NOTE: The full path of the shell/interpreter used in the script must appear in either the file /etc/shells or the file /opt/prm/shells.

Because the full pathname is not required for the script, a rogue user can get access to PRM groups—that otherwise would not be accessible— by using the name of the script for new scripts or wrappers.

If the script is not regularly used or is under development, you can use prmrun or prmmove to place it in a PRM group. To have the script place itself in a PRM group, add the following line to the script:

prmmove -p $$group_name

Launching a Java program under PRM

To always run a Java program in a specific PRM group, use an application record. In this record, specify the full path of the Java binary as the application. Also, give the classname as an alternate name. (Specifically, the alternate name you specify should match the first argument to the Java binary that is not preceded by a dash ( - ) in the COMMAND column of the ps -efoutput.)

For example, consider a Java program run with classname TrainDemo. In this scenario, an application record might look like this:

Figure 11 Application record for a Java program

/opt/java1.4/bin/IA64N/java::::GroupA,TrainDemo

Full path of the Java binary being used, according to the ps -efoutput

Classname

Name of PRM group that Java program should run in

NOTE: The full path of the Java binary used must appear in either the file /etc/shells or the file /opt/prm/shells.

For more information on specifying Java programs in application records, see “Application record syntax” (page 65).

Specifying PRM users

You can add, modify, and remove users’ PRM group assignments as discussed in the following sections:

“Adding/modifying a user’s group assignment ” (page 73)

“Removing a user’s group assignment ” (page 74)

PRM integrates with NIS by allowing you to specify netgroups in user records. For more information on NIS, see the ypfiles(4) manpage.

NOTE: The processes of any nonroot user who does not have a user record are placed in the default user group OTHERS (PRMID 1). If this placement is acceptable for a given user, do not create a user record for that user name. If there is no user record for root, the record is automatically created, placing root processes in the group PRM_SYS (PRMID 0).

User record syntax

This section explains the syntax of user records.

Configuring PRM 71

Page 71
Image 71
HP Process Resource Manager (PRM) manual Specifying PRM users, Launching a Java program under PRM, User record syntax