Purpose
Creates a security rule.
Syntax and Description
acfsutil sec rule create -h acfsutil sec rule create rule -m mount_point -t rule_type rule_value [-o {ALLOW|DENY}]
acfsutil
sec
rule
create
-h
displays help text and exits.
Table 16-69 contains the options available with the acfsutil
sec
rule
create
command.
Table 16-69 Options for the acfsutil sec rule create command
Option | Description |
---|---|
|
Specifies the name of the rule. If the name contains a space, enclose in quotes ( |
|
Specifies the directory where the file system is mounted. |
|
Specifies a rule type and a rule value. The rule type can be |
|
Specifies options preceded by |
The acfsutil
sec
rule
create
command creates a new rule in the Oracle ACFS file system specified by the mount point. The new rule can be added to a rule set and that rule set can be added to a security realm.
A maximum of 500 Oracle ACFS security rules can be created.
The rule types and associated rule values are:
application
This rule type specifies the name of an application which is allowed or denied access to the objects protected by a realm.
hostname
This rule type specifies the name of a computer from which a user accesses the objects protected by a realm. Access from a node can be allowed or denied using this rule. The hostname
should be one of the cluster node names and not any other external nodes which could have mounted the Oracle ACFS file system as a network File System (NFS) mount.
time
This rule type specifies the time interval in the form start_time
,end_time
. This time interval specifies access to a realm. Access can be allowed or denied to objects protected by a realm only during certain times of the day by setting this rule in a realm. The time is based on the local time of the host.
username
This rule type specifies the name of a user to be added or deleted from a realm. You can use this option to deny access for any user that belongs to a security group that is part of a realm.
Only a security administrator can run this command.
Examples
The following example shows the use of the acfsutil
sec
rule
create
command.