UNIX, Linux, and Mac OS X Client Agent Configuration
Chapter 3: Adding and Configuring the Client Agents 51
Example: Access the System with IP Addresses
An access control list can determine whether specific IP addresses can access the
system. For example, a part of the agent.cfg file is shown in the following
sample. You must make similar changes for other client agent sections of the file
if you want to apply ACLs to those client agents too.
[0]
NAME ABagentux
VERSION nn.n.n
HOME /opt/CA/ABuagent
NOPASSWORD
ALLOW N:172.16.0.0(255.255.255.0) H:172.31.255.255
DENY N:192.168.0.0(255.255.255.0) H:192.168.255.255
NOPASSWORD enables the Single User mode, and ALLOW and DENY specify
whether a particular network or IP address is allowed to access the system. N
denotes a network address and H denotes a host’s IP address.
Note:
An optional subnet mask can follow a network address; subnet masks are
shown in parentheses.
For UNIX, Linux, and Mac OS X client agents, the specific type of ACL can be
specified in uag.cfg, or you can specify them using the -S, -NOPASSWORD,
-CAUSER, -ALLOW, and -DENY options. For more information about these
options, see the section Configurable Options.
You can apply both types of ACLs concurrently. In each case, DENY takes
precedence over ALLOW. In the Single User mode, all operations on the client
agent are performed with superuser privileges. The caagentd.log contains
information about the users, IP addresses, and network addresses denied during
Single User mode.
Backup and Restore Access Control List Support for UNIX and Linux
CA ARCserve Backup Client Agent for UNIX, CA ARCserve Backup Client Agent
for Linux, and CA ARCserve Backup Client Agent for Mainframe Linux back up
and restore the access control list (ACL) for files and directories on a Linux
system that have been backed up using the Linux client agent. The extended
attributes for Linux are also backed up. ACL gives administrators finer control
over files and directory access. The Linux client agent can read and set the ACL
for each file and directory.