pegasus/readme.privsep - diff

Return to readme.privsep CVS log

Up to [Pegasus] / pegasus

Diff for /pegasus/readme.privsep between version 1.1.2.3 and 1.2

version 1.1.2.3, 2006/12/30 20:17:54

version 1.2, 2007/05/25 18:35:07

Line 1

//%2006////////////////////////////////////////////////////////////////////////

// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.

// IBM Corp.; EMC Corporation, The Open Group.

// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; VERITAS Software Corporation; The Open Group.

// EMC Corporation; Symantec Corporation; The Open Group.

// Permission is hereby granted, free of charge, to any person obtaining a copy

// of this software and associated documentation files (the "Software"), to

// deal in the Software without restriction, including without limitation the

// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or

// sell copies of the Software, and to permit persons to whom the Software is

// furnished to do so, subject to the following conditions:

// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN

// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED

// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT

// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR

// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT

// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN

// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION

// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

//==============================================================================

Using Pegasus Privilege Separation Functionality

Privilege separation was added to Pegasus starting with Pegasus 2.7. This

Line 9

Line 40

The privilege separation functionality is documented in PEP 286.

cimserver is the executor program (see src/Executor)

cimserver is the executor program (see src/Executor).

cimservermain is the server program (see src/Server and src/Pegasus/ExecutorClient)

cimservermain is the server program (see src/Server and

src/Pegasus/Common/Executor.h).

Privilege separation is build-time optional functionality. To enable privilege

separation, define the following environment variable before compiling.

Line 21

Line 53

it was started and all privelege separation functionality is disabled.

The nonprivileged user for privilege separation is the user under which the

cimservermain component executes.

cimservermain component executes. The name of this user is specified by the

PEGASUS_CIMSERVERMAIN_USER macro, whose default value is defined in

Upon startup the cimserver uses the config parameter "serverUser" to determine

Constants.h. The specified user MUST exist or cimserver will terminate

this user name.

immediately.

This user name is defined as follows:

1. optional serverUser=<user name> on the cimserver commandline

2. optional value of serverUser config parameter

3. default of "pegasus" if the the config parameter is not found in the

commandline or planned config file.

The defined user MUST exist or cimserver will terminate immediatly.

12/30/2006

4/27/2007

Legend:

Removed from v.1.1.2.3
changed lines
	Added in v.1.2

No CVS admin address has been configured