unix.map File

Purpose

Defines the operating system identity used for service provider applications on the node by the UNIX host-based authentication (HBA) security mechanism.

Description

Applications that use the cluster security services library must obtain an identity from the security mechanisms supported by the library. These identities are specific to the individual security mechanisms supported by cluster security services. Because cluster security services supports multiple security mechanisms and multiple applications, the cluster security services library must be informed of which identity to use for an application when interacting with a specific security mechanism on its behalf.

The default security mechanism used by the cluster security services library is the HBA mechanism. The unix.map file defines the identities used by the core cluster applications when interacting with the HBA mechanism. The cluster security services library expects to locate this file in /var/ct/cfg/unix.map (preferred) or /usr/sbin/rsct/cfg/unix.map (default).

This file is ASCII-text formatted, and can be modified with a standard text editor. However, this file should not be modified unless the administrator is instructed to do so by the cluster softwre service provider. If this configuration file is to be modified, the default /usr/sbin/rsct/cfg/unix.map file should not be modified directly. Instead, the file should be copied to /var/ct/cfg/unix.map, and modifications should be made to this copy. The default configuration file should never be modified.

All entries within this file use the following format:
SERVICE:service_name:user_name_running_the_service
Attribute
Definition
SERVICE
Required keyword
service_name
Specifies the name commonly used to refer to the application. For example, this could be the name used by the system resource controller to refer to this application.
user_name_running_the_service
Specifies the operating system user identity used to execute the application process. It is the owner identity that would be seen for the application process in the ps command output.

Security

Restrictions

This file should not be modified unless the administrator is instructed to do so by the cluster softwre service provider. Incorrect modification of this file will result in authentication failures for the applications listed in this file and possibly their client applications. If this configuration file is to be modified, the default /usr/sbin/rsct/cfg/unix.map file should not be modified directly. Instead, the file should be copied to /var/ct/cfg/unix.map, and modifications should be made to this copy. The default configuration file should never be modified.

Examples

This example shows the default contents of the configuration file:
SERVICE:ctrmc:root
SERVICE:rmc:root
SERVICE:ctloadl:loadl
SERVICE:ctdpcl:root
SERVICE:ctpmd:root

Location

/var/ct/cfg/unix.map
Contains the unix.map file

Files

/usr/sbin/rsct/cfg/unix.map
Default location of the unix.map file