evm.auth(4)evm.auth(4)NAMEevm.auth - EVM authorization file
SYNOPSISDESCRIPTION
Authorization is control of the right to post, subscribe to, or
retrieve an EVM event, or to execute services defined in the EVM daemon
configuration file.
The file is a text file that controls event authorization. Any portion
of a line from an unquoted number sign to the end of line is a comment.
Blank lines are ignored. The following authorization controls are rec‐
ognized:
The rights specified apply to event posting and subscription.
Class of events to which these rights apply.
An event_class is a string of one or more compo‐
nents that match the same set of components in an
It is used to identify a family of events for
purposes such as authorization. The more spe‐
cific classes (those with more components) over‐
ride the rights indicated by the less specific
(more generic) classes.
Users specified by the
rights_list are allowed or denied the right to
post events of this event_class.
Users specified by the
rights_list are allowed or denied the right to
subscribe to or retrieve from the log, events of
this event_class.
rights_list A list of users or groups who have or are denied
the specified right for this event or service
class. Entries are separated by commas.
A rights_list has the format:
In the previous rights_list, user is the login
name of any user, and groupname is any group.
The keyword may be abbreviated to A leading plus
character signifies that event or service rights
are granted. A leading minus character (-) sig‐
nifies that rights are explicitly denied. User
has implicit posting and access rights to all
events, and execute rights to all services,
unless they are explicitly denied.
The first explicit entry for a user in a rights
list takes precedence over any other explicit or
group entries for that user. If the user is not
explicitly listed, but is a member of a group
which denies access, access is denied even if the
user is also a member of a group for which access
is granted.
A plus or minus sign with no associated name
grants or denies rights to all users.
The rights_list must be enclosed in double quotes
if it contains spaces.
The rights specified apply to services performed by the daemon for a
requesting client.
The service to which these rights apply.
The service_name is the name of a service defined
in the file. User-defined services are not cur‐
rently supported.
Users specified by the
rights_list are allowed or denied the right to
request operation of this service.
The keywords described may be entered in a case-insensitive manner.
The allowable strings and the minimum number of characters is shown in
the following table. A minimum of zero indicates that all characters
are required.
Keyword Minimum
─────────────────────────
access 0
class 0
event_rights 7
execute 4
post 0
service 4
service_rights 9
Notes
1. If you add an entry to the authorization file, you must make sure
there is a corresponding base event template in the template file
library. The base template must have a name whose components
exactly match the corresponding components in the authorization
file's value. The template name can have fewer components than are
present in the but it cannot have more. For example, if an group
has a value of and an event template with the name has been regis‐
tered in an EVM template file, the template will be regarded as the
base template for the class.
Each time the daemon loads or reloads its configuration, it writes a
warning message in its error file if no base template is registered
for a particular entry. Refer to the evmtemplate(4) manpage for
information about registering event templates.
2. If you are concerned with allowing your file to be used on other
systems that support EVM in the future, you should use the built-in
macro in place of the first two components of the name of any system
event. This will make it unnecessary to change the file if the
other system uses a different event name prefix.
EXAMPLES
This example illustrates an entry in the authorization file with the
following privileges: Only root may post events that have as the first
two components of the event name.
Events in this class may be accessed by root or by any user who is a
member of the tech group.
FILES
Location of the EVM authorization file.
SEE ALSO
Commands
evmd(1M).
Files
evmdaemon.conf(4), evmtemplate(4).
Event Management
EVM(5).
evm.auth(4)