User ID permissions for running Natural RPC on Unix

, ,
1

We are setting up Internet access to our Natural environment via EntireX Security and Natural RPC. We plan to use a generic user id for EntireX Security (Unix user id) and a generic user id for the Natural RPC Server. A separate user id/password will be sent from the web to authenticate the user against Natural Security.

Although no one should get past the EntireX Security, our Systems staff is concerned about the generic user id for the Natural RPC Server. They have asked us to determine what permissions are necessary for the Natural RPC Server user id, what group it must belong to and if there are ways to restrict this user id’s access to other Unix functions.

Any feedback on this would be greatly appreciated.

Julie

2

You can limit the Natural Security id with any of the functions Natural Security provides. In development, the userid may need access to SYSIDL, but in production, you should be able to use a limited user id - it does not need to be a person or administrator id.

You can restrict that id as much as you want to. Obviously, it will need to be able to logon to any libraries that it has to execute from, but within that, you could specify any limited subset of modules that it is allowed to execute - for example, you may choose to prevent access to the USR* API functions (some of which can access Unix functions).