|
|
|
|
UCF enables a NetView operator to issue Solaris commands on a computer running SNAP-IX by typing the command text at the NetView console, and to view output from these commands. The facility is not restricted to commands related to SNAP-IX; subject to the restrictions in Permitted Commands, any type of command can be issued.
By using UCF, a remote operator can monitor activity on the SNAP-IX computer, diagnose problems, and in some cases take corrective action.
You can specify whether SNAP-IX supports UCF by using the define_rcf_access command (refer to SNAP-IX Administration Command Reference). If the configuration specifies that UCF is supported, SNAP-IX starts the UCF daemon program when the node is started. The UCF daemon processes Solaris commands from the UCF by starting a new Solaris shell for each command and running the command in that shell. If UCF support is not included, SNAP-IX does not start this program.
The configuration specifies the name of the UCF user, which must be a valid login name on the SNAP-IX computer. The UCF shell is started using the shell program, login ID, permissions, and .login or .profile specified for that user. (If no shell program is specified, /bin/sh is used.) This means that the normal Solaris system security features can be used to restrict the UCF user's access to files and commands, and therefore to limit the range of commands available from UCF.
For more information about setting up the UCF configuration, refer to the description of the define_rcf_access command in SNAP-IX Administration Command Reference.
The syntax of a UCF command is as follows:
runcmd sp=spname, appl=unix, unix_command
NetView uses the runcmd utility to send a command to a remote system. The command includes the following parameters:
Specify spname, which is the name of your service point as defined at NetView. The host NetView personnel can give you this information.
Instruct NetView to send the command to the UCF daemon program on the SNAP-IX computer associated with the service point name spname.
Supply the Solaris operating system command. This command is entered as you would enter it on the Solaris command line, except for the escape characters to indicate uppercase letters or square bracket characters (as described in Overview of RCF Command Syntax).
The escape characters you would normally use on the Solaris command line, to prevent the Solaris shell from interpreting special characters, are not required with UCF. For example, do not use escape characters with strings containing the characters * or $, as you would when entering them on the Solaris command line.
The UCF is designed for use with commands that complete (whether or not any output is produced) without any further interaction from the user. For example, you can issue the command cat filename , which completes after displaying the contents of filename, or mv filename1 filename2, which completes with no output unless an error occurs.
Output generated by a UCF command is returned to UCF when the Solaris operating system command completes. This leads to the following restrictions:
Any output generated after the command completes is not returned to UCF. For example, if you issue a command followed by & to run it in the background, UCF receives the operating system message giving the process ID of the background command, but does not receive any subsequent output that is generated. Similarly, you can use UCF to start a daemon process, but you cannot see any output generated by the process.
The UCF cannot be used with a command that requires further input from the user before it completes (for example, a command such as vi filename that starts an interactive process, or a command such as tail -f filename that does not complete until it is stopped by the user).
Because all Solaris commands run with the login ID and permissions of the configured UCF user, the valid commands are limited by the access rights of the UCF user's login. In particular, root or superuser commands are not permitted. For more information, see UCF Security.
The following is an example of a UCF command as you would enter it from NetView:
runcmd sp=myspname, appl=unix, grep \temp \(ab\)*.c >\t\e\m\p.out
The command that would run on the Solaris computer is:
grep Temp [ab]*.c >TEMP.out
When a command is issued successfully, the following messages are displayed on the NetView screen:
= = = EXECUTING UNIX COMMAND = = =(any output from the command, including error messages)= = = UNIX COMMAND COMPLETED = = =
These messages may not appear on the NetView screen at the same time. The
EXECUTING UNIX COMMANDmessage appears as soon as the UCF daemon program receives the command and returns control to the NetView operator. Any output from the command is sent to NetView as it is produced, and may appear as a series of separate messages; the
UNIX COMMAND COMPLETEDmessage appears when the Solaris command has finished and its shell has ended.
If the output from the Solaris command contains tab characters, SNAP-IX converts each tab to a space character before sending the output to NetView. Otherwise the output is sent unchanged.
If you issue a command when a previous command is still in progress (that is, before the
UNIX COMMAND COMPLETEDmessage is received), the following message is displayed:
= = = COMMAND QUEUED = = =
The second command is queued, and is executed when the previous command has completed.
UCF provides a method of canceling a command that is still in progress. This can be used to stop the current command from executing, or to cancel an interactive command such as vi filename that cannot complete without further input. It is equivalent to using an interrupt sequence such as Ctrl + C to stop a process running on a terminal, or using the Solaris kill command to stop the process.
In addition to canceling the command that is currently executing, SNAP-IX cancels any commands that are queued after it.
The command syntax is the same as for the Solaris command, with the string ux-cancel instead of the command text. For example:
runcmd sp=myspname, appl=unix, ux-cancel
For each outstanding command (the one currently executing and any queued commands), the following message is displayed:
= = = UNIX COMMAND CANCELLED = = =
This message indicates that the Solaris shell in which the command was running has been stopped. Further Solaris commands can be issued as necessary.
If a command starts a daemon process on the Solaris computer, this process may not be stopped by ux-cancel. You may need to use the Solaris kill command (either on a terminal or by using UCF) to stop such a process explicitly.
If no UCF command is running when ux-cancel is used, UCF displays the following message:
NO OUTSTANDING COMMANDS
In this case, the ux-cancel command is ignored. No action is necessary. This message can be displayed when the ux-cancel command is issued after the previous command finishes but before the
UNIX COMMAND COMPLETEDmessage is received.
Because the UCF enables a remote operator to issue commands on the Solaris computer and to receive output from these commands, it is important to consider the security implications. For example, you need to ensure that the operator cannot access private information or issue Solaris commands that can disrupt other users.
The SNAP-IX configuration includes a specific Solaris system user name as the UCF user; this must be a valid login ID on the SNAP-IX computer. All UCF commands run with this user's ID, and therefore with the access permissions of this user.
It is intended that you use the normal security features provided by Solaris to restrict the commands the UCF user can access, in order to permit only those commands you consider reasonable for use from UCF. The following guidelines may be useful:
The UCF user name should be one that is used solely for UCF; you should not use an existing login that is also used for other purposes. This makes it easier to define the privileges of this user to include only those that are reasonable for UCF; it also enables you to identify processes that were started using UCF.
You may need to restrict the users and groups for which the UCF user can change a user ID or group ID. In particular, the UCF user must not be permitted to do the following:
Become root or superuser.
Use the group ID sna, which enables access to the snaadmin program. (The functions of this program should be accessed using SPCF, as described earlier in this chapter, instead of UCF.)
|
|
|
 |
|