COSmanager User Man pages

From Documentation

Revision as of 07:27, 1 May 2006 Moff (Talk | contribs) (→asuser) ← Previous diff		Revision as of 07:57, 1 May 2006 Moff (Talk | contribs) (→asgroup) Next diff →
Line 12:		Line 12:
	:Asgroup changes the effective group ID of the user to the specified group while running command. If no command was specified, an interactive Shell will be started, either using the program defined by the SHELL environment variable, or <tt>/bin/sh</tt> if SHELL is not defined. Asgroup will only permit execution to proceed if either:		:Asgroup changes the effective group ID of the user to the specified group while running command. If no command was specified, an interactive Shell will be started, either using the program defined by the SHELL environment variable, or <tt>/bin/sh</tt> if SHELL is not defined. Asgroup will only permit execution to proceed if either:
	:*The user is part of the specified group; or		:*The user is part of the specified group; or
-	:*The command's group is the one specified, and it has the set group ID bit enabled [see chmod(1)], and the user has execute access to the command.<br>All attempts (both successful and not) are logged to an audit trail.	+	:*The command's group is the one specified, and it has the set group ID bit enabled [see [http://en.wikipedia.org/wiki/Chmod chmod(1)]], and the user has execute access to the command.<br>All attempts (both successful and not) are logged to an audit trail.
Line 21:		Line 21:
	'''SEE ALSO'''		'''SEE ALSO'''
-	:fs_tools(1).	+	:[[#fs_tools|fs_tools(1)]].

---

Revision as of 07:57, 1 May 2006

Contents 1 asgroup 2 asuser 3 audcycle 4 audit 5 audview 6 browser 7 cos 8 daemon 9 fs_tools 10 menu 11 methtool 12 page 13 root 14 runopt 15 scroll

asgroup

NAME

asgroup — Run a program with another group's permissions

SYNOPSIS

asgroup <group> [<command>]

DESCRIPTION

Asgroup changes the effective group ID of the user to the specified group while running command. If no command was specified, an interactive Shell will be started, either using the program defined by the SHELL environment variable, or /bin/sh if SHELL is not defined. Asgroup will only permit execution to proceed if either:

• The user is part of the specified group; or
• The command's group is the one specified, and it has the set group ID bit enabled [see chmod(1)], and the user has execute access to the command.
  All attempts (both successful and not) are logged to an audit trail.

FILES

/usr/spool/log/asgroup

Audit log file. Every execution of asgroup is logged here detailing the user, terminal, date andtime, the command and whether it was successful.

SEE ALSO

fs_tools(1).

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

asuser

NAME

asuser - Run a program as another user

SYNOPSIS

asuser [-12cdosu] <user> <command>

DESCRIPTION

Asuser runs a command in the context of another user. It is normally only run by a process with the effective user ID of the superuser.

Switching to the specified user causes the process to switch to that user's ID and Groups, plus the following environment variables to be set: LOGNAME, USER, HOME and FULLNAME.

OPTIONS

-c

Check that the caller's effective ID is superuser before running the command. By default, if the caller is not superuser, the command is still run, but without switching users.

-d

Change into the user's home directory before running the command, and before creating any output files (see the -o, -1 and -2 options). Normally the command is run in the current working directory.

-s

Run the command using the shell. This allows arbitrary shell syntax to be used in the command. Normally the command must be a single program name, optionally followed by its parameters.

-u <ulimit>

Set the ulimit to the specified value prior to running the command.

-o <file>

Redirect both STDOUT and STDERR to the given file after switching to the new user. If the file does not exist, it will be created with the ownership of the given user. Note that if you use:

asuser <user> <command> > <file>

the file will be opened by the shell prior to running asuser, causing it to be created with "root" ownership.

-1 <file>

Redirect STDOUT to the given file after switching to the new user. Please refer to the discussion under -o.

-2 <file>

Redirect STDERR to the given file after switching to the new user. Please refer to the discussion under -o.

EXAMPLE

asuser mike weekly_report -d prodn

Runs the command "weekly_report -d prodn" as user "mike".

WARNINGS

This program must not be installed with the SETUID flag set, otherwise system security would be compromised.

