Manualshelf

HP Serviceguard for Linux Version A.11.16 Release Notes, Third Edition, August 2006

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS ProLiant Cluster
12345678910
Serviceguard for Linux Version A.11.16 Release Notes
What’s New in A.11.16
Chapter 18
Access Control Policy
Non-root access to Serviceguard is now defined in the cluster and package
configuration files, in a parameter called Access Control Policy.
You can have up to 200 policies in a cluster. Policies can be added,
modified, or deleted from the configuration without halting the cluster or
the package. Conflicting or redundant policies will cause an error at
cmapplyconf, and the configuration change will fail.
If a Serviceguard A.11.16 configuration has been applied to a node,
Serviceguard will no longer look at the .rhosts or cmclnodelist files.
Instead, it will check for Access Control Policies in the cluster and
package configuration files.
NOTE Once a cluster configuration file exists, all non-root users must be listed in
an access policy in that file or in a package configuration file.
NOTE Root user on a node is always allowed access, but all other users must be
listed in at least one Access Control Policy.
Each policy has three parts:
1. USER_NAME - This can be any user that is defined in the USER_HOST’s
/etc/passwd file.
2. USER_HOST - This is the node where the user will log in to issue
commands (not necessarily the node where the commands take effect).
3. USER_ROLE - This is the role, or capabilities granted to the user:
Monitor: The user can view the cluster objects (read-only). It is
defined in the cluster configuration file. On the command line, users
can issue cmviewcl, cmgetconf, cmviewconf, and cmquerycl. In the
graphical user interface, this user can see information about the
Serviceguard cluster on the map and tree, and in the Properties.