ChorusOS 4.0 Introduction

Extended Environment

The extended environment is provided in the ChorusOS 4.0 release and comes with a special actor called C_INIT which is dedicated to administrative commands.

Within the extended environment, application actors can either be loaded at boot time, as described in the previous section, or dynamically using the C_INIT loading facility. Dynamic loading of actors is described in "Running the "Hello World" Example".

The conf/sysadm.ini file is used to specify system initialization commands. Each entry of this file is a command to be executed by C_INIT during the kernel boot. Typical operations in sysadm.ini are network configuration, device initialization, file system mount. See "System Administration in the Extended Environment" for details.

The sysadm.ini file is not accessed remotely at boot time but is included in the system image.

Communicating with the Target Using rsh

When the ChorusOS operating system image including the RSH feature is booted on the target machine, the C_INIT daemon interprets the commands sent from the host through rsh (see the rshd manpage on your host). For example, to list the options available, type:


% rsh target help

The following information is displayed by the C_INIT actor:


C_INIT ChorusOS 4.0.0- valid commands that deal with:

File Systems:
        mount [[-t nfs|ufs|msdosfs|pdevfs] host:pathname|special_file [mount_point]]
        umount [-v|-F|-f|-a|-t nfs|ufs|msdosfs|pdevfs] [special_file]
        swapon [mount_point]

Actors:
        arun [-g rgid] [-S | -U] [-k] [-T] [-d] [-q] [-D] [-Z] [-xip] path [args]
        akill [-s site] {-g rgid | [-c] aid }
        aps 
        umask [mode]
        ulimit [-HSafn] [limit]

Environment variables:
        setenv var value
        unsetenv var
        env 

Networks:
        route 
        netstat 
        ping host
        ifconfig 
        ifwait ifname [timeout, default infinite]
        rarp ethernet_interface_name
        pppd 
        pppclose device
        pppstop 
        ethIpcStackAttach [dtreepath]

Devices:
        mknod name [b | c] major minor
        dtree 
        mkdev name unit [dtreepath]

This Target:
        reboot 
        restart 
        memstat This shell:
        echo string
        source filename
        sleep [time in seconds, default=1s]
        help 
        console 
        rshd 
         chorusStat 
        shutdown -i 0|1|2|3

For details of these commands, see C_INIT(1M).

Mounting the Host File System

The NFS root file system to be mounted on the target is generated in the ChorusOS operating system build directory by the command:


% make root

This command populates the build directory with the root directory that contains binary and configuration files to be accessed by the target system.

At start-up, the C_INIT daemon reads the sysadm.ini configuration file and executes all the commands. See sysadm.ini(4CC) for more information. This configuration file may contain instructions to mount the root file system. For example:


% mount hostaddr:chorus_root_directory /

If there are no root file system mount instructions in your sysadm.ini file, you must mount the root file system explicitly from the shell:


% rsh target mount hostaddr:chorus_root_directory /

where target is the name of the target, or its IP address, hostaddr is the IP address of the NFS host in decimal form (for example 192.82.231.1), and chorus_root_directory is the path of the target root directory on the NFS host (for example /home/chorus/root).

When the mount of the root file system is successful, the C_INIT daemon displays, for example, the following message:

C_INIT: 192.82.231.1:/home/chorus/root mounted as root file system

The next message from C_INIT depends on whether the /etc/security file exists in the target root directory /home/chorus/root. If /etc/security exists, C_INIT displays:

C_INIT: system in secured mode

If /etc/security does not exist, C_INIT displays:

C_INIT: notice - system not in secured mode

You can check that the root file system is mounted using:


% rsh target mount

Make sure that the file system containing the /home/chorus/root directory can be accessed by NFS from the remote ChorusOS target.

Security

The C_INIT daemon authenticates users issuing commands from the host.

The ChorusOS operating system can be configured in secure mode, where remote host access is checked through the /etc/security administration file, located on the target root file system (see security(4CC)). In addition, users' credentials may be specified in this file, overriding default C_INIT configuration values.

If an /etc/security file exists, it must have read permissions for everybody to allow C_INIT to read it with the default credentials (user identifier 0 and group identifier 0). Secure mode will then be activated. In this mode, C_INIT authenticates every command it receives from the host. Authentication will fail for two reasons:

In this case, a permission denied message is sent back to the host and the command is aborted.

If the authentication procedure succeeds, the user's privilege credentials (user identifier or uid, group identifier or gid and additional groups) are read from the security file. Trusted users have access to the full set of C_INIT commands.

In non-secured mode, every user is treated as a trusted user and inherits the C_INIT default credentials (uid 0 and gid 0). In this case, if the host machine has exported the file system to be mounted with the default mapping of root to nobody, it is necessary that read and execute permissions for the target executable files be given to everybody. Otherwise C_INIT will not have the right to execute the application binaries.

Another way to circumvent this problem is by inhibiting that mapping of root to nobody on the host. Please consult your system administrator about this.