Creating UNIX user groups for the process control system

The process control daemon controls who can log in to it. On UNIX, any user who needs access to the process control system must be a member of a UNIX user group that you identify as an administrative group for this purpose.

About this task

By default, the process control system uses UNIX user names and passwords to grant access. When running the process agent daemon (nco_pad), you can specify other supported authorization modes by using the -authenticate command-line option.

You can use an existing UNIX user group or create a new one, and add process control users to this group. If you run NIS, NIS+, or some other global information service, this configuration must be performed by the administrator of that service. See the documentation provided with your operating system for information about user groups.

When you run the process control daemon, identify the administrative group with the -admingroup command-line option. If you do not specify a group name, process control checks to see if the user is a member of the default group ncoadmin.

Attention: If using Pluggable Authentication Modules (PAM) for authentication, users do not have to be a member of a UNIX user group such as ncoadmin, to gain access to the process control system. With PAM clients, the process control system does not validate users against a UNIX user group, and, as a result, access is not restricted.