Handling Of Setuid Programs And Device Files In Dfs; Setuid Script - HP j6750 Supplementary Manual
Enterprise file system, planning and configuring hp dce/9000 enhanced dfs version 3.0
Hide thumbs
Also See for j6750:
- Reference manual (486 pages) ,
- Administration manual (171 pages) ,
- User reference (84 pages)
Table of Contents
Advertisement
Installing and Configuring Enhanced DFS 3.0
Handling of setuid Programs and Device Files in DFS
Handling of setuid Programs and Device Files in DFS
By default, the DFS Cache Manager (that is, the DFS client) does not allow a
setuid program to change the effective uid or gid of the process executing it.
The cm setsetuid command directs the DFS to permit a setuid program to
change the effective uid or gid. cm setsetuid takes a file name or directory
name as an argument, but DFS applies the setuid control to the whole fileset
containing the specified file or directory.
The cm setsetuid command must be executed on the DFS client node by
root; it is normally done as part of node start-up. The shell script below
suggests a method to do this.
Also by default, the DFS Cache Manager does not honor device files stored
in filesets in the global name space.
The cm setdevok and cm getdevok commands control and check this
feature. They must be executed on the DFS client node by root. The code
below can be used to manage this feature as well as the setuid feature
described above.
To use this method to control DFS handling of setuid programs and device
files, run the following script as root after DFS has started. If you also want
to control device files, run a similar script substituting items as follows:
For This
dfs_setuid.conf
setsetuid
setuid Script
#!/bin/ksh
# # Program name: program_name
# Purpose:to set setuid states for filesets in DFS
# Config files:
# /:/common/etc/dfs_setuid.conf
# /etc/dfs_setuid.conf
36
Substitute This:
dfs_devok.conf
setdevok
- Quick Links:
- Features
Hide quick links:
Advertisement
Table of Contents
