Specifying surrogates for mapped users (UNIX™, Linux™)
Specify operating system (OS) user names, user IDs, group names, and group IDs in the allowed.surrogates file to control which OS users and groups can act as surrogates for mapped users.
Procedure
- Create a file named allowed.surrogates in
the /etc/informix directory.The allowed.surrogates file must be owned by root instead of informix. The file must not have execute permissions and only the file owner can have write permission.
- In the allowed.surrogates file, enter
the OS user names, user IDs, OS group names, group IDs, ranges of
user IDs, and ranges of group IDs that you want to allow as surrogates.
The group and user labels are case-insensitive, and can be pluralized. Entries are separated by commas. Ranges of user IDs and group IDs are inclusive, with the upper and lower ranges separated by two periods. You must specify both an upper and lower limit for ranges. Comment lines begin with
#
and are ignored. Blank lines are also ignored.If the allowed.surrogates file is formatted incorrectly, then user mapping is disabled and an error is logged in the online log file. If a user name or group name cannot be identified, the name is logged in the online log file and otherwise ignored, and the cache is cleared.
Example
#Surrogate IDs
USERS:user1,40,45..50
GROUP:10