The following configuration files come with SoftBench CM and
are usually maintained by the SoftBench CM administrator. However,
each SoftBench CM user can configure the default .fmrc file. The server reads and acknowledges modifications
to these files every 30 seconds. The system writes a record to the /var/opt/softbench/cm/msglog file every time it reads a configuration file.
Table C-1 Server Configuration Files
File Name | Description |
|---|
cm.mapping | Determines where archive files are stored
on the server(s). |
cm.permission | Determines user access rights to the
archive files. |
cm.option | Determines logging and debug levels. |
cm.nameperm | Determines user modification rights on symbolic
names. |
The server configuration files can exist in two different
directories on your server:
/opt/softbench/config When SoftBench CM is installed on your server,
SoftBench CM places the configuration files in this directory. The
contents of the files in this directory provide global configuration of
your SoftBench CM environment. All machines are configured according
to the settings in these files.
/etc/opt/softbench/config To configure a specific system differently from
the global configuration, you can copy the configuration files into
this directory and make the changes you want. The contents of the
files in this directory only affect the system on which they reside.
SoftBench CM looks in both directories for the configuration
files, but only uses one. The contents of the files found in the /etc/opt/softbench/config directory override the contents of the files found
in /opt/softbench/config directory. Comment lines in these files begin
with a "#" character.
Configuring Where Archive Files are Stored |
 |
The cm.mapping file determines where archive files are physically
stored on the server. This file is created during installation and
contains default entries that MUST be modified
to map to your archive file structure. Together this file and the
mapping file determine the relationship between local files and
directories and the logical and physical location of archive files
and directories (see Figure C-1 “File Mapping Between Local and Archive
Files ”).
Each line in this file contains two fields separated by tabs
or spaces. The first field is the logical archive directory prefix. The second field is the corresponding
physical directory prefix.
The cm.mapping file initially contains the following entry for
the /TestArchive directory:
# TestArchive entry
/TestArchive /var/tmp |
In this entry, /TestArchive is the logical archive path by which the SoftBench
CM client and server communicate, and /var/tmp is the physical path where the example files are
stored on the SoftBench CM server.
Every file managed by SoftBench CM should have exactly one
logical path name. You should not map multiple, logical archive
path names to the same physical file or directory. When creating
or updating the cm.mapping file, create the physical directories and set
their ownership to softcm. Otherwise, the SoftBench CM server may not be
able to access these directories. For example, if you add the following
entry to the cm.mapping file:
#logical path physical path
/project_95 /data/project_srcs |
you would also need to do the following from the command line:
mkdir /data/project_srcs
chown softcm /data/project_srcs
chgrp 10000 /data/project_srcs
chmod 700 /data/project_srcs |
Change the group id number for the "chgrp" entry above if
you used a GroupID number other than "10000" for the softcm entry
in the /etc/passwd file.
You can edit the cm.mapping file while the SoftBench CM server is running.
The server notices the changes and updates its internal data structures
automatically.
Defining User Access to the Server |
|
The cm.permission file determines users' access rights to the SoftBench CM
archive files. When you make changes to this file, they take effect within
30 seconds of saving the file.
The cm.permission file consists of a series of entries. Each entry contains
three types of fields terminated by a semicolon, as follows:
f1 f2 f3 ... [ f2 f3 ... ] ... ; |
where f1, f2 and f3 are three distinct types.
User@System
User is either * (indicating any user) or a user name.
System is a sh(1) wild card pattern for a [full domain] machine name,
or a machine address or address range in dot notation (see inetd.sec(4)).
Permission symbols (see Table C-2 “Options Used in the cm.permission and cm.option Files ”).
Each option is specified by a lower case letter and each grouping
by an upper case letter.
