FS
Documentation

COSmanager FAQ

From Documentation

(Difference between revisions)
Jump to: navigation, search

Revision as of 00:18, 5 July 2006

Contents

COSmanager

Scheduler (for Version 4.x Applications and Newer)

These Schedule Definitions are valid for COSmanager Framework versions 4 or newer. The Schedules for older versions of the products will still work.

Schedule: Daily - except Thursday Friday

  1. Config > COSmanager configuration > Other tables > schedule
  2. select "70 Daily - except Thursday" > Maintain > Clone
  3. change Order to 75
  4. change Schedule name to "Daily - except Thursday Friday"
  5. press choose on Day(s) and use Ctrl-click to select all days EXCEPT Thursday and Friday
  6. press Accept

Note: the above steps can be followed for any combination of days.

Scheduler (for Version 3.x Applications and Newer)

These Schedules are valid for all current versions of COSmanager Suite products.

How do I define a scheduled time for the last Friday of the month?

Set up a new scheduled time as follows:

Ord:nnn
When:Monthly - last Friday
Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -d$D2-$D1 -w5 $Today $Start
Crontab string:* * 5
Check cron:yes

On some platforms the flag to tail the command may have to be... tail -4c

How do I define a scheduled time for the last working day of the month

Setup new scheduled time as follows:

Ord:nnn
When:Monthly - last working day
Schedule Cmd:day=`cal | tail -c4` ; last="`date +%Y%m$day`" ; [ "`db_date`" -eq "`db_datemat -p -b -w1-5 $last`" ]
Crontab string:* * *
Check cron:yes

On some platforms the flag to the tail command may have to be ... tail -4c

How do I define a scheduled time for once a fortnight

Setup new scheduled time based on the following:

Example: schedule time for the first Monday each fortnight:

Ord:nnn
When:Fortnightly - 1st Monday
Schedule Cmd:WK=`date +%U` db_datemat -w1 && [ 1 -eq `expr $WK % 2` ]
Crontab string:* * 1
Check cron:yes

Example: schedule time for the second Wednesday each fortnight:

Ord:nnn
When:Fortnightly - 2nd Wednesday
Schedule Cmd:WK=`date +%U` db_datemat -w3 && [ 0 -eq `expr $WK % 2` ]
Crontab string:* * 3
Check cron:yes

Explanation of example Schedule Commands above:

WK=`date +%U` gets the week number for today.
db_datemat -w3 returns true if today is Wednesday. -w0 is Sunday, -w6 is Saturday.
`expr $WK % 2` returns a modulo 2 number, 1 for the first week in a fortnight, and 0 for the second.

How do I define a scheduled time for the last Friday of June and December (6 monthly)

Setup new scheduled time as follows:

Ord:nnn
When:June, Dec - last Friday
Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -m6,12 -d$D2-$D1 -w5 $Today $Start
Crontab string:* * 5
Check cron:yes

On some platforms the flag to the tail command may have to be ... tail -4c


General Questions

How does COSmanager's remote system management affect the security of remotely managed systems? (draft)

To answer this it is necessary to explain how COSmanager manages those systems.

For the purpose of system management, COSmanager defines a host as either a Master, a Remote or a Slave. A Slave system can only administer itself. A Master can administer and any other host marked as Remote or Slave. A Remote system is another Master on the same network. This enables arbitary management domains to be defined.

To administer a Slave, a Master executes commands through a local program called FSremote. This program looks up a communication method, in the comm_meth table, and uses this to execute the command via the FSadmin command on the Slave.

The standard communication method used by COSmanager is rsh. To use this method a .rhosts file is created for the user fsadmin on the Slave systems that allow root or fsadmin access from the Master. In itself, this .rhosts file does not represent a security threat. In version 2.5.2 the fsadmin account is not privileged and users remotely logging in are captured by a .profile and securely put into COSmanager.

The command, FSadmin, is a set UID root program used to either start COSmanager or execute a command passed as a parameter. Running the command CM results in the execution of FSadmin which starts COSmanager. Under normal usage, the FSadmin command performs security checks to validate the user ID and check that they are authorised to use COSmanager. If the FSadmin command is invoked by root or fsadmin and passed a command to execute the normal security checks are bypassed and the command is run as root. This is the case when it is executed by FSremote to manage a remote system.

Normally the slave FSadmin is executed as a request from a COSmanager Master. This ensures that the user on the Master is allowed to run that administration task. However, if the user on the Master can get an fsadmin or a root shell, then they can remotely execute any command on any slave as root. This is possible because the slave does not authenticate that the commands were sent by COSmanager. This means that root on the Master system has root privilages on all the remote systems. Most products currently available on the market do not perform authentication,and so are susceptable to the same problem.

By ensuring that the root account on COSmanager masters is protected from unauthorised use, COSmanager does not introduce further security risks to a network. COSmanager facilitates this by enabling the use of the root account to be minimised.

CPIO versus TAR versus DUMP (draft)

Advantages of CPIO:

Disadvantages of CPIO:

Disadvantages of TAR:

Advantages of DUMP:

Disadvantages of DUMP:

When adding a user to a hostgroup, how do I perform commands on all hosts in the hostgroup?

Following is the code you need in your SetupUser script.

if [ -n "$Access" ]; then
AccessListAll=`db_sel -h acchost "Hostgroup == \"$Access\"" Hostname`
fi

for host in $AccessListAll# execute on each host in access list
do
if [ "$ADMINHOST" = "$host" ]
then
$Command
else
FSremote $host "$Command"
fi
done

"$Command" represents the command you wish to execute.

How do I access COSmanager man pages on the Sequent ptx 2.x port?

The normal method to access COSmanager man pages is to alter the MANPATH environment variable. The operating system Dynix/ptx 2.x does not have or use the MANPATH environment variable.

For ptx, third party software man pages need to be preprocessed (using nroff(1)), packed (using pack(1)) and linked to the standard man page directory. Following is a list of commands to do this for you:

cd $Fshome/man/man1
for MP in `echo *.1`; do
nroff -man $MP > $MP.tmp
pack $MP.tmp
mv $MP.tmp.z $MP.z
ln -s $MP.z /usr/catman/man1/$MP.z
done

$FShome/man/man1 contains COSmanager application related man pages. $FShome/man/manp contain Functional Toolset related man pages