Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ restrict(1) — AIX PS/2 1.2.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought



RESTRICT(1,C)               AIX Commands Reference                RESTRICT(1,C)



-------------------------------------------------------------------------------
restrict



PURPOSE

Enforces licensing in a TCF cluster.

SYNTAX


application_name --- args ---|


Note:  /etc/restrict/restrict is not run directly.  It is run based on running
       another command which is linked to /etc/restrict/restrict.

DESCRIPTION

The restrict program enforces licensing in a TCF cluster so that licensed
programs can only be executed on sites where the program has been licensed to
run.  When the user or system administrator installs a program in a TCF cluster
and wishes that the program only be runnable on specific sites within the
cluster, the user or System administrator moves the program into the
/etc/restrict directory, and replaces the program in its standard place in the
AIX file system with a link or symbolic link to /etc/restrict/restrict.

When run, restrict opens /etc/restrict/restrictlist to determine the execution
restrictions for the controlled program.  /etc/restrict/restrictlist is an
attribute file with stanzas for each controlled program.  The name of the
program being run (argument 0) is used as the name of the stanza in this
attribute file.

Each stanza of the file should have two fields:

site    - which site(s) have been licensed to run the program, and
program - the pathname of the real program to be run.

The site field is specified as a comma-separated list of site names or site
numbers.  Only if the site where the command is running is listed in the list
given by the site field is the program indicated by the program field actually
run.

If the execution site is not in the list of licensed sites, the following error
message is written to stderr:

  Sorry, <commandname> has not been licensed to run on site <sitename>.

Note that if the program being restricted is normally installed with the
set-user-id or set-group-id mode bit set, the program should continue to be
installed that way when moved into the /etc/restrict directory.  The link to



Processed November 8, 1990       RESTRICT(1,C)                                1





RESTRICT(1,C)               AIX Commands Reference                RESTRICT(1,C)



/etc/restrict which the user will be calling directly is NOT to be made
set-user-id, even though in so doing users who use "'ls -l'" to look at the
program may be misled by the apparent owner and permissions of the program they
are running.

EXAMPLES

An example /etc/restrict/restrictlist file might be:

  ls:
          site=fuji,akagi,9
          program=/etc/restrict/ls

and /bin/ls would be set up each as a symbolic link to /etc/restrict/restrict.

When /bin/ls is run on site fuji, restrict validates that fuji is one of the
licensed sites for ls, and therefore runs /etc/restrict/ls - the real ls
program.

Similarly, ls could be run on site akagi or the site whose site number is 9.

If ls is run on site myoko, the restrict command denies the user permission to
run the command - giving the user the following error message:

  Sorry, ls has not been licensed to run on site myoko.

FILES

/etc/restrict/restrict   Restrict executable
/etc/restrict/restrictlist
                         Attribute file of restricted programs
























Processed November 8, 1990       RESTRICT(1,C)                                2



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026