acfsutil sec init

Purpose

Initializes Oracle ACFS security.

Syntax and Description

acfsutil sec init -h
acfsutil sec init -u admin -g admin_sec_group

acfsutil sec init -h displays help text and exits.

Table 16-56 contains the options available with the acfsutil sec init command.

Table 16-56 Options for the acfsutil sec init command

Option Description

Option	Description
`-u` `admin`	Specifies the first security administrator user name. The user specified must be an existing operating system (OS) user and a member of the operating system group specified by the `-g` option. On Windows, the security administrator user name must be specified with a fully qualified user name in the form of `domain_name\username`.
`-g` `admin_sec_group`	Specifies the name of the security group for the administrator. The group specified must be an existing operating system (OS) group. On Windows, the group name must be specified with a fully qualified domain group name in the form of `domain_name\groupname`. If the `domain_name\groupname` contains a space, then enclose the string in quotes (" ").

-u admin

Specifies the first security administrator user name. The user specified must be an existing operating system (OS) user and a member of the operating system group specified by the -g option.

On Windows, the security administrator user name must be specified with a fully qualified user name in the form of domain_name\username.

-g admin_sec_group

Specifies the name of the security group for the administrator. The group specified must be an existing operating system (OS) group.

On Windows, the group name must be specified with a fully qualified domain group name in the form of domain_name\groupname. If the domain_name\groupname contains a space, then enclose the string in quotes (" ").

The acfsutil sec init command creates the storage necessary for security credentials and identifies an operating system user as the first security administrator. The command also identifies the operating system group that is the designated security group. All users that are security administrators must be members of the designated security group. Security administrators are common for all Oracle ACFS file systems.

If you are setting up an OS user and OS group, refer to your operating system-specific (OS) documentation for information.

The acfsutil sec init command is run once to set up Oracle ACFS security for each cluster and can be run from any node in the cluster. Other security commands can also be run from any node in a cluster.

Only the root user or Windows Administrator user can run this command. The user specifies a password for the security administrator. The security administrator password must conform to the following format:

The maximum number of characters is 20.
The minimum number of characters is 8.
The password must contain at least one digit.
The password must contain at least one letter.

The new security administrator can change the password with the acfsutil sec admin password command. For information, refer to "acfsutil sec admin password".

Security administrators are allowed to browse all directories in an Oracle ACFS file system whether they have the underlying operating system permissions and whether any realm checks allow it. This exception enables a security administrator to check the location of the files when securing them with Oracle ACFS security realms. However, a security administrator cannot view the contents of individual files without the appropriate operating system and security realm permissions.

Examples

The following example shows the use of the acfsutil sec init command.

Example 16-49 Using the acfsutil sec init command

$ /sbin/acfsutil sec init -u grid -g asmadmin