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

audcycle

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

audit

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

audview

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

browser

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

cos

NAME

cos - Invoke COSmanager

SYNOPSIS

cos [-apD] [-d <db>] [-u <user>] [-v <version>] [<appl> [-C] [-v <version>] [-c <command> | <table> [<method>]]]

DESCRIPTION

Cos is the command that invokes COSmanager and COSmanager applications.

Cos performs security checks on the invoking user, asking for passwords if necessary, sets up the appropriate security profile and environment for the user, and then invokes either the main COSmanager menu, a COSmanager application, a method or a command.

OPTIONS

-D

Invoke the demonstration mode of COSmanager. (See below for more details).

-d <database>

Specifies a database holding the Functional Database table data. If the name specified does not end with .db, then this suffix will be appended to form a directory name, which must be located under both the $FShome and $APPL_HOME directories. If not specified, the default database (db) is used.

-v <version>

Specifies an alternate version of the COSmanager framework to invoke. The directory of the specified COSmanager version determines the value of the FShome variable, the base directory of the COSmanager framework.

The following three options are only available if the user is super-user or cosmos:

-a

Ask "Who are you?". Normally cos automatically determines the ID of the invoking user, which in turn determines their security profile. If this option is specified, the user is prompted to enter his or her login ID, and password. If this is validated correctly, the user will be allowed into COSmanager with that user's security profile.

-p

Forces the user to enter the appropriate COSmanager application passwords. Normally when cos is invoked as super-user, password checking is bypassed.

-u <user>

Use the security profile of the specified user rather than that of the invoking user.

Appl specifies the COSmanager application to invoke. If omitted, the main COSmanager menu (or buttonbar) is invoked. After the application name the following options can appear:

-C

Invoke the application in configuration mode. This may cause further security checks and authentication to occur.

-v <version>

Specifies an alternate version of the application to run. The directory of the specified version of the application determines the value of the APPL_HOME variable. Normally the default version of the application is run.

-c <command>

Specifies the command to run under the given application.

<table> [<method> [<params>]]

If a table is specified with no subsequent parameters, db_methtool(1) is invoked upon that table. This provides an interactive, user-friendly interface to the methods defined for the table. If a method and optionally parameters to that method are given, then that method is invoked directly. See db_meth(1) for details of the format of the parameters.

APPLICATION INVOCATION

When cos invokes an application, it first searches the applictn table in the COSmanager framework, looking for the specified application. If no version was specified by the user, the entry with the Default column set to yes will be used. This entry determines the base directory (APPL_HOME) of the application, the capabilities required by the user to access it, how the application is to appear in the COSmanager menu or buttonbar, and the commands to invoke the application itself.

Once the entry is found, the user's capabilities are checked to ensure that he or she has access to the application. The application's environment variables (see below) are then set, and if $APPL_HOME/profile exists, it is sourced as a Bourne shell script. Finally the command to invoke the application is executed.

DEMONSTRATION MODE

In this mode, any modification to tables which are not under the specified database directory, will cause them to be copied there, and the modification performed on the copy. Thus real system tables (eg: passwd, group, hosts, networks) will not be modified directly, rather the user will operate on copies of them.

Although most COSmanager applications normally run as root or cosmos, demonstration mode forces them to be run as the normal UID of the invoking user. In addition, certain system commands are replaced with scripts that enable the demonstration or training to be run without needing special privileges.

It is possible to create a self contained demonstration of a COSmanager application by copying the tables from the COSmanager framework database directory ($FShome/db) and the application's database directory ($APPL_HOME/db) to another directory and using the -d flag to reference the alternate database.

For example, the following commands create a new duty3G database called training:

cos duty -c sh
  cd $FShome
  mkdir training.db
  cd db
  find . -print | cpio -pdumv ../training.db
  cd $APPL_HOME
  mkdir training.db
  cd db
  find . -print | cpio -pdumv ../training.db
  exit

The command:

cos -D -d training duty

would be used to invoke duty3G in demonstration mode using the training database.

Such a scheme could be used for training new operators.

