1 kumpf 1.1.4.2 Using Pegasus Privilege Separation Functionality
2
3 Privilege separation was added to Pegasus starting with Pegasus 2.7. This
4 is a security feature. It allows separation of the functionality so that
5 only a minimal set of code runs as a privileged user (ex. root) in a
6 separate process (the executor). The majority of pegasus runs as a
7 nonprivileged user (the cim server). The CIM Server makes requests on the
8 executor for functions that require root privilege.
9
10 The privilege separation functionality is documented in PEP 286.
11
12 cimserver is the executor program (see src/Executor)
13 cimservermain is the server program (see src/Server and src/Pegasus/ExecutorClient)
14
15 Privilege separation is build-time optional functionality. To enable privilege
16 separation, define the following environment variable before compiling.
17
18 PEGASUS_ENABLE_PRIVILEGE_SEPARATION=true
19
20 If this build variable is not set, the cimserver runs as the user under which
21 it was started and all privelege separation functionality is disabled.
22 kumpf 1.1.4.2
23 The nonprivileged user for privilege separation is the user under which the
24 cimservermain component executes.
25
26 Upon startup the cimserver uses the config parameter "serverUser" to determine
27 this user name.
28
29 This user name is defined as follows:
30
31 1. optional serverUser=<user name> on the cimserver commandline
32 2. optional value of serverUser config parameter
33 3. default of "pegasus" if the the config parameter is not found in the
34 commandline or planned config file.
35
36 The defined user MUST exist or cimserver will terminate immediatly.
37
38 12/30/2006
39
40
41
|