Manualshelf

Managing HP Serviceguard for Linux, Eighth Edition, March 2008

ManualsBrandsHP ManualsSoftwareHP SAP Linux Serviceguard Cluster Extension
181182183184185186187188189190
Building an HA Cluster Configuration
Configuring the Cluster
Chapter 5184
Setting up Access-Control Policies
The root user on each cluster node is automatically granted the
Serviceguard root access role on all nodes. (See “Configuring Root-Level
Access” on page 144 for more information.) Access-control policies define
non-root roles for other cluster users.
NOTE For more information and advice, see the white paper Securing
Serviceguard at http://docs.hp.com -> High Availability ->
Serviceguard -> White Papers.
Define access-control policies for a cluster in the cluster configuration file
(see “Cluster Configuration Parameters” starting on page 110), and for a
specific package in the package configuration file (see page 227). You can
define up to 200 access policies for each cluster. A root user can create or
modify access control policies while the cluster is running.
NOTE Once nodes are configured into a cluster, the access-control policies you
set in the cluster and package configuration files govern cluster-wide
security; changes to the “bootstrap” cmclnodelist file are ignored (see
Allowing Root Access to an Unconfigured Node” on page 144).
Access control policies are defined by three parameters in the
configuration file:
•Each USER_NAME can consist either of the literal ANY_USER, or a
maximum of 8 login names from the /etc/passwd file on USER_HOST.
The names must be separated by spaces or tabs, for example:
# Policy 1:
USER_NAME john fred patrick
USER_HOST bit
USER_ROLE PACKAGE_ADMIN