At system start-up,
the C_INIT
actor executes these steps:
Sets up an initial virtual file system.
Executes commands from the configuration file sysadm.ini.
Executes commands from /etc/rc.chorus when a root file system is mounted (see C_INIT(1M)).
If the target has a valid IPv4 address, the file /etc/rc.chorus.<ip_address> is selected, if it exists, instead of /etc/rc.chorus. This must be written in the usual dot notation, for example: 192.82.231.1 for IPv4 addresses. IPv6 addresses will be selected arbitrarily by the system; see IPv6 (7P) for further details.
The initial virtual file system in step 1 contains only two directories, /dev and /image/sys_bank. The /dev directory, initially empty, is used for the definition of special devices, like /dev/tty01. The /image/sys_bank directory contains all the components in the boot image:
system actors such as C_INIT
and
drivers.
system configuration files (sysadm.ini).
user-defined configuration files and executables.
All of these components can be accessed like the files in an ordinary file system, using their path, for example: /image/sys_bank/sysadm.ini.
The relationship between the conf/sysadmin.ini in the build directory and the /image/sys_bank in the target pseduo filesystem is that conf/sysadmin.ini is used to specify system initialization commands. This file is embedded in the system image during the build and stored in the /image/sys_bank directory.
To access /dev and /image directories on the virtual file system, dev and image directories must be present on your root file system, and this root file system must be mounted.
In step 2, the C_INIT
actor executes commands
from the configuration file called sysadm.ini. This file
contains all the commands needed for the initial administration of the system,
including networking, file system management and device management.
The sysadm.ini file can be customized. On the host, it is located in the conf subdirectory of the ChorusOS build directory. This file is automatically embedded in the boot image, in the /image/sys_bank/sysadm.ini file of the initial file system. This allows you to configure embedded targets that do not have access to a local or remote file system.
The C_INIT
actor authenticates
users issuing commands from the host.
The ChorusOS operating system can be configured in secure mode, where
remote host access is checked through the /etc/security
administration file, located on the target root file system (see security(4CC)). In addition,
users' credentials may be specified in this file, overriding default C_INIT
configuration values.
If an /etc/security file exists, it must have read
permissions for everybody to allow C_INIT
to read
it with the default credentials (user identifier 0 and group identifier 0).
Secure mode is then activated. In this mode, C_INIT
authenticates every command it receives from the host. Authentication can
fail for two reasons:
The user name of the remote user which issued the rsh command is not found in the security file.
The remote host, from which the rsh command came, is not in the remote host's list of users.
In this case, a permission denied message is sent back to the host and the command is aborted.
If the authentication procedure succeeds, the user's privilege credentials
(user identifier or uid, group identifier or gid and additional groups) are read from the security file. Trusted
users have access to the full set of C_INIT
commands.
The ChorusOS operating system also features the ability to manage users' passwords through its password management feature. Related files are located in /etc/master.passwd and /etc/group. The introduction of these files to the ChorusOS operating system enables more flexible security management, in addition to the standard /etc/security file. You can choose to enable the password management feature by running pwd_mkdb.
The C_INIT
daemon can run in non-secure
mode, in secure mode or in password mode. If C_INIT
is running in password mode the login name of the user is first identified
in /etc/spwd.db, and then in /etc/security for additional information, such as remote host access permission.
If the latter file does not exist, default values apply. If C_INIT
is running in secure mode, the login name of the user is identified
only in /etc/security.
If C_INIT
is runing in non-secure mode, every
user is treated as a trusted user and inherits the C_INIT
default credentials , uid 0 and gid 0. These are by default zero.
In this case, if the host machine has exported the file system to be
mounted with the default mapping of root to nobody
,
it is necessary that read and execute permissions for the target executable
files be given to everybody. Otherwise C_INIT
will
not have the right to execute the application binaries.
To override the default credentials uid 0 and gid 0, you can use environment variables; these enable you to modify the system dynamically. To modify the deafult credentials:
$ rsh target setenv |
Another way to circumvent the problem of C_INIT
not having the right to execute the application binaries is by inhibiting
the mapping of root to nobody
on the host.
The /etc/ldap.conf file contains information about the location of the LDAP server for password management. Information about this file is contained in ldap.conf(4CC).
Further information on password management and how it affects various secure operations in this version of the ChorusOS operating system can be found in these man pages: getpwnam(3STDC), getgrent(3STDC), ,passwd(1M), pwd_mkdb(1M). group(4CC), rshd(1M), ftpd(1M), telnetd(1M).