Satisfy Security Provider OPSYS Requirements
To run a server with security provider OPSYS, you must perform the following steps. You must do this once after installing and after each refresh of the server with fixes.
Set up tscom300.out as a root-owned SUID program:
- Procedure
- If the server is running, bring it down.
- Log on to the system as root, or issue the su root command.
- Change your current directory to the bin directory of
the home directory created during the installation procedure.
For example, type the following command:
cd /home/iadmin/ibi/srv93/home/bin - Change file ownership and permissions by typing the following commands:
chown root tscom300.out chmod 4555 tscom300.out
- Verify your changes by issuing the following command:
ls -l tscom300.out
The output should be similar to the following:
-r-sr-xr-x 1 root iadmin 123503 Aug 23 04:45 tscom300.out
Note the permissions and ownerships.
When you start the server, it will now run with security provider OPSYS.
The chmod and chown steps will need to be repeated after any server upgrade since the tscom300.out file is replaced during an upgrade and the attributes are lost.
If this Security Provider OPSYS step has been configured and the site later decides to switch to Security OFF, special steps must be taken to ensure the mode remains after a full server shutdown (where edastart -start is used to restart the server). The steps are:
- After the server recycles from the change to OFF, use the WebFOCUS Reporting Server browser interface to open the environment configuration file of the server by clicking Workspace and expanding the Configuration Files folder, followed by the Miscellaneous folder.
- Double-click Environment - edaenv.cfg to edit the file and add the EDAEXTSEC=OFF variable.
- Save your work.
After the next full server shutdown, be sure to do an edastart -cleardir before restarting the server. This will clear any root-owned files that would prevent a security OFF server from starting.