policy.5

NAME

policy - a table in the xCAT database.

SYNOPSIS

policy Attributes: priority, name, host, commands, noderange, parameters, time, rule, comments, disable

DESCRIPTION

The policy table in the xCAT database controls who has authority to run specific xCAT operations. It is basically the Access Control List (ACL) for xCAT. It is sorted on the priority field before evaluating.

policy Attributes:

priority

The priority value for this rule. This value is used to identify this policy data object (i.e. this rule) The table is sorted on this field with the lower the number the higher the priority. For example 1.0 is higher priority than 4.1 is higher than 4.9.

name

The username that is allowed to perform the commands specified by this rule. Default is “*” (all users).

host

The host from which users may issue the commands specified by this rule. Default is “*” (all hosts). Only all or one host is supported

commands

The list of commands that this rule applies to. Default is “*” (all commands).

noderange

The Noderange that this rule applies to. Default is “*” (all nodes). Not supported with the *def commands.

parameters

A regular expression that matches the command parameters (everything except the noderange) that this rule applies to. Default is “*” (all parameters). Not supported with the *def commands.

time

Time ranges that this command may be executed in. This is not supported.

rule

Specifies how this rule should be applied. Valid values are: allow, trusted. Allow will allow the user to run the commands. Any other value will deny the user access to the commands. Trusted means that once this client has been authenticated via the certificate, all other information that is sent (e.g. the username) is believed without question. This authorization should only be given to the xcatd on the management node at this time.

comments

Any user-written notes.

disable

Set to ‘yes’ or ‘1’ to comment out this row.

SEE ALSO

nodels(1), chtab(8), tabdump(8), tabedit(8)