Purpose
Initializes Oracle ACFS security.
Syntax and Description
acfsutil sec init -h acfsutil sec init -u admin -g admin_sec_group
acfsutil
sec
init
-h
displays help text and exits.
Table 16-56 contains the options available with the acfsutil
sec
init
command.
Table 16-56 Options for the acfsutil sec init command
Option | Description |
---|---|
|
Specifies the first security administrator user name. The user specified must be an existing operating system (OS) user and a member of the operating system group specified by the On Windows, the security administrator user name must be specified with a fully qualified user name in the form of |
|
Specifies the name of the security group for the administrator. The group specified must be an existing operating system (OS) group. On Windows, the group name must be specified with a fully qualified domain group name in the form of |
The acfsutil
sec
init
command creates the storage necessary for security credentials and identifies an operating system user as the first security administrator. The command also identifies the operating system group that is the designated security group. All users that are security administrators must be members of the designated security group. Security administrators are common for all Oracle ACFS file systems.
If you are setting up an OS user and OS group, refer to your operating system-specific (OS) documentation for information.
The acfsutil
sec
init
command is run once to set up Oracle ACFS security for each cluster and can be run from any node in the cluster. Other security commands can also be run from any node in a cluster.
Only the root user or Windows Administrator
user can run this command. The user specifies a password for the security administrator. The security administrator password must conform to the following format:
The maximum number of characters is 20.
The minimum number of characters is 8.
The password must contain at least one digit.
The password must contain at least one letter.
The new security administrator can change the password with the acfsutil
sec
admin
password
command. For information, refer to "acfsutil sec admin password".
Security administrators are allowed to browse all directories in an Oracle ACFS file system whether they have the underlying operating system permissions and whether any realm checks allow it. This exception enables a security administrator to check the location of the files when securing them with Oracle ACFS security realms. However, a security administrator cannot view the contents of individual files without the appropriate operating system and security realm permissions.
Examples
The following example shows the use of the acfsutil
sec
init
command.