Administration Guide

Components of Sysctl

Sysctl contains the following components:

A server daemon (sysctld) that runs on all nodes and the control workstation.
This server daemon has root privileges. It executes commands as root on behalf of authorized clients.
Built-in commands.
These commands that are built into the server do the actual system administration work. Each command is paired with an authorization-checking script, referred to as a callback, that has access to authenticated information about the client attempting to run the command. These commands include IBM-provided commands and typically also include installation-written ones.
Configuration files that control aspects of the server operation as well as extend the command set available on a given node.
Access control lists that list authorized users.
A client program (sysctl) that offers command-line and interactive interfaces for communicating with sysctld servers.

Figure 2 illustrates how the Sysctl elements interact.

Figure 2. Sysctl elements

View figure.

The interpretation of a Sysctl command starts when the user issues a Sysctl client command. This can be embedded in a script or issued directly from the command line. It is of the following form:

sysctl target_nodes_specification
command args

More than one node can be targeted. The command is the name of a Sysctl server command to be run as root on each of the targeted servers, if the client user is authorized. The following steps are performed:

The Sysctl client code obtains authentication information about the command issuer from SP security services.
The Sysctl client code sends the authentication information, along with the command string, to each of the specified Sysctl servers in parallel.
Each server then performs the following steps:
1. The authentication information is decoded and the authenticated information about the client, known as credentials, is obtained.
2. Internal variables, such as the user name and the host of the client are set. These variables are available to the server routines, known as the authorization callbacks, that will check the authorization of the client as well as the Sysctl commands to be run.
3. The authorization is checked via an authorization callback. This can be a supplied callback, or an installation-written one. This callback may check an ACL. If the client passes the authentication check, the next step is done.
4. The server commands requested are executed as root, on behalf of the client.
stdout and stderr are sent back to the client. Output from each server is displayed with labeling indicating its source.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]