IBM Hub/Switch Installation Manual

Also see for High Performance Storage System HPSS: Management guide Installation guide

Contents

Chapter 2 HPSS Planning86 September 2002 HPSS Installation GuideRelease 4.5, Revision 2In UNIX-style accounting, each user has one and only one account index, their UID. This, combinedwith their Cell Id, uniquely identifies how the information may be charged.In Site-style accounting, each user may have more than one account index, and may switch betweenthem at runtime.A site must also decide if it wishes to validate account index usage. Prior to HPSS 4.2, no validationwas performed. For Site-style accounting, this meant that any user could use any account indexthey wished without authorization checking. UNIX-style accounting performs de factoauthorization checking since only a single account can be used and it must be the user's UID.If Account Validation is enabled, additional authorization checks are performed when files ordirectories are created, their ownership changed, their account index changed, or when a userattempts to use an account index other than their default. If the authorization check fails, theoperation fails as well with a permission error.Using Account Validation is highly recommended if a site will be accessing HPSS systems at remotesites, now or in the future, in order to keep account indexes consistent. Event if this is not the case,if a site is using Site-style accounting, Account Validation is recommended if there is a desire by thesite to keep consistent accounting information.For UNIX-style accounting, at least one Gatekeeper server must be configured and maintained. Noother direct support is needed.For Site-style accounting, an Account Validation metadata file must also be created, populated andmaintained with the valid user account indexes. See Section 12.2.23: hpss_avaledit — AccountValidation Editor on page 366 of the HPSS Management Guide for details on using the AccountValidation Editor.If the Require Default Account field is enabled with Site-style accounting and Account Validation,a user will be required to have a valid default account index before they are allowed to performalmost any client API action. If this is disabled (which is the default behavior) the user will only berequired to have a valid account set when they perform an operation which requires an account tobe validated, such as a create, an account change operation or an ownership change operation.When using Site-style accounting with Account Validation if the Account Inheritance field isenabled, newly created files and directories will automatically inherit their account index fromtheir parent directory. The account indexes may then be changed explicitly by users. This is usefulwhen individual users have not had default accounts set up for them or if entire trees need to becharged to the same account. When Account Inheritance is disabled (which is the default) newlycreated files and directories will obtain their account from the user's current session account, whichinitially starts off as the user's default account index and may be changed by the user during thesession.A site may decide to implement their own style of accounting customized to their site's need. Oneexample would be a form of Group (GID) accounting. In most cases the site should enable AccountValidation with Site-style accounting and implement their own site policy module to be linked withthe Gatekeeper. See Section 2.6.6: Gatekeeper on page 68 as well as the appropriate sections of theHPSS Programmers Reference Vol. 2 for more information.Account Validation is disabled (bypassed) by default and is the equivalent to behavior in releasesof HPSS prior to 4.2. If it is disabled, the style of accounting is determined for each individual userby looking up their DCE account information in the DCE registry. The following instructionsdescribe how to set up users in this case.