xref: /titanic_52/usr/src/man/man4/admin.4 (revision 9d12795f87b63c2e39e87bff369182edd34677d3)
te
Copyright 1989 AT&T Copyright (c) 1997, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
ADMIN 4 "Dec 20, 2004"
NAME
admin - installation defaults file
DESCRIPTION

admin is a generic name for an ASCII file that defines default installation actions by assigning values to installation parameters. For example, it allows administrators to define how to proceed when the package being installed already exists on the system.

/var/sadm/install/admin/default is the default admin file delivered with this release. The default file is not writable, so to assign values different from this file, create a new admin file. There are no naming restrictions for admin files. Name the file when installing a package with the -a option of pkgadd(1M). If the -a option is not used, the default admin file is used.

Each entry in the admin file is a line that establishes the value of a parameter in the following form:

param=value

All of the parameters listed below can be defined in an admin file, but it is not required to assign values to all of these. If a value is not assigned, pkgadd(1M) asks the installer how to proceed.

The valid parameters and their possible values are shown below except as noted. They can be specified in any order. Any of these parameters (except the mail and proxy parameters) can be assigned the value ask, which means that, when the parameter is reached during the installation sequence, the installer is notified and asked to supply instructions (see NOTES). basedir

Indicates the base directory where relocatable packages are to be installed. If there is no basedir entry in the file, the installer will be prompted for a path name, as if the file contained the entry basedir=ask. This parameter can also be set to default (entry is basedir=default). In this instance, the package is installed into the base directory specified by the BASEDIR parameter in the pkginfo(4) file.

mail

Defines a list of users to whom mail should be sent following installation of a package. If the list is empty, no mail is sent. If the parameter is not present in the admin file, the default value of root is used. The ask value cannot be used with this parameter.

runlevel

Indicates resolution if the run level is not correct for the installation or removal of a package. Options are: nocheck

Do not check for run level.

quit

Abort installation if run level is not met.

conflict

Specifies what to do if an installation expects to overwrite a previously installed file, thus creating a conflict between packages. Options are: nocheck

Do not check for conflict; files in conflict will be overwritten.

quit

Abort installation if conflict is detected.

nochange

Override installation of conflicting files; they will not be installed.

setuid

Checks for executables which will have setuid or setgid bits enabled after installation. Options are: nocheck

Do not check for setuid executables.

quit

Abort installation if setuid processes are detected.

nochange

Override installation of setuid processes; processes will be installed without setuid bits enabled.

action

Determines if action scripts provided by package developers contain possible security impact. Options are: nocheck

Ignore security impact of action scripts.

quit

Abort installation if action scripts may have a negative security impact.

partial

Checks to see if a version of the package is already partially installed on the system. Options are: nocheck

Do not check for a partially installed package.

quit

Abort installation if a partially installed package exists.

instance

Determines how to handle installation if a previous version of the package (including a partially installed instance) already exists. Options are: quit

Exit without installing if an instance of the package already exists (does not overwrite existing packages).

overwrite

Overwrite an existing package if only one instance exists. If there is more than one instance, but only one has the same architecture, it overwrites that instance. Otherwise, the installer is prompted with existing instances and asked which to overwrite.

unique

Do not overwrite an existing instance of a package. Instead, a new instance of the package is created. The new instance will be assigned the next available instance identifier.

idepend

Controls resolution if the package to be installed depends on other packages and if other packages depend on the one to be installed. Options are: nocheck

Do not check package dependencies.

quit

Abort installation if package dependencies are not met.

rdepend

Controls resolution if other packages depend on the package to be removed. Also determines behavior if registered products components to be removed. See libwsreg(3LIB) and prodreg(1M) for a definition of product components. Options are: nocheck

Do not check package or product dependencies.

quit

Abort removal if package or product dependencies are not met.

space

Controls resolution if disk space requirements for package are not met. Options are: nocheck

Do not check space requirements (installation fails if it runs out of space).

quit

Abort installation if space requirements are not met.

authentication

Controls resolution when a datastream package with signature is to be installed. Options are: nocheck

Do not verify package signature. This also disables the use of the Online Certificate Status Protocol (OCSP) to validate the package's signing certificate.

quit

Abort installation if package signature cannot be verified.

networktimeout

Number of seconds to wait before giving up a network connection when downloading a package. This entry must be a positive integer. If not present, the default value of 60 is used.

networkretries

Number of times to retry a failed network connection when downloading a package. This entry must be a positive integer. If not present, the default value of 5 is used.

keystore

Location of trusted certificates used when downloading packages over SSL and when verifying signatures on packages. This is the base directory of the certificate location for trusted certificates used when validating digital signatures on packages. For example, if this setting is /var/sadm/security, then pkgadd will use /var/sadm/security/pkgadd/truststore, then /var/sadm/security/truststore when searching for trusted certificates. See KEYSTORE LOCATIONS and KEYSTORE AND CERTIFICATE FORMATS in pkgadd(1M) for details on certificate store format and usage.

proxy

The default proxy to use when installing packages from the network. Currently, only HTTP or HTTPS proxies are supported. If this field is blank or nonexistent, then no proxy will be used.

rscriptalt=root | noaccess

Determines the user that will run request scripts. This parameter can have either of the values described below. See pkgadd(1M) for details on the conditions under which this parameter is useful. root

Run request script as user install, if such a user exists, with the privileges of that user. Otherwise, run script as user root, with UID equal to 0 and with all/zone privileges. (See zones(5).)

noaccess

Run request script as user install, if such a user exists, with the privileges of that user. Otherwise, run script as user noaccess, with the basic privileges of the unprivileged user noaccess.

If this parameter is not present or has a null value, the user noaccess is assumed. Likewise, if this parameter is set to anything other than the values described here, a warning is issued, and noaccess is assumed. rscriptalt is not present in the default admin file, /var/sadm/install/admin/default. In this case, request scripts are run as the user noaccess.
EXAMPLES

Example 1 Default admin File

The default admin file, named default, is shipped with user-, group-, and world-read privileges (444). Its contents are as follows:

mail=
instance=unique
partial=ask
runlevel=ask
idepend=ask
rdepend=ask
space=ask
setuid=ask
conflict=ask
action=ask
basedir=default
authentication=quit
networktimeout=10
networkretries=3
keystore=/var/sadm/security
proxy=

Example 2 Sample admin file.

Below is a sample admin file.

basedir=default
runlevel=quit
conflict=quit
setuid=quit
action=quit
partial=quit
instance=unique
idepend=quit
rdepend=quit
space=quit
authentication=quit
networktimeout=10
networkretries=5
keystore=/opt/certs
proxy=syrinx.eng.example.com:8080
FILES

The default admin file is consulted during package installation when no other admin file is specified. /var/sadm/install/admin/default

default admin file

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO

pkgadd(1M), prodreg(1M), libwsreg(3LIB), pkginfo(4), attributes(5), zones(5)

NOTES

The value ask should not be defined in an admin file that will be used for non-interactive installation (because, by definition, there is no installer interaction). Doing so causes installation to fail at the point when input is needed.