Return-Path: Delivered-To: apmail-db-derby-commits-archive@www.apache.org Received: (qmail 90895 invoked from network); 19 Feb 2008 19:11:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Feb 2008 19:11:09 -0000 Received: (qmail 60408 invoked by uid 500); 19 Feb 2008 19:11:03 -0000 Delivered-To: apmail-db-derby-commits-archive@db.apache.org Received: (qmail 60337 invoked by uid 500); 19 Feb 2008 19:11:03 -0000 Mailing-List: contact derby-commits-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: "Derby Development" List-Id: Delivered-To: mailing list derby-commits@db.apache.org Received: (qmail 60326 invoked by uid 99); 19 Feb 2008 19:11:03 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Feb 2008 11:11:03 -0800 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.130] (HELO eos.apache.org) (140.211.11.130) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Feb 2008 19:10:25 +0000 Received: from eos.apache.org (localhost [127.0.0.1]) by eos.apache.org (Postfix) with ESMTP id 393D8D2DB for ; Tue, 19 Feb 2008 19:10:46 +0000 (GMT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Apache Wiki To: derby-commits@db.apache.org Date: Tue, 19 Feb 2008 19:10:46 -0000 Message-ID: <20080219191046.7270.88120@eos.apache.org> Subject: [Db-derby Wiki] Update of "JMXSecurityExpectations" by DanDebrunner X-Virus-Checked: Checked by ClamAV on apache.org Dear Wiki user, You have subscribed to a wiki page or wiki category on "Db-derby Wiki" for change notification. The following page has been changed by DanDebrunner: http://wiki.apache.org/db-derby/JMXSecurityExpectations ------------------------------------------------------------------------------ === Local JMX === A jvm may be setup to automatically provide local jmx access. In this case the OS user running the client must match the OS user that started the jvm being monitored. JMX authentication and access level does not apply here. ==== No Security Manager (local) ==== - * With no security manager then the local jmx client (running as the same OS user as the virtual machine) may perform any JMX client operation including accessing any MBean including reading its attributes, writing its updatable attributes and invoking its operations, registering and unregistering MBeans, controlling the virtual machine etc. + * The local jmx client (running as the same OS user as the virtual machine) may perform any JMX client operation including accessing any MBean including reading its attributes, writing its updateable attributes and invoking its operations, registering and unregistering MBeans, controlling the virtual machine etc. + * Since there is no security manager then any action that requires a specific permission (e.g. shutdown Derby )would be allowed as well. ==== Security Manager (local) ==== - * /!\ Haven't looked into how this works, what would the principal name be? + * It seems as though the local jmx client can perform any JMX operation such as getting attributes, invoking operations, registering MBeans etc. (i.e. I'm guessing that when run as the local os user the permissions come from the fact it's jvm system code that is performing jmx operations). + * The current access context has no Subject. + * If some action on a Derby MBean requires some security permission then that will fail unless the permission has been granted to Derby's code. E.g. an operation that fetches the system propertry "derby.system.home" succeeds, but reading a property derby.jar does not have permission to read fails. Reading the system property successfully did not require a privilege block (I presume because the calling code (jmx) is system code and granted all permissions). === Remote JMX === Explicit actions are required by the JVM admin to: * Enable remote management via jmx (setting com.sun.management.jmxremote=true, com.sun.management.jmxremote.port)