posix enforcement plugin

Main Page Modules Data Structures File List Data Fields Globals Related Pages

posix enforcement plugin

SYNOPSIS

lcmaps_posix_enf.mod [-maxuid|-MAXUID <number of uids>] [-maxpgid|-MAXPGID <number of primary gids>] [-maxsgid|-MAXSGID <number of secondary gids>]

The Posix Enforcement plugin will enforce (apply) the gathered credentials that are stacked in the datastructure of the Plugin Manager. The plugin will get the credential information that is gathered by one or more Acquisition plugins. This implies that at least one Acquisition should have been run prior to this Enforcement. All of the gathered information will be checked by looking into the 'passwd' file of the system. These files have information about all registered system account and its user groups.

The Posix Enforcent plugin does not validate the secondary GIDs. It does check the existance of the GID and the UID. They must exist although it is not needed that the GID and UID are a pair of each other.

The (BSD/POSIX) functions setreuid(), setregid() and setgroups() are used to change the privileges of the process from root to that of a local user.

OPTIONS

-MAXUID <number of uids>

See -maxuid

-maxuid <number of uids>

In principle, this will set the maximum number of allowed UIDs that this plugin will handle, but at the moment only the first UID found will be enforced; the others will discarded. By setting the value to a maximum there will be a failure raised when the amount of UIDs exceed the set maximum. Without this value the plugin will continue and will enforce only the first found value in the credential data structure.

LCMAPS_MOD_SUCCESS : Success
LCMAPS_MOD_FAIL : Failure

ERRORS

See bugzilla for known errors (http://marianne.in2p3.fr/datagrid/bugzilla/)