Manualshelf

Managing HP Serviceguard for Linux Ninth Edition, April 2009

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS ProLiant Cluster
171172173174175176177178179180
NOTE: For more information and advice, see the white paper Securing Serviceguard
at http://docs.hp.com -> High Availability -> Serviceguard ->
White Papers.
Define access-control policies for a cluster in the cluster configuration file; see “Cluster
Configuration Parameters ” (page 100). To define access control for a specific package,
use user_host (page 212) and related parameters in the package configuration file. You
can define up to 200 access policies for each cluster. A root user can create or modify
access control policies while the cluster is running.
NOTE: Once nodes are configured into a cluster, the access-control policies you set
in the cluster and package configuration files govern cluster-wide security; changes to
the “bootstrap” cmclnodelist file are ignored (see Allowing Root Access to an
Unconfigured Node” (page 149)).
Access control policies are defined by three parameters in the configuration file:
Each USER_NAME can consist either of the literal ANY_USER, or a maximum of
8 login names from the /etc/passwd file on USER_HOST. The names must be
separated by spaces or tabs, for example:
# Policy 1:
USER_NAME john fred patrick
USER_HOST bit
USER_ROLE PACKAGE_ADMIN
USER_HOST is the node where USER_NAME will issue Serviceguard commands.
NOTE: The commands must be issued on USER_HOST but can take effect on
other nodes; for example patrick can use bits command line to start a package
on gryf (assuming bit and gryf are in the same cluster).
Choose one of these three values for USER_HOST:
ANY_SERVICEGUARD_NODE - any node on which Serviceguard is configured,
and which is on a subnet with which nodes in this cluster can communicate
(as reported bycmquerycl -w full).
Configuring the Cluster 179