| Skip Navigation Links | |
| Exit Print View | |
|
Oracle Solaris Cluster Security Guide Oracle Solaris Cluster 4.0 |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Oracle Solaris Cluster Security Guide Oracle Solaris Cluster 4.0 |
1. Introduction to Oracle Solaris Cluster Security
Overview of Oracle Solaris Cluster and Security
This section provides information useful to developers producing applications that use Oracle Solaris Cluster. Developers use the Oracle Solaris Cluster API and Oracle's Sun Developer's Toolkit (SDK). For more information, see Chapter 3, Key Concepts for System Administrators and Application Developers, in Oracle Solaris Cluster Concepts Guide.
The agent applications that developers create should work within the security framework of the product and consider the following security features:
Superuser and Root User Access– Oracle Solaris Cluster uses superuser privileges to control starting, stopping, and probing of Data Service agents. All programs and scripts that are directly executed by an agent must be owned by the root user. If a program or script executable file is owned by a non-root user, that user could create a “back door” to access the system.
If it is necessary to run an application under Oracle Solaris Cluster control as a non-root user, the agent software should verify security and run the application as the required user. The Apache web server agent is an example of this type of application.
Secure Access to an Application – Some cases will require secure access to an application when you issue management or configuration commands. This secure access should be done with a credential-based method, such as the Oracle Wallet Manager. If you must supply a password, the password should be securely used and stored in an obfuscated form. For example, it should not be passed on the command line where it is visible to a user through the ps(1) command.
|