HP-UX Event ManagerProgrammer's Guide

the channel's log files. This function is always executed as superuser and must take appropriate

security precautions.

The cleanup function can be run from the command-line along with the arguments. The function

is allowed to take whatever action is appropriate. It is executed with no stdout or stderr

assigned to the channel manager's log file. Hence, any desired status messages must generally

be issued in the form of EVM events by using evmpost, instead of being written to stderr. If

the function does not reassign stderr, any messages written to it must have the same format

as those written by the channel manager and must be clearly identifiable as coming from your

channel. Nothing must be written to stdout.

Write the function so that it has the same effect regardless of the time of day at which it is run.

For example, it can use the -m time option of the find command to identify log files to be

archived.

Channel Security

In most cases, channel functions are executed by processes that are children of the EVM daemon,

and, as a result, they are run with full root privileges. Hence, you must protect your system's

integrity by ensuring the following:

• Functions are placed in a directory that has restricted write privileges.

• Functions themselves have restricted write and execute privileges.

• Functions do not call other programs that have inappropriate privileges.

Adding an Event Channel to EVM 57