Previous
Naming Services Configuration
Resource management supports naming service project databases. The location where the project database is stored is defined in the /etc/nsswitch.conf file. By default, files is listed first, but the sources can be listed in any order.
project: files [nis] [ldap] |
If more than one source for project information is listed, the nsswitch.conf file directs the routine to start searching for the information in the first source listed, and then search subsequent sources.
For more information about the /etc/nsswitch.conf file, see Chapter 2, "The Name Service Switch (Overview)," in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) and nsswitch.conf(4).
Local /etc/project File Format
If you select files as your project database source in the nsswitch.conf file, the login process searches the /etc/project file for project information. See the projects(1) and project(4) man pages for more information.
The project file contains a one-line entry of the following form for each project recognized by the system:
projname:projid:comment:user-list:group-list:attributes |
The fields are defined as follows:
projname | The name of the project. The name must be a string that consists of alphanumeric characters, underline (_) characters, hyphens (-), and periods (.). The period, which is reserved for projects with special meaning to the operating system, can only be used in the names of default projects for users. projname cannot contain colons (:) or newline characters. | |
projid | The project's unique numerical ID (PROJID) within the system. The maximum value of the projid field is UID_MAX (2147483647). | |
comment | A description of the project. | |
user-list | A comma-separated list of users who are allowed in the project. Wildcards can be used in this field. An asterisk (*) allows all users to join the project. An exclamation point followed by an asterisk (!*) excludes all users from the project. An exclamation mark (!) followed by a user name excludes the specified user from the project. | |
group-list | A comma-separated list of groups of users who are allowed in the project. Wildcards can be used in this field. An asterisk (*) allows all groups to join the project. An exclamation point followed by an asterisk (!*) excludes all groups from the project. An exclamation mark (!) followed by a group name excludes the specified group from the project. | |
attributes | A semicolon-separated list of name-value pairs, such as resource controls (see Chapter 6, Resource Controls (Overview)). name is an arbitrary string that specifies the object-related attribute, and value is the optional value for that attribute.
In the name-value pair, names are restricted to letters, digits, underscores, and periods. A period is conventionally used as a separator between the categories and subcategories of the resource control (rctl). The first character of an attribute name must be a letter. The name is case sensitive. Values can be structured by using commas and parentheses to establish precedence. A semicolon is used to separate name-value pairs. A semicolon cannot be used in a value definition. A colon is used to separate project fields. A colon cannot be used in a value definition. |
Note - Routines that read this file halt if they encounter a malformed entry. Any projects that are specified after the incorrect entry are not assigned.
This example shows the default /etc/project file:
system:0:System::: user.root:1:Super-User::: noproject:2:No Project::: default:3:::: group.staff:10:::: |
This example shows the default /etc/project file with project entries added at the end:
system:0:System::: user.root:1:Super-User::: noproject:2:No Project::: default:3:::: group.staff:10:::: user.ml:2424:Lyle Personal::: booksite:4113:Book Auction Project:ml,mp,jtd,kjh:: |
You can also add resource controls and attributes to the /etc/project file:
To add resource controls for a project, see Setting Resource Controls.
To define a physical memory resource cap for a project using the resource capping daemon described in rcapd(1M), see Attribute to Limit Physical Memory Usage.
To add a project.pool attribute to a project's entry, see Creating the Configuration.
Project Configuration for NIS
If you are using NIS, you can specify in the /etc/nsswitch.conf file to search the NIS project maps for projects:
project: nis files |
The NIS maps, either project.byname or project.bynumber, have the same form as the /etc/project file:
projname:projid:comment:user-list:group-list:attributes |
For more information, see Chapter 4, "Network Information Service (NIS) (Overview)," in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).
Project Configuration for LDAP
If you are using LDAP, you can specify in the /etc/nsswitch.conf file to search the LDAP project database for projects:
project: ldap files |
For more information about LDAP, see Chapter 8, "Introduction to LDAP Naming Services (Overview/Reference)," in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP). For more information about the schema for project entries in an LDAP database, see "Solaris Schemas" in System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).
Task Identifiers
Each successful login into a project creates a new task that contains the login process. The task is a process collective that represents a set of work over time. A task can also be viewed as a workload component. Each task is automatically assigned a task ID.
Each process is a member of one task, and each task is associated with one project.
Figure 2-1 Project and Task Tree
All operations on process groups, such as signal delivery, are also supported on tasks. You can also bind a task to a processor set and set a scheduling priority and class for a task, which modifies all current and subsequent processes in the task.
A task is created whenever a project is joined. The following actions, commands, and functions create tasks:
login
cron
newtask
setproject
su
You can create a finalized task by using one of the following methods. All further attempts to create new tasks will fail.
You can use the newtask command with the -F option.
You can set the task.final attribute on a project in the project naming service database. All tasks created in that project by setproject have the TASK_FINAL flag.
For more information, see the login(1), newtask(1), cron(1M), su(1M), and setproject(3PROJECT) man pages.
The extended accounting facility can provide accounting data for processes. The data is aggregated at the task level.