DFS supports enhanced administration and security by making DCE ACLs available with objects in DCE LFS filesets and by using administrative lists with DFS server processes. In addition, you can place groups of users on ACLs or administrative lists to extend the same permissions or privileges to multiple users simultaneously. Because each server process on a server machine has its own administrative list, a fine granularity of control with respect to server process administration is possible.
In DFS, you can also enable or disable the honoring of setuid and setgid programs on a per-fileset and per-Cache Manager basis. Thus, you can direct a specific Cache Manager to enable setuid and setgid programs located in a specific fileset (such as one that stores system binary files).
DFS allows you to set the RPC authentication levels for Cache Manager to File Server communications. These levels can be set individually for each Cache Manager and File Server. In addition, you can also set advisory RPC authentication bounds on a per-fileset basis. Although not currently enforced, the advisory bounds serve to bias the Cache Managers selection of an initial RPC authentication level.