Use this file to maintain policies that specify how message action restriction is enforced based on the submitting node and RUNID. It is located in the $CAIGLBL0000/opr/config/hostname directory. Root must own the file and only a UID of 0 can have write access to it.
This file is created when Event Management is installed. A prompt lets you decide whether you want to override the default setting that disables the message action restriction feature.
An individual entry in the actnode.prf file has the following format:
-n=nodename,runid,flag
Parameters
The node that initiates the COMMAND, UNIXCMD, or UNIXSH message action. can contain a trailing generic mask character.
RUNID to whom the rule applies. It can contain a trailing generic mask character.
Disable: the feature is active; disallow the message action submitted by RUNID from nodename.
Enable: allow the RUNID from nodename to submit the message action
Warn: check the rule but allow the message action submission to occur.
Examples
This rule is the default rule in effect if you do not activate message action restriction during installation:
-n=*,*,E
The rule states that for all nodes and all RUNIDs, COMMAND, UNIXCMD and UNIXSH message action submission is allowed.
This rule is the default rule in effect if you activate message action restriction during installation:
-n=*,*,D
The rule states that for all nodes and all RUNIDs, COMMAND, UNIXCMD and UNIXSH message action submission is disallowed.
This combination of rules only enforces a message action restriction on RUNID root and lets all other RUNIDs submit the message actions:
-n=*,*,E -n=*,root,D
This combination of rules lets all RUNIDs bypass message action restriction unless the request comes from the node mars:
-n=*,*,E -n=mars,*,D -n=*,root,W
In that case, message action restriction is enforced for all RUNIDs. The last entry sets a warning type restriction rule for RUNID root if it comes from a node other than mars.
Event Management scans the entire configuration file for a best match and uses that rule. It uses the node field as a high level qualifier when searching for a best match. For example:
-n=mars,*,D -n=*,root,W
If these are the only two entries in the file, any request coming from the node mars uses the disallow rule. The user root only uses the warning rule if the request comes from a node other than mars.
Copyright © 2014 CA Technologies.
All rights reserved.
|
|