IBM Hub/Switch Switch User Manual


 
Chapter 3 System Preparation
HPSS Installation Guide September 2002 187
Release 4.5, Revision 2
Security Manager, or if none of these policy files exists, the default policy is the original Java
sandbox policy, which is rather liberal.
Any system access is further limited by whatever protections the local operating system supplies.
So, for example, if the policy file allows access to file "foo", but the file system permissions do not
permit access to "foo" by the user executing hpssadm, then the user cannot access the file.
The SSM Data Server and the hpssadm utility have been written to be executed under a Security
Manager so that we may impose further restrictions than the sandbox, particularly the ability to
restrict accesses to a specified set of network addresses. The Security Manager is set up inside the
Data Server and hpssadm code. The HPSS administrator controls the privileges granted to the code
by means of the policy files.
The names of the policy files are specified in the system security properties file, $JAVA_HOME/lib/
security/java.security. By default, a system wide policy file $JAVA_HOME/lib/security/
java.policy is checked first, and then the file ".java.policy" in the user's home directory. Alternate
policy files can be specified for an application at runtime. The Data Server and hpssadm utility
expect an alternate policy file at runtime. By default, these files are
/var/hpss/ssm/java.policy.ds
/var/hpss/ssm/java.policy.hpssadm
on the machine where the Data Server or hpssadm utility is executing, respectively. These file
names can be changed in the hpss_env file by setting the HPSS_SSMDS_JAVA_POLICY and
HPSS_HPSSADM_JAVA_POLICY variables as desired. See the files config/templates/
java.policy.ds.template and config/template/java.policy.hpssadm.template for sample policy
files. These files should be copied to the /var/hpss/ssm area on the appropriate machines and
customized as desired for your site.
The minimum privileges which must be granted to the Data Server are those to allow it to load its
native library, to read its configuration file, and to communicate across the network with hpssadm
clients. The hpssadm client must have privileges to read the user's keytab file and to communicate
across the network with the Data Server:
1. Native library access requires RuntimePermission loadLibrary. The name of the Data
Server's native library is libssmds.a (libssmds.so on Solaris), so the entry for the policy file
is:
grant {
permission java.lang.RuntimePermission "loadLibrary.ssmds";
};
Additionally, although we can find no reference to it in any of the Java documentation,
the interpretation of this library name requires read permission on the java.execsuffix
property. This policy file entry is:
grant {
permission java.util.PropertyPermission "java.execsuffix",
"read";
};
These two entries are necessary only in the Data Server policy file. They are not needed in
the hpssadm policy file.