(file) Return to cimserver_policy.conf CVS log (file) (dir) Up to [Pegasus] / pegasus / src / Server
File: [Pegasus] / pegasus / src / Server / Attic / cimserver_policy.conf (download)
Revision: 1.1.2.4, Wed Jan 17 18:48:55 2007 UTC (17 years, 5 months ago) by mike
Branch: PEP286_PRIVILEGE_SEPARATION_BRANCH
CVS Tags: PEP286_PRIVILEGE_SEPARATION_CODE_FREEZE
Changes since 1.1.2.3: +6 -1 lines 
PEP#: 286
TITLE: Privilege Separation

DESCRIPTION: Ongoing privilege separation work.

################################################################################
##
## CIM Server Policy Configuration File
## ====================================
##
## This file defines policy rules that restrict the execution of out-of-process
## provider modules (only applicable when the privilege separation feature is 
## enabled). Each line defines a single rule and has the following format.
##
##     MODULENAME:USERNAME
##
## MODULENAME is the name of a provider module (derived from the
## PG_ProviderModule.Name property of some instance).
##
## USERNAME is one of the following.
##
##     1. The name of a valid system user, indicating that the provider module
##        may run as that user. This field is derived from the
##        PG_ProviderModule.DesignatedUserContext of some instance.
##
##     2. The string "${requestorUser}", indicating that the provider module 
##        may run as the requesting client.
##
##     3. The string "${privilegedUser}", indicating that the provider module
##        may run as the privileged system user ("root" on Unix and Linux).
##
##     4. The string "${cimserverUser}", indicating that the provider module
##        may run as the same user as the CIM server.
##
## The value of USERNAME is determined by two properties set during provider 
## registration.
##
##     PG_ProviderModule.UserContext
##     PG_ProviderModule.DesignatedUserContext
##
## The table below shows how the policy rules (column 3) are derived from 
## these two fields (columns 1 and 2). These examples assume a provider 
#  module named "Fan" and a user named "jwilliams".
##
##     +----------------+-----------------------+-----------------------+
##     |  UserContext   | DesignatedUserContext | MODULENAME:USERNAME   |
##     +----------------+-----------------------+-----------------------+
##     | 2 (DESIGNATED) | jwilliams             | Fan:jwilliams         |
##     +----------------+-----------------------+-----------------------+
##     | 3 (REQUESTOR)  | NULL                  | Fan:${requestorUser}  |
##     +----------------+-----------------------+-----------------------+
##     | 4 (PRIVILEGED) | NULL                  | Fan:${privilegedUser} |
##     +----------------+-----------------------+-----------------------+
##     | 5 (CIMSERVER)  | NULL                  | Fan:${cimserverUser}  |
##     +----------------+-----------------------+-----------------------+
##
## Either the modulename or the username field may contain an asterisk,
## indicating that there is no restriction on that field.
##
## The most permissive policy configuration file would contain the
## following rule:
##
##     *:*
##
## This rule permits ANY provider module to run as ANY user.
##
## For obvious reasons, this file should only be writable by the
## administrator.
##
################################################################################
ProcessModule:${privilegedUser}
ProcessorProviderModule:${privilegedUser}
IPProviderModule:${privilegedUser}
ComputerSystemModule:${privilegedUser}
OperatingSystemModule:${privilegedUser}
OOPModuleFailureTestProviderModule:${requestorUser}
No CVS admin address has been configured
 Powered by
ViewCVS 0.9.2