Table C-2 Options Used in the cm.permission and cm.option Files
Option | Description |
|---|
a | List the contents of a directory. |
b | Show the history of a file. |
c | Create a new file. |
d | Create a new directory. |
e | Rename a directory. |
f | Check out a revision. |
i | Check in a new revision. |
l | Create a lock for later check in. |
m | Modify a comment on an existing revision. |
n | Create a new symbolic revision name. |
o | Obsolete a revision. |
p | Modify the mode of a file. |
q | Delete a file and all of its revisions. |
s | Change the state of a revision. |
t | Change the descriptive text for a file. |
u | Delete a lock on a revision. |
v | Rename a file. |
w | Break a lock which is owned by another. |
x | Delete a directory. |
y | Move a symbolic revision name. |
z | Delete a symbolic revision name. |
S | Superaccess: allows all access rights. |
R | Read access to archive files. Equivalent
to "abf". |
M | Modify archive files. Equivalent to "cdilmnptuwx". |
D | Delete archive files, revisions and symbolic
revision names. Equivalent to "oqz". |
A | Administration: Rename files and directories.
Modify symbolic revision name values and state values. Equivalent
to "ensvy". |
0 | Set low priority for this entry. |
2 | Set high priority for this entry. |
3 | Set highest priority for this entry. |
- | Ignored placeholder. |
The permission symbols come in three groups:
lower case letters control access
to individual operations
upper case letters control access to groups of operations
numbers set relative priorities for the associated
entry
These priorities, coupled with the best match criteria, apply
a single set of permissions to a given access.
SoftBench CM normally uses the best matching entry (longest
/path prefix match, then most specific user/host match) to determine
access rights. However, by specifying priorities, you can use a
shorter path for a specific user. For example, in the following
entries:
*@host R /earth ;
john@host S / ;
jane@host 2S / ; |
the user "john" has "R" access to /earth because /earth is more specific than "/" and "S" access to the
rest of the archive. The user "jane" has "S" access to the whole
archive, including /earth because the "2" specifies an increased priority.
The /opt/softbench/sbin/checkperm -d command displays the permissions file entries
in sorted order. For any given access, the first entry that matches
the requesting user@host and /path determines the access.
Recommended Format for Permissions File |
|
You can order fields within an entry in two formats:
Format 1. Place user field first and permissions
field second.
user1@host.domain.hp.com
RM /project1 /project2
S /project3 # system admin
R / # read-only default
;
user2@hp* S /project1
RM /project2 /project3
; |
Format 2. Place path field first and permissions
field second.
/ R *@*
;
/project1 RM user1@host* user2@15.1.1-40.* user3@*
S user4@host1.domain.hp.com
;
/project2 RM user1@host*
RMD user2@host1*
; |
Use the pattern RMDA or -abf-cdilmnptuwx-oqz-esvy for permissions and replace the disallowed permission
bits or groupings with "-" characters. This makes it easier to understand
which permissions are deleted and given. The permission letters
can be in any order.
If the cm.permission file is missing, or no match is found, no access
is allowed. You should specify a default entry such as:
*@15.* -abf-cdilmnptuwx-oqz-esvy /
; |
Setting Logging and Debug Options |
|
The cm.option file specifies two archive options:
Title not available (Setting Logging and Debug Options )
- LogOptions
The recommended (default) setting for logging is
to log every modification operation into the /var/opt/softbench/cm/activityLog file. The option letters are position independent
(see Table C-2 “Options Used in the cm.permission and cm.option Files ”).
LogOptions: abf-cdilmnptuwx-oqz-esvy # Logging options (full list)
LogOptions: cdilmnptuwx-oqz-esvy # Logging options (recommended)
- Debug
Enables writing of debugging information into the
file /var/opt/softbench/cm/msglog. Debug levels range from 1 to 5. Higher numbers result in more output.
Use the cron utility to trim the log files periodically because
the log files have no maximum file length.
Controlling Client Machine Access to the SoftBench CM
Server on HP-UX |
|
The inetd.sec file determines the list of client machines that
have access to the archive server machine.
If inetd.sec is missing or does not contain an entry for softcm, all users have access to the archive files, subject
to the cm.permission. For more information, see “Defining User Access to the Server ”.
If inetd.sec exists, but is inaccessible to the softcm user, SoftBench CM denies all access.
Otherwise, the softcm service entry determines access according to the
standard inetd.sec constructs. (See the inetd.sec(4) reference page
for more information.)
You can edit the inetd.sec file while running the archive server. The server
notices the change and updates its internal data structures immediately.
Printable version
