acl.pty manual page
Table of Contents

NAME

acl.pty - access control configuration for SNMPv2 entities

SYNOPSIS

Target Subject Resources Privileges StorageType

DESCRIPTION

The configuration file acl.pty is one of several configuration files required by the SNMPv2 entities. The default location of acl.pty is /etc/opt/snm/agent or /etc/opt/snm/manager for Solaris 2.x and /etc/snm/agent or /etc/snm/manager for Solaris 1.x, but can be specified by the environment variables SR_AGT_CONF_DIR and SR_MGR_CONF_DIR.

The acl.pty file defines information for the Access Control List (ACL) table, which in turn contains information about the access privileges for the target-party/subject-party pair. There must be one entry for every intended target that defines the access privileges for the target and subject in their SNMPv2 context.

In other words, for every agent and manager that will be communicating with each other, there must be an entry in the acl.pty file that, along with a corresponding entry in the context.pty file, defines the access privileges for the two entities. See context.pty(5) for more information on the context.

Each entry in the file consists of 1 line:

Target Subject Resources Privileges StorageType

where

Target
represents the target party for this ACL entry. This index must match the partyIndex of an entry in the party table, agt.pty. This party's performance of management operations is constrained by the set of access privileges for this entry (see Privileges below).
Note: The partyAuthProtocol value for this party must be the same as the one for the Subject party in the party table. In other words, the target and the subject parties must have equivalent PartyDiscriminator types in the agt.pty records. See the PartyDiscrimina_tor description in agt.pty(5) for an explanation of the types. The party table entries are discussed further agt.pty(5) and in the Party MIB RFC, RFC1447. This field is an integer.

Subject
similar to Target, represents the subject party for this ACL entry. This index must match the partyIndex of an entry in the party table, agt.pty. This party's performance of management operations is constrained by the set of access privileges for this entry (see Privileges below).
Note: The partyAuthProtocol value for this party must be the same as the one for the Target party in the party table. In other words, the target and the subject parties must have equivalent PartyDiscriminator types in the agt.pty records. See the PartyDiscrimina_tor description in agt.pty(5) for an explanation of the types. The party table entries are discussed further agt.pty(5) and in the Party MIB RFC, RFC1447. This field is an integer.

Resources
represents the context for this ACL entry. This index must match the contextIndex of an entry in the context table, context.pty. See context.pty(5) for more information on context entries.

Privileges
represents the value that governs what management operations a particular target party can perform on behalf of the subject (source) party. This field may have a value ranging from 0 to 255. This value is a sum of values, each of which represents a management operation.
Possible values are:

1
Get
2
GetNext
4
Response
8
Set
16
snmpv1trap
32
GetBulk
64
Inform
128
SNMPv2trap The default value for this field is 35: 1 + 2 + 32 or Get, GetNext, and Getbulk.

partyStorageType
indicates the storage type for this row in the party table. Possible values are:
other
volatile
nonVolatile
permanent

According to RFC1447,

· volatile is lost upon reboot, e. g., in RAM,

· nonVolatile is backed up by stable storage, e. g.,
in NVRAM,

· permanent cannot be changed or deleted, e. g., in
ROM,

and "other" is provided in the unlikely event that someone will find a need for a storage type not covered by the other three.
This field is a case-sensitive string corresponding to one of the above values.

EXAMPLE

An example acl.pty entry might be

1 2 1 43 nonVolatile

which defines this entry as follows:

Target
The party entry with partyIndex of 1 is the destination (or target).

Subject
The party entry with partyIndex of 2 is the source (or subject).

Resources
The context entry that has a contextIndex of 1 is the SNMPv2 context.

Privileges
The entity would expect to be able to perform get, get-next, get-bulk, and set requests with this ACL entry.

StorageType
Store this entry in non-volatile memory, e. g. NVRAM.

FILES

Additional SNMPv2 Configuration Files
When the agent is compiled with either SNMPv2 or both SNMPv1 and SNMPv2 defined, the configuration files acl.pty, agt.pty, context.pty, snmpv2d.conf and view.pty are required for the agent side, and acl.pty, context.pty, mgr.cnf, mgr.pty, and view.pty are required for the manager side.

acl.pty

Access control privileges for the SNMPv2 parties.

agt.pty
Initial party table information for the agent.

context.pty
Context information for the SNMPv2 parties.

mgr.cnf
Configuration information for the managers.

mgr.pty
Initial party table information for the managers.

snmpv2d.conf
Configuration information for the SNMPv1 entities.

view.pty
MIB view information for the SNMPv2 parties.

For Solaris 2.x, the files are located under:

/etc/snm/{agent,manager}/acl.pty
/etc/snm/agent/agt.pty
/etc/snm/{agent,manager}/context.pty
/etc/snm/agent/snmpv2d.conf
/etc/snm/{agent,manager}/view.pty

For Solaris 1.x, the files are located under:

/etc/snm/{agent,manager}/acl.pty
/etc/snm/agent/agt.pty
/etc/snm/{agent,manager}/context.pty
/etc/snm/agent/snmpv2d.conf
/etc/snm/{agent,manager}/view.pty

SEE ALSO

v2install(1), agt.pty(5), context.pty(5), mgr.cnf(5), mgr.pty(5), snmpv2d.conf(5), view.pty(5), SNMP RFCs (RFC1155 RFC1157 RFC1212 RFC1213 RFC1215, RFCs 1441-1452)


Table of Contents