Chapter 3 System PreparationHPSS Installation Guide September 2002 187Release 4.5, Revision 2Security Manager, or if none of these policy files exists, the default policy is the original Javasandbox policy, which is rather liberal.Any system access is further limited by whatever protections the local operating system supplies.So, for example, if the policy file allows access to file "foo", but the file system permissions do notpermit access to "foo" by the user executing hpssadm, then the user cannot access the file.The SSM Data Server and the hpssadm utility have been written to be executed under a SecurityManager so that we may impose further restrictions than the sandbox, particularly the ability torestrict accesses to a specified set of network addresses. The Security Manager is set up inside theData Server and hpssadm code. The HPSS administrator controls the privileges granted to the codeby means of the policy files.The names of the policy files are specified in the system security properties file, $JAVA_HOME/lib/security/java.security. By default, a system wide policy file $JAVA_HOME/lib/security/java.policy is checked first, and then the file ".java.policy" in the user's home directory. Alternatepolicy files can be specified for an application at runtime. The Data Server and hpssadm utilityexpect an alternate policy file at runtime. By default, these files are/var/hpss/ssm/java.policy.ds/var/hpss/ssm/java.policy.hpssadmon the machine where the Data Server or hpssadm utility is executing, respectively. These filenames can be changed in the hpss_env file by setting the HPSS_SSMDS_JAVA_POLICY andHPSS_HPSSADM_JAVA_POLICY variables as desired. See the files config/templates/java.policy.ds.template and config/template/java.policy.hpssadm.template for sample policyfiles. These files should be copied to the /var/hpss/ssm area on the appropriate machines andcustomized as desired for your site.The minimum privileges which must be granted to the Data Server are those to allow it to load itsnative library, to read its configuration file, and to communicate across the network with hpssadmclients. The hpssadm client must have privileges to read the user's keytab file and to communicateacross the network with the Data Server:1. Native library access requires RuntimePermission loadLibrary. The name of the DataServer's native library is libssmds.a (libssmds.so on Solaris), so the entry for the policy fileis:grant {permission java.lang.RuntimePermission "loadLibrary.ssmds";};Additionally, although we can find no reference to it in any of the Java documentation,the interpretation of this library name requires read permission on the java.execsuffixproperty. This policy file entry is:grant {permission java.util.PropertyPermission "java.execsuffix","read";};These two entries are necessary only in the Data Server policy file. They are not needed inthe hpssadm policy file.
