'\" te
.\"  Copyright 1989 AT&T Copyright (c) 1997, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH ADMIN 4 "Dec 20, 2004"
.SH NAME
admin \- installation defaults file
.SH DESCRIPTION
.sp
.LP
\fBadmin\fR is a generic name for an \fBASCII\fR file that defines default
installation actions by assigning values to installation parameters. For
example, it allows administrators to define how to proceed when the package
being installed already exists on the system.
.sp
.LP
\fB/var/sadm/install/admin/default\fR is the default \fBadmin\fR file delivered
with this release. The default file is not writable, so to assign values
different from this file, create a new \fBadmin\fR file. There are no naming
restrictions for \fBadmin\fR files. Name the file when installing a package
with the \fB-a\fR option of \fBpkgadd\fR(1M). If the \fB-a\fR option is not
used, the default \fBadmin\fR file is used.
.sp
.LP
Each entry in the \fBadmin\fR file is a line that establishes the value of a
parameter in the following form:
.sp
.LP
\fIparam\fR\fB=\fR\fIvalue\fR
.sp
.LP
All of the parameters listed below can be defined in an \fBadmin\fR file, but
it is not required to assign values to all of these. If a value is not
assigned, \fBpkgadd\fR(1M) asks the installer how to proceed.
.sp
.LP
The valid parameters and their possible values are shown below except as noted.
They can be specified in any order. Any of these parameters (except the
\fBmail\fR and \fBproxy\fR parameters) can be assigned the value \fBask\fR,
which means that, when the parameter is reached during the installation
sequence, the installer is notified and asked to supply instructions (see
\fBNOTES\fR).
.sp
.ne 2
.na
\fB\fBbasedir\fR\fR
.ad
.RS 30n
Indicates the base directory where relocatable packages are to be installed. If
there is no \fBbasedir\fR entry in the file, the installer will be prompted for
a path name, as if the file contained the entry \fBbasedir=ask\fR. This
parameter can also be set to \fBdefault\fR (entry is \fBbasedir=default\fR). In
this instance, the package is installed into the base directory specified by
the \fBBASEDIR\fR parameter in the \fBpkginfo\fR(4) file.
.RE

.sp
.ne 2
.na
\fB\fBmail\fR\fR
.ad
.RS 30n
Defines a list of users to whom mail should be sent following installation of a
package. If the list is empty, no mail is sent. If the parameter is not present
in the \fBadmin\fR file, the default value of \fBroot\fR is used. The \fBask\fR
value cannot be used with this parameter.
.RE

.sp
.ne 2
.na
\fB\fBrunlevel\fR\fR
.ad
.RS 30n
Indicates resolution if the run level is not correct for the installation or
removal of a package. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 11n
Do not check for run level.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 11n
Abort installation if run level is not met.
.RE

.RE

.sp
.ne 2
.na
\fB\fBconflict\fR\fR
.ad
.RS 30n
Specifies what to do if an installation expects to overwrite a previously
installed file, thus creating a conflict between packages. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 12n
Do not check for conflict; files in conflict will be overwritten.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 12n
Abort installation if conflict is detected.
.RE

.sp
.ne 2
.na
\fB\fBnochange\fR\fR
.ad
.RS 12n
Override installation of conflicting files; they will not be installed.
.RE

.RE

.sp
.ne 2
.na
\fB\fBsetuid\fR\fR
.ad
.RS 30n
Checks for executables which will have setuid or setgid bits enabled after
installation. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 12n
Do not check for setuid executables.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 12n
Abort installation if setuid processes are detected.
.RE

.sp
.ne 2
.na
\fB\fBnochange\fR\fR
.ad
.RS 12n
Override installation of setuid processes; processes will be installed without
setuid bits enabled.
.RE

.RE

.sp
.ne 2
.na
\fB\fBaction\fR\fR
.ad
.RS 30n
Determines if action scripts provided by package developers contain possible
security impact. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 11n
Ignore security impact of action scripts.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 11n
Abort installation if action scripts may have a negative security impact.
.RE

.RE

.sp
.ne 2
.na
\fB\fBpartial\fR\fR
.ad
.RS 30n
Checks to see if a version of the package is already partially installed on the
system. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 11n
Do not check for a partially installed package.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 11n
Abort installation if a partially installed package exists.
.RE

.RE

.sp
.ne 2
.na
\fB\fBinstance\fR\fR
.ad
.RS 30n
Determines how to handle installation if a previous version of the package
(including a partially installed instance) already exists. Options are:
.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 13n
Exit without installing if an instance of the package already exists (does not
overwrite existing packages).
.RE

.sp
.ne 2
.na
\fB\fBoverwrite\fR\fR
.ad
.RS 13n
Overwrite an existing package if only one instance exists. If there is more
than one instance, but only one has the same architecture, it overwrites that
instance. Otherwise, the installer is prompted with existing instances and
asked which to overwrite.
.RE

.sp
.ne 2
.na
\fB\fBunique\fR\fR
.ad
.RS 13n
Do not overwrite an existing instance of a package. Instead, a new instance of
the package is created. The new instance will be assigned the next available
instance identifier.
.RE

.RE

.sp
.ne 2
.na
\fB\fBidepend\fR\fR
.ad
.RS 30n
Controls resolution if the package to be installed depends on other packages
and if other packages depend on the one to be installed. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 11n
Do not check package dependencies.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 11n
Abort installation if package dependencies are not met.
.RE

.RE

.sp
.ne 2
.na
\fB\fBrdepend\fR\fR
.ad
.RS 30n
Controls resolution if other packages depend on the package to be removed. Also
determines behavior if registered products components to be removed. See
\fBlibwsreg\fR(3LIB) and \fBprodreg\fR(1M) for a definition of product
components. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 11n
Do not check package or product dependencies.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 11n
Abort removal if package or product dependencies are not met.
.RE

