version 1.1.2.3, 2006/12/30 20:17:54
|
version 1.2, 2007/05/25 18:35:07
|
|
|
|
//%2006//////////////////////////////////////////////////////////////////////// |
|
// |
|
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development |
|
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems. |
|
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
// IBM Corp.; EMC Corporation, The Open Group. |
|
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.; |
|
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; VERITAS Software Corporation; The Open Group. |
|
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.; |
|
// EMC Corporation; Symantec Corporation; The Open Group. |
|
// |
|
// Permission is hereby granted, free of charge, to any person obtaining a copy |
|
// of this software and associated documentation files (the "Software"), to |
|
// deal in the Software without restriction, including without limitation the |
|
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or |
|
// sell copies of the Software, and to permit persons to whom the Software is |
|
// furnished to do so, subject to the following conditions: |
|
// |
|
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN |
|
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED |
|
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT |
|
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR |
|
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
|
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
|
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION |
|
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// |
|
//============================================================================== |
|
|
Using Pegasus Privilege Separation Functionality | Using Pegasus Privilege Separation Functionality |
| |
Privilege separation was added to Pegasus starting with Pegasus 2.7. This | Privilege separation was added to Pegasus starting with Pegasus 2.7. This |
|
|
| |
The privilege separation functionality is documented in PEP 286. | The privilege separation functionality is documented in PEP 286. |
| |
cimserver is the executor program (see src/Executor) |
cimserver is the executor program (see src/Executor). |
cimservermain is the server program (see src/Server and src/Pegasus/ExecutorClient) |
cimservermain is the server program (see src/Server and |
|
src/Pegasus/Common/Executor.h). |
| |
Privilege separation is build-time optional functionality. To enable privilege | Privilege separation is build-time optional functionality. To enable privilege |
separation, define the following environment variable before compiling. | separation, define the following environment variable before compiling. |
|
|
it was started and all privelege separation functionality is disabled. | it was started and all privelege separation functionality is disabled. |
| |
The nonprivileged user for privilege separation is the user under which the | The nonprivileged user for privilege separation is the user under which the |
cimservermain component executes. |
cimservermain component executes. The name of this user is specified by the |
|
PEGASUS_CIMSERVERMAIN_USER macro, whose default value is defined in |
Upon startup the cimserver uses the config parameter "serverUser" to determine |
Constants.h. The specified user MUST exist or cimserver will terminate |
this user name. |
immediately. |
|
|
This user name is defined as follows: |
|
|
|
1. optional serverUser=<user name> on the cimserver commandline |
|
2. optional value of serverUser config parameter |
|
3. default of "pegasus" if the the config parameter is not found in the |
|
commandline or planned config file. |
|
|
|
The defined user MUST exist or cimserver will terminate immediatly. |
|
|
|
12/30/2006 |
|
|
|
|
|
| |
|
4/27/2007 |