*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->Tru64 Unix man pages -> evm.auth (4)              
Title
Content
Arch
Section
 

evm.auth(4)

Contents


NAME    [Toc]    [Back]

       evm.auth - EVM authorization file

SYNOPSIS    [Toc]    [Back]


       event_rights    {
               class  event_class
               post   rights_list
               access rights_list
               }

       service_rights  {
               service service_name
               execute rights_list
               }

DESCRIPTION    [Toc]    [Back]

       Authorization  is  control of the right to post, subscribe
       to, or retrieve an  EVM  event,  or  to  execute  services
       defined in the EVM daemon configuration file.

       The  evm.auth  file  is  a  text  file that controls event
       authorization. Any portion of a line from an unquoted number
  sign (#) to the end of line is a comment. Blank lines
       are ignored. The following authorization controls are recognized:
  The  rights specified apply to event posting and
       subscription.  Class  of  events  to  which  these  rights
       apply.  An  event_class  is a string of one or more components
 that match the same set of components  in  an  Event
       Name.  It  is used to identify a family of events for purposes
 such as authorization.  The  more  specific  classes
       (those with more components) override the rights indicated
       by the less specific (more generic) classes.  Users specified
 by the rights_list are allowed or denied the right to
       post events of this event_class.  Users specified  by  the
       rights_list  are  allowed or denied the right to subscribe
       to or retrieve from the log, events of  this  event_class.
       A list of users or groups who have or are denied the specified
 right for this event or service class.  Entries  are
       separated by commas.

              A   rights_list   has   the  format:  [+|-][user  |
              group=groupname]

              In the previous rights_list, user is the login name
              of  any  user, and groupname is any group. The keyword
 group may be abbreviated  to  grp.  A  leading
              plus  character (+) signifies that event or service
              rights are granted. A leading minus  character  (-)
              signifies  that  rights are explicitly denied. User
              root has implicit posting and access rights to  all
              events,  and execute rights to all services, unless
              they are explicitly denied.

              The first explicit entry for a  user  in  a  rights
              list  takes  precedence  over any other explicit or
              group entries for that user. If  the  user  is  not
              explicitly listed, but is a member of a group which
              denies access, access is denied even if the user is
              also  a  member  of  a  group  for  which access is
              granted.

              A plus or minus sign with no associated name grants
              or denies rights to all users.

              The  rights_list  must be enclosed in double quotes
              if it contains spaces.  The rights specified  apply
              to  services performed by the daemon for a requesting
 client.  The  service  to  which  these  rights
              apply.  The  service_name  is the name of a service
              defined in the  evmdaemon.conf  file.  User-defined
              services are not currently supported.  Users specified
 by the rights_list are allowed or  denied  the
              right to request operation of this service.

       The  keywords  described may be entered in a case-insensitive
 manner.  The allowable strings and the minimum number
       of  characters  is shown in the following table. A minimum
       of zero (0) indicates that all characters are required.

       -------------------------
       Keyword          Minimum
       -------------------------
       access           0
       class            0
       event_rights     7
       execute          4
       post             0
       service          4
       service_rights   9
       -------------------------

NOTES    [Toc]    [Back]

       If you add an  event_rights  entry  to  the  authorization
       file,  you  must  make  sure there is a corresponding base
       event template in the template file library. The base template
  must have a name whose components exactly match the
       corresponding components in the authorization file's class
       value.  The  template  name can have fewer components than
       are present in the class, but it cannot  have  more.   For
       example,  if  an  event_rights  group has a class value of
       myco.myprod.payroll, and an event template with  the  name
       myco.myprod  has  been registered in an EVM template file,
       the template will be regarded as the base template for the
       class.

              Each  time the daemon loads or reloads its configuration,
 it writes a warning message  in  its  error
              file  if  no base template is registered for a particular
 event_rights entry. Refer  to  the  evmtemplate(4)  reference page for information about registering
 event templates.   If  you  are  concerned
              with allowing your file to be used on other systems
              that support EVM in the future, you should use  the
              built-in  macro  @SYS_VP@ in place of the first two
              components (sys.unix) of the  name  of  any  system
              event.  This will make it unnecessary to change the
              file if the other system  uses  a  different  event
              name prefix.






EXAMPLES    [Toc]    [Back]

       This  example  illustrates  an  entry in the authorization
       file with the following privileges:  Only  root  may  post
       events that have myco.myapp as the first two components of
       the event name.  Events in this class may be  accessed  by
       root or by any user who is a member of the tech group.

       event_rights    {
                        class        myco.myapp
                        post         +root
                        access       "+root, +group=tech"
                       }

FILES    [Toc]    [Back]

       Location of the EVM authorization file.

SEE ALSO    [Toc]    [Back]

      
      
       Commands: evmd(8)

       Files: evmdaemon.conf(4), evmtemplate(4)

       Event Management: EVM(5)



                                                      evm.auth(4)
[ Back ]
 Similar pages
Name OS Title
syslog.auth Tru64 authorization file for accepting remote syslog messages
binlog.auth Tru64 authorization file for accepting remote binlog messages
AC_AuthCompute Tru64 Compute authorization (CDSA)
TP_CertGroupToTupleGroup Tru64 Create a set of authorization tuples (CDSA)
CSSM_TP_CertGroupToTupleGroup Tru64 Create a set of authorization tuples (CDSA)
cfgmgr.auth Tru64 Configuration management server authorization database
sis HP-UX secure internet services with Kerberos authentication and authorization
convauth Tru64 convert security authorization databases into database format
mailauth Tru64 manipulate alternate authorization database for Post Office Protocol (POP), Internet Message Access ...
AFclosefile IRIX close an audio file, update file header if file was opened for write access.
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service