.RE

.sp
.ne 2
.na
\fB\fBspace\fR\fR
.ad
.RS 30n
Controls resolution if disk space requirements for package are not met. Options
are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 11n
Do not check space requirements (installation fails if it runs out of space).
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 11n
Abort installation if space requirements are not met.
.RE

.RE

.sp
.ne 2
.na
\fB\fBauthentication\fR\fR
.ad
.RS 30n
Controls resolution when a datastream package with signature is to be
installed. Options are:
.sp
.ne 2
.na
\fB\fBnocheck\fR\fR
.ad
.RS 11n
Do not verify package signature. This also disables the use of the Online
Certificate Status Protocol (OCSP) to validate the package's signing
certificate.
.RE

.sp
.ne 2
.na
\fB\fBquit\fR\fR
.ad
.RS 11n
Abort installation if package signature cannot be verified.
.RE

.RE

.sp
.ne 2
.na
\fB\fBnetworktimeout\fR\fR
.ad
.RS 30n
Number of seconds to wait before giving up a network connection when
downloading a package. This entry must be a positive integer. If not present,
the default value of 60 is used.
.RE

.sp
.ne 2
.na
\fB\fBnetworkretries\fR\fR
.ad
.RS 30n
Number of times to retry a failed network connection when downloading a
package. This entry must be a positive integer. If not present, the default
value of 5 is used.
.RE

.sp
.ne 2
.na
\fB\fBkeystore\fR\fR
.ad
.RS 30n
Location of trusted certificates used when downloading packages over SSL and
when verifying signatures on packages. This is the base directory of the
certificate location for trusted certificates used when validating digital
signatures on packages. For example, if this setting is
\fB/var/sadm/security\fR, then \fBpkgadd\fR will use
\fB/var/sadm/security/pkgadd/truststore\fR, then
\fB/var/sadm/security/truststore\fR when searching for trusted certificates.
See \fBKEYSTORE LOCATIONS\fR and \fBKEYSTORE AND CERTIFICATE FORMATS\fR in
\fBpkgadd\fR(1M) for details on certificate store format and usage.
.RE

.sp
.ne 2
.na
\fB\fBproxy\fR\fR
.ad
.RS 30n
The default proxy to use when installing packages from the network. Currently,
only HTTP or HTTPS proxies are supported. If this field is blank or
nonexistent, then no proxy will be used.
.RE

.sp
.ne 2
.na
\fB\fBrscriptalt=root | noaccess\fR\fR
.ad
.RS 30n
Determines the user that will run request scripts. This parameter can have
either of the values described below. See \fBpkgadd\fR(1M) for details on the
conditions under which this parameter is useful.
.sp
.ne 2
.na
\fB\fBroot\fR\fR
.ad
.RS 12n
Run request script as user \fBinstall\fR, if such a user exists, with the
privileges of that user. Otherwise, run script as user \fBroot\fR, with UID
equal to 0 and with all/zone privileges. (See \fBzones\fR(5).)
.RE

.sp
.ne 2
.na
\fB\fBnoaccess\fR\fR
.ad
.RS 12n
Run request script as user \fBinstall\fR, if such a user exists, with the
privileges of that user. Otherwise, run script as user \fBnoaccess\fR, with the
basic privileges of the unprivileged user \fBnoaccess\fR.
.RE

If this parameter is not present or has a null value, the user \fBnoaccess\fR
is assumed. Likewise, if this parameter is set to anything other than the
values described here, a warning is issued, and \fBnoaccess\fR is assumed.
\fBrscriptalt\fR is not present in the default  \fBadmin\fR file,
\fB/var/sadm/install/admin/default\fR. In this case, request scripts are run as
the user \fBnoaccess\fR.
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRDefault \fBadmin\fR File
.sp
.LP
The default \fBadmin\fR file, named \fBdefault\fR, is shipped with user-,
group-, and world-read privileges (444). Its contents are as follows:

.sp
.in +2
.nf
mail=
instance=unique
partial=ask
runlevel=ask
idepend=ask
rdepend=ask
space=ask
setuid=ask
conflict=ask
action=ask
basedir=default
authentication=quit
networktimeout=10
networkretries=3
keystore=/var/sadm/security
proxy=
.fi
.in -2
.sp

.LP
\fBExample 2 \fRSample \fBadmin\fR file.
.sp
.LP
Below is a sample \fBadmin\fR file.

.sp
.in +2
.nf
basedir=default
runlevel=quit
conflict=quit
setuid=quit
action=quit
partial=quit
instance=unique
idepend=quit
rdepend=quit
space=quit
authentication=quit
networktimeout=10
networkretries=5
keystore=/opt/certs
proxy=syrinx.eng.example.com:8080
.fi
.in -2
.sp

.SH FILES
.sp
.LP
The default \fBadmin\fR file is consulted during package installation when no
other \fBadmin\fR file is specified.
.sp
.ne 2
.na
\fB\fB/var/sadm/install/admin/default\fR\fR
.ad
.sp .6
.RS 4n
default \fBadmin\fR file
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	Evolving
.TE

.SH SEE ALSO
.sp
.LP
\fBpkgadd\fR(1M), \fBprodreg\fR(1M), \fBlibwsreg\fR(3LIB), \fBpkginfo\fR(4),
\fBattributes\fR(5), \fBzones\fR(5)
.SH NOTES
.sp
.LP
The value \fBask\fR should not be defined in an \fBadmin\fR file that will be
used for non-interactive installation (because, by definition, there is no
installer interaction). Doing so causes installation to fail at the point when
input is needed.