Manualshelf

Hub/Switch Installation Guide

ManualsBrandsIBM ManualsSwitchHub/Switch
81828384858687888990
Chapter 2 HPSS Planning
86 September 2002 HPSS Installation Guide
Release 4.5, Revision 2
InUNIX-styleaccounting,eachuserhasoneandonlyoneaccountindex,theirUID.This,combined
with their Cell Id, uniquely identifies how the information may be charged.
InSite-styleaccounting,eachusermayhavemorethanoneaccountindex,andmayswitchbetween
them at runtime.
Asite mustalsodecide ifitwishes tovalidate accountindexusage. Priorto HPSS4.2,no validation
was performed. For Site-style accounting, this meant that any user could use any account index
they wished without authorization checking. UNIX-style accounting performs de facto
authorization checking since only a single account can be used and it must be the user's UID.
If Account Validation is enabled, additional authorization checks are performed when files or
directories are created, their ownership changed, their account index changed, or when a user
attempts to use an account index other than their default. If the authorization check fails, the
operation fails as well with a permission error.
UsingAccountValidationishighlyrecommendedifasitewillbeaccessingHPSSsystemsatremote
sites, now or in the future, inorder to keep account indexes consistent. Event if this is not the case,
ifa siteisusing Site-styleaccounting, AccountValidationis recommendedif thereisadesireby the
site to keep consistent accounting information.
ForUNIX-styleaccounting, atleastone Gatekeeperservermustbe configuredand maintained.No
other direct support is needed.
ForSite-styleaccounting, anAccount Validation metadatafile must alsobecreated, populatedand
maintained with the valid user account indexes. See Section 12.2.23: hpss_avaledit — Account
Validation Editor on page 366 of the HPSS Management Guide for details on using the Account
Validation Editor.
Ifthe RequireDefault Accountfield isenabled withSite-styleaccountingand AccountValidation,
a user will be required to have a valid default account index before they are allowed to perform
almost any clientAPI action.If this is disabled(which isthe default behavior) the userwill only be
required tohave a validaccount set whenthey perform anoperation which requiresan account to
be validated, such as a create, an account change operation or an ownership change operation.
When using Site-style accounting with Account Validation if the Account Inheritance field is
enabled, newly created files and directories will automatically inherit their account index from
their parent directory. The account indexes may then be changed explicitly by users. This is useful
when individual users have not had default accounts set up for them or if entire trees need to be
charged to the same account. When Account Inheritance is disabled (which is the default) newly
createdfilesand directorieswillobtain theiraccount fromtheuser'scurrentsessionaccount,which
initially starts off as the user's default account index and may be changed by the user during the
session.
A site may decide to implement their own style of accounting customized to their site's need. One
examplewouldbe a formofGroup(GID)accounting. In mostcases thesite shouldenableAccount
ValidationwithSite-styleaccountingandimplementtheirownsitepolicymoduletobelinkedwith
the Gatekeeper. See Section 2.6.6: Gatekeeper on page 68 as well as the appropriate sections of the
HPSS Programmers Reference Vol. 2 for more information.
Account Validation is disabled (bypassed) by default and is the equivalent to behavior in releases
of HPSSprior to 4.2.If it is disabled, thestyle of accountingis determined foreach individual user
by looking up their DCE account information in the DCE registry. The following instructions
describe how to set up users in this case.