project - project file
The project file is a local source of project information. The project file can be used in conjunction with other project sources, including the NIS maps project.byname and project.bynumber and the LDAP database project. Programs use the getprojent(3PROJECT) routines to access this information.
The project file contains a one-line entry for each project recognized by the system, of the form:
projname:projid:comment:user-list:group-list:attributes
where the fields are defined as:
The name of the project. The name must be a string that consists of alphanumeric characters, underline (_) characters, hyphens (-), and periods (.). The period, which is reserved for projects with special meaning to the operating system, can be used only in the names of default projects for users. projname cannot contain colons (:) or newline characters.
The project's unique numerical ID (PROJID) within the system. The maximum value of the projid field is MAXPROJID. Project IDs below 100 are reserved for the use of the operating system.
The project's description.
A comma-separated list of users allowed in the project. With the exception of the special projects referred to below, an empty field indicates no users are allowed.
A comma-separated list of groups of users allowed in the project. With the exception of the special projects referred to below, an empty field indicates no groups are allowed.
A semicolon-separated list of name value pairs. Each pair has the following format:
name[=value]
where name is the arbitrary string specifying the key's name and value is the optional key value. An explanation of the valid name-value pair syntax is provided in the USAGE section of this page.
The attributes field can be used to specify the following:
resource controls. For more information, see the resource-controls(7) man page.
A physical memory cap using the rcapd.max-rss attribute. For more information, see the rcapd(8) man page.
A resource pool binding using the project.pool attribute. For more information, see the poolbind(8) man page.
A multi-cpu-binding (MCB) using one of the following attributes. For more information, see the pbind(8) man page.
project.mcb.cpus project.mcb.cores project.mcb.sockets project.mcb.pgs project.mcb.lgroups project.mcb.flags
See the setproject(3PROJECT) man page for a more detailed description of the behavior of these attributes.
The attributes specified in the project database are applied to processes joining a project, such when a user logs in and joins their default project, or when the newtask command is used with the –p option.
Modifications to the attributes can be applied to processes already in a project using the –A option to the projmod command.
Resource controls or attributes not understood by the currently running Solaris operating System are ignored.
Null entries (empty fields) in the user-list and group-list fields, which normally mean “no users” and “no groups”, respectively, have a different meaning in the entries for three special projects, user. username, group.groupname, and default. See getprojent(3PROJECT) for a description of these projects.
Wildcards can be used in user-list and group-list fields of the project database entry. The asterisk (*), allows all users or groups to join the project. The exclamation mark followed by the asterisk (!*), excludes all users or groups from the project. The exclamation mark (!) followed by a username or groupname excludes the specified user or group from the project. See EXAMPLES.
Malformed entries cause routines that read this file to halt, in which case project assignments specified further along are never made. Blank lines are treated as malformed entries in the project file, and cause getprojent(3PROJECT) and derived interfaces to fail.
The following is a sample project file:
system:0:System:::
user.root:1:Super-User:::
noproject:2:No Project:::
default:3::::
group.staff:10::::
beatles:100:The Beatles:john,paul,george,ringo::task.max-lwps=
(privileged,100,signal=SIGTERM),(privileged,110,deny);
process.max-file-descriptor
The two line breaks in the line that begins with beatles are not valid in a project file. They are shown here only to allow the example to display on a printed or displayed page. Each entry must be on one and only one line.
An example project entry for nsswitch.conf(5) is:
project: files nis
With these entries, the project beatles has members john, paul, george, and ringo. All projects listed in the NIS project table are effectively incorporated after the entry for beatles.
The beatles project has two values set on the task.max-lwps resource control. When a task in the beatles project requests (via one of its member processes) its 100th and 110th LWPs, an action associated with the encountered threshold triggers. Upon the request for the 100th LWP, the process making the request is sent the signal SIGTERM and is granted the request for an additional lightweight process (LWP). At this point, the threshold for 110 LWPs becomes the active threshold. When a request for the 110th LWP in the task is made, the requesting process is denied the request--no LWP is created. Since the 110th LWP is never granted, the threshold remains active, and all subsequent requests for an 110th LWP fails. (If LWPs are given up, then subsequent requests succeeds, unless they would take the total number of LWPs across the task over 110.) The process.max-file-descriptor resource control is given no values. This means that processes entering this project only has the system resource control value on this rctl.
Example 2 Project Entry with WildcardsThe following entries use wildcards:
notroot:200:Shared Project:*,!root:: notused:300:Unused Project::!*:
In this example, any user except “root” is a member of project notroot. For the project notused, all groups are excluded.
The project database offers a reasonably flexible attribute mechanism in the final name-value pair field. Name-value pairs are separated from one another with the semicolon (;) character. The name is in turn distinguished from the (optional) value by the equals (=) character. The value field can contain multiple values separated by the comma (,) character, with grouping support (into further values lists) by parentheses. Each of these values can be composed of the alphabetic characters, the digits '0' through '9', and the punctuation characters hyphen (-), plus (+), period (.), slash (/), and underscore (_). Example resource control value specifications are provided in EXAMPLES, above, and in resource-controls(7) and getprojent(3PROJECT).
newtask(1), prctl(1), projects(1), setrctl(2), unistd.h(3HEAD), getprojent(3PROJECT), nsswitch.conf(5), resource-controls(7), resource-management(7), pbind(8), poolbind(8), projmod(8), psrinfo(8), rcapd(8)
The solaris.project.assign authorizations allow an administrator to add a user to any project. The solaris.project.delegate authorization allows an administrator to only add users to the projects of which the administrator is a member.
Note that project 0 (system) attributes may not be taken into account by the boot services unless a task is explicitly entered or created in this project.
The project.mcb.sockets property will be removed in a future release of Oracle Solaris.