如果不谨慎地控制谁对文件系统有写访问权限,用户只需手工编辑配置文件,就可以破坏产品的安全性控制(比如审计)。
If you do not carefully control who has write access to the file system, a user can subvert the product security controls (such as auditing) by simply hand editing the configuration files.
这些人员有权安装和删除应用程序、更改操作系统权限以及对属性和系统配置文件进行更改。
This person (or persons) has access to install and remove applications, change OS permissions, and make changes to property and system configuration files.
要避免上述问题,有个出人意料的解决方法:不要让构建代理的网络账号对配置文件有写权限。
A surprisingly easy way to avoid the above problems is to simply not allow the build agent's network account to have write access to the configuration files.
在创建配置文件之前,帐户不具有权限。但使用第一个用例中的技巧需要为通道访问的每一个队列都创建一个配置文件。
The account has no access unless profiles are created for it, but using the techniques from the first case study would require a profile for every queue to which the channel needs access.
由于根本没有必要具有访问.splogrc配置文件的访问权限,因此可以利用DB 2 . GET _ sp _ CONFIG存储过程的帮助来查看日志标记的设置。
Since it is not necessary to have access to the.splogrc configuration file, you can see the Settings of the logging tokens with the help of DB2.GET_SP_CONFIG stored procedure.
他也可以设备上装些感兴趣的应用,但这些应用将永远无法获得访问权限或者升级为安全应用,因为它们完全被环境配置文件隔离了。
He can also have his fun apps on the same device, but they'll never be able to get access or break into a more secure app because of the complete segmentation of profiles.
通常,分区配置文件指定了操作系统启动时的资源需求,例如内存数量、处理器权限、适配器等等。
In general, a partition profile specifies operating system boot time resource requirements, such as the desired amount of memory, processor entitlement, adapters, and so on.
下一个示例展示了另一个情况:当所涉及的主体是多个分组的成员并且这些分组具有不同的权限时,可以累计多个配置文件中的权限。
This next example illustrates that rights can accumulate from multiple profiles when the principal involved is a member of multiple groups and these groups have differing access rights.
如果有两个配置文件匹配相同对象,则最具体的配置文件将优先,并完全覆盖另一个配置文件中指定的权限。
When two profiles matched the same object, the most specific profile took precedence and completely overrode the rights specified in the less specific profile.
一个区别是mxtopic类中的配置文件包含一个PUBLISH或SUBSCRIBE限定符,以便分别授予发布到主题权限和订阅主题权限。
One difference is that profiles in the MXTOPIC class contain a qualifier for publish or subscribe, so the authorization to publish or subscribe to a topic can be granted independently.
在上一个用例中,授权主体的权限仅由一个配置文件驱动。
In the previous use case examples, the rights granted to a principal were derived from one and only one profile.
通过使用一个已定义配置,Cfengine能够确保您拥有恰当的包、配置文件、文件权限,且进程运行在您的环境中。
Using a defined configuration, Cfengine can ensure that you have the proper packages, configuration files, file permissions, and processes are running in your environment.
上一个示例中使用的dspmqaut命令将根据所有适用配置文件来计算有效权限。
The dspmqaut command used in the previous examples calculates the effective permissions based on all applicable profiles.
带 –e选项的dmpmqaut命令将显示构成了某个实体的有效累计权限(针对对象)的所有配置文件。
The dmpmqaut command with the –e option displays all of the profiles that contribute to an entity’s effective cumulative rights to an object.
安装二进制文件、init脚本、示例配置文件并设置外部命令目录上的权限,如清单6所示。
Install binaries, init script, sample config files, and set permissions on the external command directory, as shown in Listing 6.
当前任务或事务userid需要保护替代userid的替代用户配置文件的UPDATE访问权权限,以便获得使用它的授权。
The current task or transaction userid needs UPDATE access to the alternate user profile that protects the alternate userid, in order to be authorized to use it.
此时,硬盘上的V6migratedServer 配置文件具有操作系统设置的只允许根用户访问文件的权限。
At this point, the V6 migratedServer profile on the hard disk has permissions set by the operating system to allow only the root user to access the files.
获取机器证书需要管理权限。因此,受限制用户将无法使用采用机器证书的配置文件。
Administrative rights are required to access a machine certificate. Therefore, a restricted user is prevented from using profiles that use a machine certificate.
安全配置文件包含有关与策略级别关联的代码组层次结构和权限集的信息。
Security configuration files contain information about the code group hierarchy and permission sets associated with a policy level.
指示已完成所有写入配置文件操作,并指定是否应断言权限。
Indicates that all writing to the configuration file has completed and specifies whether permissions should be asserted.
应用程序配置文件中的显式程序集绑定重定向需要安全权限。
Explicit assembly binding redirection in an application configuration file requires a security permission.
访问拒绝:用户名或密码不正确,或指定的帐户没有访问配置文件数据库的适当权限。
Access denied: Either the username and password are incorrect or the specified account does not have appropriate access to the profile database.
Windows无法加载以本地方式存储的配置文件:安全权限不足或本地文件已损坏。
Windows cannot load the locally stored profile: Insufficient security rights or a corrupted local file.
Windows无法加载以本地方式存储的配置文件:安全权限不足或本地文件已损坏。
Windows cannot load the locally stored profile: Insufficient security rights or a corrupted local file.
应用推荐