Chapter 3 System Preparation
HPSS Installation Guide September 2002 187
Release 4.5, Revision 2
Security Manager, or if none of these policy files exists, the default policy is the original Java
sandbox policy, which is rather liberal.
Anysystem access is further limited by whatever protections the local operating system supplies.
So, for example, if the policy file allows access to file "foo", but the file system permissions do not
permit access to "foo" by the user executing hpssadm, then the user cannot access the file.
The SSM Data Server and thehpssadm utility have been written to be executed under a Security
Manager so that we may impose further restrictions than the sandbox, particularly the ability to
restrict accesses to a specified set of network addresses. The Security Manager is set up inside the
DataServer and hpssadm code. The HPSS administrator controls the privileges granted to the code
by means of the policy files.
Thenames of the policy files are specified in the system security properties file, $JAVA_HOME/lib/
security/java.security. By default, a system wide policy file$JAVA_HOME/lib/security/
java.policy is checked first, and then the file ".java.policy" in the user's home directory. Alternate
policy files can be specified for an application at runtime. The Data Server andhpssadm utility
expect an alternate policy file at runtime. By default, these files are
/var/hpss/ssm/java.policy.ds
/var/hpss/ssm/java.policy.hpssadm
on the machine where the Data Server orhpssadm utility is executing, respectively. These file
names can be changed in thehpss_env file by setting the HPSS_SSMDS_JAVA_POLICY and
HPSS_HPSSADM_JAVA_POLICY variables as desired. See the filesconfig/templates/
java.policy.ds.template andconfig/template/java.policy.hpssadm.template for sample policy
files. These files should be copied to the/var/hpss/ssm area on the appropriate machines and
customized as desired for your site.
Theminimum privileges which must be granted to the Data Server are those to allow it to load its
nativelibrary, to read its configuration file, and to communicate across the network with hpssadm
clients.The hpssadm client must have privileges to read the user's keytab file and to communicate
across the network with the Data Server:
1. Native library access requiresRuntimePermission loadLibrary. The name of the Data
Server'snative library is libssmds.a (libssmds.so on Solaris), so the entry for the policy file
is:
grant {
permission java.lang.RuntimePermission "loadLibrary.ssmds";
};
Additionally, although we can find no reference to it in any of the Java documentation,
the interpretation of this library name requires read permission on thejava.execsuffix
property. This policy file entry is:
grant {
permission java.util.PropertyPermission "java.execsuffix",
"read";
};
Thesetwo entries are necessary only in the Data Server policy file. They are not needed in
thehpssadm policy file.