, optionally saving changes, press the Esc key.

 

 

See also:

The Virtual file system, QMNet, DELETE.SERVER, LIST.SERVERS, SET.SERVER