The LifeKeeper GUI uses policy-based access control. When the GUI client is loaded, it is assigned permissions based on the security policy currently in effect. The policy, which specifies permissions that are available for code from various signers/locations, is initialized from an externally configurable policy file.
There is, by default, a single system-wide policy file and an optional user policy file. The system policy file, which is meant to grant system-wide code permissions, is loaded first, and then the user policy file is added to it. In addition to these policy files, the LifeKeeper GUI policy file may also be loaded if the LifeKeeper GUI is invoked as an application.
Location of Policy Files
The system policy file is by default at:
<JAVA.HOME>/lib/security/java.policy (Linux)
<JAVA.HOME>\lib\security\java.policy (Windows)
Note: JAVA.HOME refers to the value of the system property named “JAVA.HOME”, which specifies the directory into which the JRE or JDK was installed.
The user policy file starts with `.` and is by default at:
<USER.HOME>\.java.policy
Note: USER.HOME refers to the value of the system property named “user.home”, which specifies the user’s home directory. For example, the home directory on a Windows NT workstation for a user named Paul might be “paul.000”.
For Windows systems, the user.home property value defaults to:
C:\WINNT\Profiles\<USER> (on multi-user Windows NT systems)
C:\WINDOWS\Profiles\<USER> (on multi-user Windows 95/98 systems)
C:\WINDOWS (on single-user Windows 95/98 systems)
The LifeKeeper GUI policy file is by default at:
/opt/LifeKeeper/htdoc/java.policy (Linux)
Policy File Creation and Management
By default, the LifeKeeper GUI policy file is used when the LifeKeeper GUI is invoked as an application. If you are running the LifeKeeper GUI as an applet, you will need to create a user policy file in your home directory if one does not already exist. The user policy file should specify the minimum permissions required to run the LifeKeeper GUI, which are provided in the “Sample Policy File” section later in this topic.
A policy file can be created and maintained via a simple text editor, or via the graphical Policy Tool utility included with the Java Runtime Environment (JRE) or Java Development Kit (JDK). Using the Policy Tool saves typing and eliminates the need for you to know the required syntax of policy files. For information about using the Policy Tool, see the Policy Tool documentation at http://docs.oracle.com/javase/8/docs/technotes/tools/.
The simplest way to create a user policy file with the minimum permissions required to run the LifeKeeper GUI is to copy the LifeKeeper GUI policy file located in /opt/LifeKeeper/htdoc/java.policy to your home directory and rename it .java.policy (note the leading dot before the filename which is required). On a Windows system, you can copy the LifeKeeper GUI policy file by opening the file http://<server name*>*:81/java.policy (where <server name> is the host name of a LifeKeeper server) and saving it as .java.policy in your home directory. If you need to determine the correct location for a user policy file, enable the Java Console using the Java Control Panel and start the LifeKeeper GUI as an applet. The home directory path for the user policy file will be displayed in the Java Console.
Granting Permissions in Policy Files
A permission represents access to a system resource. In order for a resource access to be allowed for an applet, the corresponding permission must be explicitly granted to the code attempting the access. A permission typically has a name (referred to as a “target name”) and, in some cases, a comma-separated list of one or more actions. For example, the following code creates a FilePermission object representing read access to the file named abc in the /tmp directory:
perm = new java.io.FilePermission(“/tmp/abc”,“read”);
In this, the target name is “/tmp/abc” and the action string is “read”.
A policy file specifies what permissions are allowed for code from specified code sources. An example policy file entry granting code from the /home/sysadmin directory read access to the file /tmp/abc is:
grant codeBase “file:/home/sysadmin/” { permissionjava.io.FilePermission “/tmp/abc”, “read”; };
Sample Policy File
The following sample policy file includes the minimum permissions required to run the LifeKeeper GUI. This policy file is installed in /opt/LifeKeeper/htdoc/java.policy by the LifeKeeper GUI package.
/*
* Permissions needed by the LifeKeeper GUI. You may want to
* restrict this by codebase. However, if you do this, remember
* that the recovery kits can have an arbitrary jar component ** with an arbitrary codebase, so you’ll need to alter the grant
* to cover these as well.
*/
grant {
/*
* Need to be able to do this to all machines in the
* LifeKeeper cluster. You may restrict the network
* specification accordingly.
*/
permission java.net.SocketPermission”*”, “accept,connect,resolve”;
/*
* We use URLClassLoaders to get remote properties files and
* jar pieces.
*/
permission java.lang.RuntimePermission“createClassLoader”;
/*
* The following are needed only for the GUI to run as an
* application (the default RMI security manager is more
* restrictive than the one a browser installs for its
* applets.
*/
permission java.util.PropertyPermission “*”,“read”;
permission java.awt.AWTPermission “*”;
permission java.io.FilePermission “<<ALL FILES>>”,“read,execute”;
};
Post your comment on this topic.