version 1.1.4.2, 2007/03/23 21:53:41
|
version 1.4, 2008/12/02 08:59:54
|
|
|
|
//%LICENSE//////////////////////////////////////////////////////////////// |
|
// |
|
// Licensed to The Open Group (TOG) under one or more contributor license |
|
// agreements. Refer to the OpenPegasusNOTICE.txt file distributed with |
|
// this work for additional information regarding copyright ownership. |
|
// Each contributor licenses this file to you under the OpenPegasus Open |
|
// Source License; you may not use this file except in compliance with the |
|
// License. |
|
// |
|
// Permission is hereby granted, free of charge, to any person obtaining a |
|
// copy of this software and associated documentation files (the "Software"), |
|
// to deal in the Software without restriction, including without limitation |
|
// the rights to use, copy, modify, merge, publish, distribute, sublicense, |
|
// and/or sell copies of the Software, and to permit persons to whom the |
|
// Software is furnished to do so, subject to the following conditions: |
|
// |
|
// The above copyright notice and this permission notice shall be included |
|
// in all copies or substantial portions of the Software. |
|
// |
|
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS |
|
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
|
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. |
|
// IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY |
|
// CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, |
|
// TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE |
|
// SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. |
|
// |
|
////////////////////////////////////////////////////////////////////////// |
|
|
Using Pegasus Privilege Separation Functionality | Using Pegasus Privilege Separation Functionality |
| |
Privilege separation was added to Pegasus starting with Pegasus 2.7. This | Privilege separation was added to Pegasus starting with Pegasus 2.7. This |
|
|
| |
The privilege separation functionality is documented in PEP 286. | The privilege separation functionality is documented in PEP 286. |
| |
cimserver is the executor program (see src/Executor) |
cimserver is the executor program (see src/Executor). |
cimservermain is the server program (see src/Server and src/Pegasus/ExecutorClient) |
cimservermain is the server program (see src/Server and |
|
src/Pegasus/Common/Executor.h). |
| |
Privilege separation is build-time optional functionality. To enable privilege | Privilege separation is build-time optional functionality. To enable privilege |
separation, define the following environment variable before compiling. | separation, define the following environment variable before compiling. |
|
|
it was started and all privelege separation functionality is disabled. | it was started and all privelege separation functionality is disabled. |
| |
The nonprivileged user for privilege separation is the user under which the | The nonprivileged user for privilege separation is the user under which the |
cimservermain component executes. |
cimservermain component executes. The name of this user is specified by the |
|
PEGASUS_CIMSERVERMAIN_USER macro, whose default value is defined in |
Upon startup the cimserver uses the config parameter "serverUser" to determine |
Constants.h. The specified user MUST exist or cimserver will terminate |
this user name. |
immediately. |
|
|
This user name is defined as follows: |
|
|
|
1. optional serverUser=<user name> on the cimserver commandline |
|
2. optional value of serverUser config parameter |
|
3. default of "pegasus" if the the config parameter is not found in the |
|
commandline or planned config file. |
|
|
|
The defined user MUST exist or cimserver will terminate immediatly. |
|
|
|
12/30/2006 |
|
|
|
|
|
| |
|
4/27/2007 |