To include
To enable and disable privileged operations (e.g. delete a package) in the returned web page.
To apply
The
Authorization
Smhrun
To service a request from a client, SgmgrPI needs to retrieve, modify, and/or store data pertaining to the managed cluster. It does so by calling one or more standard Serviceguard commands (e.g. cmviewcl, cmapplyconf, cmgetconf etc.), or shell scripts supplied by SgmgrPI, on behalf of the authenticated user. To execute these commands using the identity that has been authenticated by SMH and PAM in the login process, SgmgrPI uses the SMH's command, smhrun. This command is designed as the unified mechanism shared by all SMH
To execute a Serviceguard command or SgmgrPI script, SgmgrPI spawns a process (see path 4 or figure 1) and executes the smhrun command with the user identity, the name of the command or script, and a set of command parameters. The child process is owned by the user hpsmh, and command output is read directly into SgmgrPI process memory. Note that smhrun will only run the commands which have been configured into its secure database; this provides an additional level of protection against executing arbitrary commands.
Some Serviceguard commands require communication between other Serviceguard nodes (see path 5 in figure 1). This communication path is protected by Serviceguard and the details of its operation are beyond the scope of this white paper. See the document "Securing Serviceguard", listed in the Related Documents section, for details.
Access Control Policy
The user identity established by PAM is referenced by SMH and SgmgrPI. SMH uses this identity to control access to system management functions. SgmgrPI uses the identity to control access to the
SMH categorizes all users into one of three roles, Admin, Operator, and User. Table 1 below summarizes how SMH users/roles are mapped by SgmgrPI to Serviceguard roles: