COSmanager User Man pages

From Documentation

Revision as of 12:09, 1 May 2006; view current revision
←Older revision | Newer revision→

Jump to: navigation, search

1 asgroup
2 asuser
3 audcycle
4 audit
5 audview
6 browser
7 cos
8 daemon
9 fs_tools
10 menu
11 methtool
12 page
13 root
14 runopt
15 scroll

asgroup

NAME

asgroup — Run a program with another group's permissions

SYNOPSIS

asgroup <group> [<command>]

DESCRIPTION

Asgroup changes the effective group ID of the user to the specified group while running command. If no command was specified, an interactive Shell will be started, either using the program defined by the SHELL environment variable, or /bin/sh if SHELL is not defined. Asgroup will only permit execution to proceed if either:

The user is part of the specified group; or
The command's group is the one specified, and it has the set group ID bit enabled [see chmod(1)], and the user has execute access to the command.
All attempts (both successful and not) are logged to an audit trail.

FILES

/usr/spool/log/asgroup

Audit log file. Every execution of asgroup is logged here detailing the user, terminal, date andtime, the command and whether it was successful.

SEE ALSO

fs_tools(1).

COPYRIGHT

asuser

NAME

asuser - Run a program as another user

SYNOPSIS

asuser [-12cdosu] <user> <command>

DESCRIPTION

Asuser runs a command in the context of another user. It is normally only run by a process with the effective user ID of the superuser.

Switching to the specified user causes the process to switch to that user's ID and Groups, plus the following environment variables to be set: LOGNAME, USER, HOME and FULLNAME.

OPTIONS

-c

Check that the caller's effective ID is superuser before running the command. By default, if the caller is not superuser, the command is still run, but without switching users.

-d

Change into the user's home directory before running the command, and before creating any output files (see the -o, -1 and -2 options). Normally the command is run in the current working directory.

-s

Run the command using the shell. This allows arbitrary shell syntax to be used in the command. Normally the command must be a single program name, optionally followed by its parameters.

-u <ulimit>

Set the ulimit to the specified value prior to running the command.

-o <file>

Redirect both STDOUT and STDERR to the given file after switching to the new user. If the file does not exist, it will be created with the ownership of the given user. Note that if you use:

asuser <user> <command> > <file>

the file will be opened by the shell prior to running asuser, causing it to be created with "root" ownership.

-1 <file>

Redirect STDOUT to the given file after switching to the new user. Please refer to the discussion under -o.

-2 <file>

Redirect STDERR to the given file after switching to the new user. Please refer to the discussion under -o.

EXAMPLE

asuser mike weekly_report -d prodn

Runs the command "weekly_report -d prodn" as user "mike".

WARNINGS

This program must not be installed with the SETUID flag set, otherwise system security would be compromised.

COPYRIGHT

audcycle

COPYRIGHT

audit

COPYRIGHT

audview

COPYRIGHT

browser

COPYRIGHT

cos

NAME

cos - Invoke COSmanager

SYNOPSIS

cos [-apD] [-d <db>] [-u <user>] [-v <version>] [<appl> [-C] [-v <version>] [-c <command> | <table> [<method>]]]

DESCRIPTION

Cos is the command that invokes COSmanager and COSmanager applications.

Cos performs security checks on the invoking user, asking for passwords if necessary, sets up the appropriate security profile and environment for the user, and then invokes either the main COSmanager menu, a COSmanager application, a method or a command.

OPTIONS

-D: Invoke the demonstration mode of COSmanager. (See below for more details).

-d <database>: Specifies a database holding the Functional Database table data. If the name specified does not end with .db, then this suffix will be appended to form a directory name, which must be located under both the $FShome and $APPL_HOME directories. If not specified, the default database (db) is used.

-v <version>: Specifies an alternate version of the COSmanager framework to invoke. The directory of the specified COSmanager version determines the value of the FShome variable, the base directory of the COSmanager framework.

The following three options are only available if the user is super-user or cosmos:

-a: Ask "Who are you?". Normally cos automatically determines the ID of the invoking user, which in turn determines their security profile. If this option is specified, the user is prompted to enter his or her login ID, and password. If this is validated correctly, the user will be allowed into COSmanager with that user's security profile.

-p: Forces the user to enter the appropriate COSmanager application passwords. Normally when cos is invoked as super-user, password checking is bypassed.

-u <user>: Use the security profile of the specified user rather than that of the invoking user.

<appl> specifies the COSmanager application to invoke. If omitted, the main COSmanager menu (or buttonbar) is invoked. After the application name the following options can appear:

-C: Invoke the application in configuration mode. This may cause further security checks and authentication to occur.

-v <version>: Specifies an alternate version of the application to run. The directory of the specified version of the application determines the value of the APPL_HOME variable. Normally the default version of the application is run.

-c <command>: Specifies the command to run under the given application.

<table> [<method> [<params>]]: If a table is specified with no subsequent parameters, db_methtool(1) is invoked upon that table. This provides an interactive, user-friendly interface to the methods defined for the table. If a method and optionally parameters to that method are given, then that method is invoked directly. See db_meth(1) for details of the format of the parameters.

APPLICATION INVOCATION

When cos invokes an application, it first searches the applictn table in the COSmanager framework, looking for the specified application. If no version was specified by the user, the entry with the Default column set to yes will be used. This entry determines the base directory (APPL_HOME) of the application, the capabilities required by the user to access it, how the application is to appear in the COSmanager menu or buttonbar, and the commands to invoke the application itself.

Once the entry is found, the user's capabilities are checked to ensure that he or she has access to the application. The application's environment variables (see below) are then set, and if $APPL_HOME/profile exists, it is sourced as a Bourne shell script. Finally the command to invoke the application is executed.

DEMONSTRATION MODE

In this mode, any modification to tables which are not under the specified database directory, will cause them to be copied there, and the modification performed on the copy. Thus real system tables (eg: passwd, group, hosts, networks) will not be modified directly, rather the user will operate on copies of them.

Although most COSmanager applications normally run as root or cosmos, demonstration mode forces them to be run as the normal UID of the invoking user. In addition, certain system commands are replaced with scripts that enable the demonstration or training to be run without needing special privileges.

It is possible to create a self contained demonstration of a COSmanager application by copying the tables from the COSmanager framework database directory ($FShome/db) and the application's database directory ($APPL_HOME/db) to another directory and using the -d flag to reference the alternate database.

For example, the following commands create a new duty3G database called training:

cos duty -c sh 
  cd $FShome 
  mkdir training.db 
  cd db 
  find . -print | cpio -pdumv ../training.db 
  cd $APPL_HOME 
  mkdir training.db 
  cd db 
  find . -print | cpio -pdumv ../training.db 
  exit

The command:

cos -D -d training duty

would be used to invoke duty3G in demonstration mode using the training database.

Such a scheme could be used for training new operators.

ENVIRONMENT VARIABLES

COSmanager sets and uses the following environment variables:

APPL_HOME: The base directory of the application being run under cos. The application programs, menus, prompt forms and database files etc, are in subdirectories under $APPL_HOME.

FShome: The base directory of the COSmanager framework, which contains the Functional Toolset. By default this is the home directory of the cosmos user.

PATH: Cos automatically includes the directories $APPL_HOME/bin and $FShome/bin in the PATH variable. Furthermore, in demonstration mode, PATH also includes $APPL_HOME/dbin and $FShome/dbin to allow special demonstration versions of programs to be written.

DBTABDIR: This determines the search path used to locate data for database tables within the COSmanager framework and applications. Unless the -d option is used, this variable is not set, thus defaulting the search path to the db and distrib.db directories. If, for example, "-d training" is specified, the search path is changed to the training.db and distrib.db directories.

FS_CUSTOMER: The Customer name to appear at the right side of the title bar on menus, forms, etc under the CUI, and in the "about" box under the GUI. This should be kept fairly short (say 20 characters), or it may be overwritten by the title.

PRINTCMD: A command which is used to send output to a printer. It must be able to read its input from standard input, and should not write anything to standard output (or standard error), unless there is an error condition. Using the System V spooler as an example, PRINTCMD should be set to "lp -s", which is the default.

DBPRINT: A command that takes (as standard input) output from the Functional Database and send it to a printer. This allows pre-formatting of database tables before printing. One utility that provides this is page(1). This will take the header line and repeat it at the top of each printed page and place the page number on the bottom line. An example of the setting of this variable would be:; DBPRINT="page -C | lp -s"

PRINTYPE: The printer type to be used by the page(1) command. This is only necessary if the DBPRINT variable is set to use the page command. A terminfo(4) entry must exist for this printer type.

PAGER: The name of the pagination program used when display manual pages, etc. This would typically be more(1), pg(1), or even the less(1) public domain pager. If not specified then the scroll(1) command will be used.

These variables are automatically set when the cos command is run. Most can be changed by using the "Global Parameters" menu under "COSmanager Configuration".

SEE ALSO

db(1), db_methtool(1), db_meth(1).

WARNINGS

COSmanager runs most of the time with root privileges. The startup scripts and profiles as supplied are written extremely carefully to eliminate the possibility of "trapdoors" or other means of compromising system security. If the files $FShome/bin/COSstartup, $FShome/bin/APstartup or $APPL_HOME/profile are modified, be very careful not to introduce such "trapdoors". In particular, always use full pathnames when specifying directories, especially within PATH variables. Also make sure that the file permissions on such scripts are not changed which may allow access by "hostile" users.

COPYRIGHT

daemon

COPYRIGHT

fs_tools

NAME

fs_tools - the Functional Toolset

SYNOPSIS

The Functional Toolset is a suite of tools, to enable sophisticated applications to be built quickly and easily. It consists of a suite of user interface tools, database access tools, and various miscellaneous tools. The Functional Database tools are described under db(1). This manual page describes the user interface tools, the environment variables that the toolset uses, and some common facilities which the toolset uses (such as path lists).

USER INTERFACE TOOLS

These are full-screen, interactive programs, each with a distinct function and they support both a Graphical User Interface (GUI) and a Character User Interface (CUI), the latter can run on virtually any terminal.

These functions include:

Picking an item from a menu
Filling in a form
Browsing through output, and optionally printing sections
Choosing one or more items from a list
Hitting one of a number of function keys in answer to a request

Although these functions are implemented as separate programs, the "look and feel" of each of the tools is the same, so the user interface remains uniform throughout an application built with these tools.

Below are brief descriptions of the functions and features of each user interface tool. Further details can be found in the appropriate manual entry for each.

MENU

Menu implements a hierarchical menu structure. The user simply arrows down to the desired item, and hits Enter or Accept. If that item is an action then the program corresponding to that action is executed. If it is a submenu, then that menu will be entered. Hitting Exit will take the user up a level in the menu hierarchy, or exit Menu completely if it was the Main or Top-level menu.

Other features of Menu are:

Conditional menu items. If the condition is not true, the user will not see that item.
"Self-modifying" menu text. The menu description can contain references to Shell environment variables. If these variables change, so will the text of the menu.
A full hierarchy of every menu in the system is available by hitting the Index key. The user can then search through the hierarchy, and jump directly to any menu.

PROMPT

Prompt allows a user to fill in a form and when complete, it outputs Shell commands to set environment variables to the values entered in each field. Optionally, prompt can also load default values for each field from environment variables of the same names. This association of Shell variables to fields on a form, and the association between database column values and Shell variables [see db(1)], means that prompt can be readily used to input and manipulate database column values.

Prompt is also capable of doing extensive validation of user input, and of doing database "lookups" to ensure consistency, and to provide useful feedback to the user.

SCROLL

Scroll is a sophisticated version of more(1) or pg(1). It provides up and down, left and right scrolling through any output data. The user can search for arbitrary patterns, and can spool any range of pages to a printer. Scroll can also interpret print control codes for the Epson LQ printer range.

CHOOSE

Choose is a "pick-and-point" selection utility. It displays lines of data to the user and allows him or her to choose one (or more) lines, which it then writes to standard output. The user has similar features to move within the data as Scroll provides.

CONFIRM

Confirm displays a message (which may consist of a number of lines) on the screen, and asks the user to make a decision. The user is presented with a fixed number of alternatives, each is selectable by a different function key, which is labelled accordingly.

METHTOOL

Db_methtool provides an interface to perform actions (or methods) upon data in a database table. It allows the user to select one or more items, then to choose a method to perform. When the method has completed, control is returned so that the whole process can be repeated. It can be considered similar to a combination of choose and menu.

CHARACTER INTERFACE

Each of these tools presents a uniform user interface. This consists of:

A title bar on the top line of the screen, with a title in the middle, the customer name at the right, and the tool name, or menu name at the left.
A row of 8 function key labels on the bottom line of the screen, with F1 being Help, F2 Extended Help, F3 Exit, and F8 Accept. Other function keys may change depending on the particular tool.
A message line on the second bottom screen line. Error or informative messages appear on this line.

If the keyboard supports them, the following keys can also be used:

PAGE DOWN or ^F: On tools that support scrolling, scroll forward to the next page.
PAGE UP or ^B: On tools that support scrolling, scroll back to the previous page.
HOME: Move the cursor to the "home" position on the screen.
ARROW KEYS: Move the cursor or scroll in the direction indicated.
^L or ^R: Redraw the screen.
^D: Exit the tool. Same as F3. This can always be used to exit any tool, and is useful if the terminfo(4) definition of the function keys is incorrect.

GRAPHICAL INTERFACE

The graphical interface provides extra flexibility in that several actions can be executed simultaneously, and run in different windows. Where possible the interface is similar to the character interface in terms of the actions of the function and other keys. Selection of items and scrolling of data, however, is achieved by use of the mouse and scrollbars, rather than using keystrokes.

From the programming point of view, the use of the character and graphical interfaces is identical.

ENVIRONMENT VARIABLES

The following list of environment variables is used by the Functional Toolset. Note that these are generally set in the file $FShome/profile.

FShome: The parent directory of all Functional Software files. The toolset executable programs live in $FShome/bin, which should be included in the user's PATH.
TITLE: The title to place at the centre of the title bar which is on the top line of the screens of all the tools. This variable is overridden by the -t option, or by any other mechanism that each tool may have to specify a title.
FS_CUSTOMER: The Customer name to appear at the right side of the title bar. This should be kept fairly short (say 15 characters), or it may be overwritten by the title.
PRINTCMD: A command which is used by the tools to send output to a printer. It must be able to read its input from standard input, and should not write anything to standard output (or standard error), unless there is an error condition. Using the System V spooler as an example, PRINTCMD should be set to "lp -s". Note that the db(1) tools also use another similar variable, DBPRINT. There is also an associated variable, PRINTYPE, which is the terminfo name for the type of printer used by the page(1) command.
PAGER: The name of a program through which large streams of terminal output (such as manual pages) are sent. This could be pg(1) or more(1) or preferably:; scroll -p66 -H1 -s; which will give the user a print capability, and similar "look-and-feel" to the other tools.
LOGNAME: Should always be set to the login name of the user. This is done automatically on most systems.
TERM: Should be set to the terminfo name for the type of terminal being used.
TERMINFO: See below.

PATH LISTS

A number of tools access files either to control their operation, or to read or update data. The tools which do this can search for the file(s) in a search path, similar to the standard PATH variable.

Path lists are a list of directories separated by colons, each of which is searched in turn. If the path begins with "+:", this search algorithm is extended as follows: the directories pecified in the path are then relative to the application directory path (specified by the APPL_PATH variable). If APPL_PATH is not set, then APPL_HOME is used, and if this is not set, HOME is used.

Consider the example of searching for the file "media" and the path list is specified as "+:db:distrib.db", and APPL_PATH is "/usr/fs1:/usr/fs2". The following directories would be searched in order:

/usr/fs1/db 
  /usr/fs1/distrib.db 
  /usr/fs2/db 
  /usr/fs2/distrib.db

The path list variables all have reasonable default values, so in most circumstances they will not need to be set.

The following is a list of path lists used by the Functional Toolset:

DBDIR: Used by the database tools to locate the data dictionary file (.dc) for the table. Default: "+:dict"
DBTABDIR: Used by the database tools to locate the data file for the table. Default: "+:db:distrib.db"
MENUDIR: Used by Menu to find the menu description files. Default: "+:menu"
METHDIR: Used by the database method tools to locate the list of methods for the table. Default: "+:method"
PROMPTDIR: Used by prompt to find the prompt description file. Default: "+:prompt"
REPDIR: Used by the report generation tools to locate the report description file. Default: "+:report"

TERMINFO

Because the character interface tools of the Functional Toolset uses the facilities of terminfo(4) in a far more extensive way than most of the standard utilities like vi(1), often the distributed terminfo definitions are inadequate. Therefore the Functional Toolset comes with its own terminfo directory, $FShome/lib/terminfo, which contains source of tested definitions for several common terminals.

In order to use these supplied definitions, it is preferable to set the TERMINFO environment variable to $FShome/lib/terminfo so that the standard system definitions are not lost, when the new ones are compiled with tic(1).

COPYRIGHT

methtool

COPYRIGHT

page

COPYRIGHT

root

COPYRIGHT

runopt

COPYRIGHT

scroll

COPYRIGHT

Retrieved from "https://documentation.fs.com.au/index.php/COSmanager_User_Man_pages"

Search

COSmanager User Man pages

From Documentation

Contents

asgroup

asuser

audcycle

audit

audview

browser

cos

daemon

fs_tools

menu

methtool

page

root

runopt

scroll