36
Installing and Configuring Enhanced DFS 3.0
Handling of setuid Programs and Device Files in DFS
Handling of setuid Programs and Device Files in DFS
By default, the DFS Cache Manager (that is, the DFS client) does not allow a
setuid program to change the effective uid or gid of the process executing it.
The cm setsetuid command directs the DFS to permit a setuid program to
change the effective uid or gid. cm setsetuid takes a file name or directory
name as an argument, but DFS applies the setuid control to the whole fileset
containing the specified file or directory.
The cm setsetuid command must be executed on the DFS client node by
root; it is normally done as part of node start-up. The shell script below
suggests a method to do this.
Also by default, the DFS Cache Manager does not honor device files stored
in filesets in the global name space.
The cm setdevok and cm getdevok commands control and check this
feature. They must be executed on the DFS client node by root. The code
below can be used to manage this feature as well as the setuid feature
described above.
To use this method to control DFS handling of setuid programs and device
files, run the following script as root after DFS has started. If you also want
to control device files, run a similar script substituting items as follows:
setuid Script
#!/bin/ksh
# # Program name: program_name
# Purpose:to set setuid states for filesets in DFS
# Config files:
# /:/common/etc/dfs_setuid.conf
# /etc/dfs_setuid.conf
For This Substitute This:
dfs_setuid.conf dfs_devok.conf
setsetuid setdevok
To Next Page
Loading...
