We have a network with several Windows development machines on it. UniData
is on one machine and our Web server is on another machine. Our UD
environment is set up so that only the administrator (me) has access to
everything. We have three additional groups:
developers
appusers
UniData
UniData has access to every directory where UniData is involved. In
addition, appusers have full access to their local account directories and
developers have access to the application directory. However, both appusers
and developers have only read and execute privileges to the application
software account. This way, they can use the software but can't modify it
at all (developers develop on a development account).
The problem I have is developers use UO connections to develop and when
something goes wrong they need to kill the connection. UD requires only
administrators have access to the "deleteuser" and "stopudt" commands.
Thus, if a developer has done something that is create ever-expanding log
(or como) files they need to be able to kill the connection. If I give them
administrator privileges they have access to the entire machine.
I tried to remove administrator privileges from our development account but
then I couldn't log into a development account within our development
directory. I tried to make numerous modifications to the permissions but
could do nothing unless administrator privileges were implemented to our
development environment, even though "developers" had full control of the
entire development directory and I was a member of the "developers" group.
Go figure...
Does anyone have a clue how I can give someone administrator access to
UniData commands but deny them write privileges to the source code in our
application directory?
Thanks,
Bill
-------
u2-users mailing list
u2-users@listserver.u2ug.org
To unsubscribe please visit http://listserver.u2ug.org/
