1 kumpf 1.2 //%2006////////////////////////////////////////////////////////////////////////
 2           //
 3           // Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
 4           // Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
 5           // Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
 6           // IBM Corp.; EMC Corporation, The Open Group.
 7           // Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
 8           // IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
 9           // Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
10           // EMC Corporation; VERITAS Software Corporation; The Open Group.
11           // Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
12           // EMC Corporation; Symantec Corporation; The Open Group.
13           //
14           // Permission is hereby granted, free of charge, to any person obtaining a copy
15           // of this software and associated documentation files (the "Software"), to
16           // deal in the Software without restriction, including without limitation the
17           // rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
18           // sell copies of the Software, and to permit persons to whom the Software is
19           // furnished to do so, subject to the following conditions:
20           // 
21           // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
22 kumpf 1.2 // ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
23           // "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
24           // LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
25           // PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
26           // HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
27           // ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28           // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
29           //
30           //==============================================================================
31           
32           Using Pegasus Privilege Separation Functionality
33           
34           Privilege separation was added to Pegasus starting with Pegasus 2.7.  This
35           is a security feature. It allows separation of the functionality so that
36           only a minimal set of code runs as a privileged user (ex. root) in a
37           separate process (the executor).  The majority of pegasus runs as a
38           nonprivileged user (the cim server).  The CIM Server makes requests on the
39           executor for functions that require root privilege.
40           
41           The privilege separation functionality is documented in PEP 286.
42           
43 kumpf 1.2 cimserver is the executor program (see src/Executor).
44           cimservermain is the server program (see src/Server and
45           src/Pegasus/Common/Executor.h).
46           
47           Privilege separation is build-time optional functionality. To enable privilege
48           separation, define the following environment variable before compiling.
49           
50               PEGASUS_ENABLE_PRIVILEGE_SEPARATION=true
51           
52           If this build variable is not set, the cimserver runs as the user under which
53           it was started and all privelege separation functionality is disabled.
54           
55           The nonprivileged user for privilege separation is the user under which the
56           cimservermain component executes.  The name of this user is specified by the
57           PEGASUS_CIMSERVERMAIN_USER macro, whose default value is defined in
58           Constants.h.  The specified user MUST exist or cimserver will terminate
59           immediately.
60           
61           4/27/2007