SYNOPSIS
lcmaps_posix_enf.mod [-maxuid|-MAXUID <number of uids>] [-maxpgid|-MAXPGID <number of primary gids>] [-maxsgid|-MAXSGID <number of secundary gids>]
The Posix Enforcement plugin will enforce or apply the gathered credentials that are stashed in the datastructure of the Plugin Manager. The plugin will get the credential information that is gathered by one or more Acquisition plugins. As this indicates there has the a Acquisition plugin already runned prior to this Enforcement. All of the gathered information will be checked by looking into the 'passwd' file of the system. These files have information about all registered system account and it's user groups.
The Posix Enforcent plugin does not validate the secundary GIDs. It does check the existance of the GID and the UID. They must exist although it is not needed that the GID and UID are a pair of each other.
With the usage of setuid, setgid and setgroups will the process be changes of it's ownership by root. The new owner will be the user by his credentials gathered aan system account.
OPTIONS
-MAXUID <number of uids>
See -maxuid
-maxuid <number of uids>
This will set the maximum allowed UIDs that this plugin will handle. On this moment there can never be more than one or less than one UID. In the final part of the code where the setuid() is given there will only be made use of the first UID. Al the others will never be touched untill the code is changed by a developer. By setting the value to a maximum there will be a failure raised when the amount of UIDs exceed the set maximum. Without this value the plugin will continue and will enforce only the first found value in the credential data structure.
-MAXPGID <number of primary gids>
See -maxpgid
-maxpgid <number of primary gids>
This will set the maximum allowed Primary GIDs that this plugin will handle. On this moment there can never be more than one or less than one Primary GIDs. In the final part of the code where the setgid() is given there will only be made use of the first Primary GID. Al the others will never be touched untill the code is changed by a developer. By setting the value to a maximum there will be a failure raised when the amount of Primary GIDs exceed the set maximum. Without this value the plugin will continue and will enforce only the first found value in the credential data structure.
-MAXSGID <number of secundary gids>
See -maxsgid
-maxsgid <number of secundary gids>
This will set the maximum allowed Secundary GIDs that this plugin will handle. On this moment the limit of the amount of Secundary GIDs is set in the system variable NGROUPS. This variable is usually 32. If NGROUPS is not set by the system, the limit will be set to 32 Secundary GIDs. In the final part of the code there is a setgroups() called. That function will apply all the gathered secundary groups availeble.
SEE ALSO
lcmaps_ldap_enf.mod, lcmaps_localaccount.mod, lcmaps_poolaccount.mod, lcmaps_voms.mod
1.2.8.1 written by Dimitri van Heesch,
© 1997-2001