ENVIRONMENT VARIABLES

COSmanager sets and uses the following environment variables:

APPL_HOME

The base directory of the application being run under cos. The application programs, menus, prompt forms and database files etc, are in subdirectories under $APPL_HOME.

FShome

The base directory of the COSmanager framework, which contains the Functional Toolset. By default this is the home directory of the cosmos user.

PATH

Cos automatically includes the directories $APPL_HOME/bin and $FShome/bin in the PATH variable. Furthermore, in demonstration mode, PATH also includes $APPL_HOME/dbin and $FShome/dbin to allow special demonstration versions of programs to be written.

DBTABDIR

This determines the search path used to locate data for database tables within the COSmanager framework and applications. Unless the -d option is used, this variable is not set, thus defaulting the search path to the db and distrib.db directories. If, for example, "-d training" is specified, the search path is changed to the training.db and distrib.db directories.

FS_CUSTOMER

The Customer name to appear at the right side of the title bar on menus, forms, etc under the CUI, and in the "about" box under the GUI. This should be kept fairly short (say 20 characters), or it may be overwritten by the title.

PRINTCMD

A command which is used to send output to a printer. It must be able to read its input from standard input, and should not write anything to standard output (or standard error), unless there is an error condition. Using the System V spooler as an example, PRINTCMD should be set to "lp -s", which is the default.

DBPRINT

A command that takes (as standard input) output from the Functional Database and send it to a printer. This allows pre-formatting of database tables before printing. One utility that provides this is page(1). This will take the header line and repeat it at the top of each printed page and place the page number on the bottom line. An example of the setting of this variable would be:

DBPRINT="page -C | lp -s"

PRINTYPE

The printer type to be used by the page(1) command. This is only necessary if the DBPRINT variable is set to use the page command. A terminfo(4) entry must exist for this printer type.

PAGER

The name of the pagination program used when display manual pages, etc. This would typically be more(1), pg(1), or even the less(1) public domain pager. If not specified then the scroll(1) command will be used.

These variables are automatically set when the cos command is run. Most can be changed by using the "Global Parameters" menu under "COSmanager Configuration".

SEE ALSO

db(1), db_methtool(1), db_meth(1)

WARNINGS

COSmanager runs most of the time with root privileges. The startup scripts and profiles as supplied are written extremely carefully to eliminate the possibility of "trapdoors" or other means of compromising system security. If the files $FShome/bin/COSstartup, $FShome/bin/APstartup or $APPL_HOME/profile are modified, be very careful not to introduce such "trapdoors". In particular, always use full pathnames when specifying directories, especially within PATH variables. Also make sure that the file permissions on such scripts are not changed which may allow access by "hostile" users.

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

daemon

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

fs_tools

NAME

fs_tools - the Functional Toolset

SYNOPSIS

The Functional Toolset is a suite of tools, to enable sophisticated applications to be built quickly and easily. It consists of a suite of user interface tools, database access tools, and various miscellaneous tools. The Functional Database tools are described under db(1). This manual page describes the user interface tools, the environment variables that the toolset uses, and some common facilities which the toolset uses (such as path lists).

USER INTERFACE TOOLS

These are full-screen, interactive programs, each with a distinct function and they support both a Graphical User Interface (GUI) and a Character User Interface (CUI), the latter can run on virtually any terminal.

These functions include:

• Picking an item from a menu
• Filling in a form
• Browsing through output, and optionally printing sections
• Choosing one or more items from a list
• Hitting one of a number of function keys in answer to a request

Although these functions are implemented as separate programs, the "look and feel" of each of the tools is the same, so the user interface remains uniform throughout an application built with these tools.

Below are brief descriptions of the functions and features of each user interface tool. Further details can be found in the appropriate manual entry for each.

MENU

Menu implements a hierarchical menu structure. The user simply arrows down to the desired item, and hits Enter or Accept. If that item is an action then the program corresponding to that action is executed. If it is a submenu, then that menu will be entered. Hitting Exit will take the user up a level in the menu hierarchy, or exit Menu completely if it was the Main or Top-level menu.

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

menu

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

methtool

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

page

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

root

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

runopt

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.

scroll

COPYRIGHT

Copyright © 1990-2006 Functional Software. All rights reserved.