Three basic "god" ACLs exist
system:administrators - membership provides user with implicit la on all directories in the cell.
Allows user to create pts entries, add and remove users from system:foo groups as well as chown, add setuid/setgid bits on files.
SUsers - list of users configured on a per server basis (but a user really need to be in list for all servers in a cell). Allows access to priviledged vos, bos commands.
ADMIN - flag set on a principle in the kaserver database. Enables user to create and delete principles, and force change passwords for existing principles. Not relevant for any site using MIT Kerberos for which the analagous tool is kadmin.
| previous | index | next |