User records specify PRM users and the groups they can access.
Use the following syntax when specifying a user record:
USER::::INITIALGROUP[,ALTERNATEGROUP[, ...]]
where |
|
USER | Is one of the following: |
| • A user’s login name |
| This name must correspond to the user’s name in password files that |
| can be accessed by the C function getpwnam, such as /etc/passwd. |
| If you assign processes that would typically run in PRM_SYS to another |
| group, be sure that group has sufficient resources. (For example, if |
| you are using memory records, be sure the group gets enough |
| memory.) Take particular care when creating user records for root as |
| such records will move essential system processes, such as inetd. |
| • +netgroup_name |
| netgroup_name must correspond to a list of login names in |
| /etc/netgroup. When a configuration is loaded, any user in |
| netgroup_name who does not have an explicit user record assumes |
| the INITIALGROUP and any ALTERNATEGROUPs of this record. |
| If a user who does not have an explicit user record is in multiple |
| netgroups, each with its own user record, the INITIALGROUP of the |
| first matching record (based on an ASCII dictionary sort) becomes the |
| user’s initial PRM group. All other groups become alternate groups. |
| If a user has an explicit user record and is in one or more netgroups |
| that have user records, the explicit record takes precedence. |
| PRM ignores any line in /etc/netgroup that has an empty user field. |
| NOTE: PRM only checks netgroup definitions when a configuration |
| is loaded. If you change your netgroup definitions, reload your |
| configuration so PRM is aware of the new definitions. |
| For an example of how netgroups affect PRM group assignments, see |
| “Displaying netgroup expansions ” (page 90). |
INITIALGROUP | Is the name of the initial PRM group for the user or netgroup. This is the |
| group the login program chooses when launching the user’s login shell. |
| Also, it is the group that cron chooses when scheduling jobs for the user. |
ALTERNATEGROUP Is the name of one of the alternate PRM groups for the user or netgroup. Alternate groups are groups other than the initial group that the user or netgroup members are allowed to run processes in. The user or netgroup members can start a process in an alternate group using prmrun or can move an existing process to an alternate group using prmmove.Alternate groups are not meaningful for root users because they have access to all PRM groups.
72 Configuring and enabling PRM on the command line
