The issue with keeping the grants in AUTOLOG1 or in SYSTEM CONFIG is that you have to either continually modify those files every time you create a new Linux image, or you have to keep a separate list of Linux images somewhere for AUTOLOG1 to read (though you probably have to anyway).
Putting the commands in the CP Directory entry just gives you one less worry about where to check if something has been done or not. It also covers you for the initial creation of the image, where AUTOLOG1 will not be run, so that you don't have to worry about granting the image by hand the first time. Is there anyone out there that actually gains security from CP users not being granted onto their vSwitches? How many people would like to be able to define a vSwitch as "open to the public" or not requiring a grant to be accessed? -- Robert P. Nix Mayo Foundation .~. RO-OC-1-18 200 First Street SW /V\ 507-284-0844 Rochester, MN 55905 /( )\ ----- ^^-^^ "In theory, theory and practice are the same, but in practice, theory and practice are different." On 12/7/10 9:25 PM, "Lee Stewart" <lstewart.dsgr...@attglobal.net> wrote: > It seems to me... > > Rather than putting a Vswitch Grant for each Linux guest somewhere like > AUTOLOG1's PROFILE EXEC, I thought I'd try putting a > CMD SET VSWITCH VSW1 GRANT &USERID > in the directory profile for the Linux guests... > > Alas, it seems that the GRANT isn't processed till after the NIC / LAN > connection is attempted. I thought I understood that CMDs in the > directory entry were processed before the user was logged on... > > Did I misunderstand or??? > > Thanks, > Lee