Upgrades and Reinstallations

The Privilege Management for Unix and Linux installers are designed to enable easy upgrades of an installed version to a new version. During an upgrade, the current Privilege Management for Unix and Linux configuration can be retained, or a new Privilege Management for Unix and Linux configuration can be put in place.

Privilege Management for Unix and Linux installation scripts pbinstall and pbmakeremotetar can also be used to perform upgrades and reinstallations.

If you want to return to an older version of Privilege Management for Unix and Linux or reinstall the current version with a different configuration, Privilege Management for Unix and Linux can be reinstalled to the current or older version without uninstalling, as long as the older version is 2.8.1 or later.

Pre-upgrade Instructions

Before performing an upgrade or reinstallation, do the following:

  1. Obtain the new release, either on a CD or using FTP.
  2. Read the release notes and installation instructions.
  3. Determine the order for updating the policy server host machines. Note that pbrun clients need to be redirected to a new policy server host while their primary policy server host is updated. If your current Privilege Management for Unix and Linux installation includes policy server host failover machines, you may want to consider upgrading the policy server hosts failover machines first, followed by the submit hosts and run hosts, followed by the primary policy server hosts.

The Privilege Management for Unix and Linux settings files on the policy server hosts may need to be updated as each policy server host is upgraded.

  1. If your current Privilege Management for Unix and Linux installation includes one or more policy server host failover machines, then ensure that the security policy files on the primary policy server host and the policy server host failover machines are synchronized.
  2. Verify the current location of the Privilege Management for Unix and Linux administration programs, user programs, and log files. This information is in the pb.cfg file (/etc/pb.cfg or pb/install/pb.cfg.{flavor}) and the settings file, /etc/pb.settings.
  3. If you do not have a recent backup of the host, or if it is imperative that no log entries can be lost, then create a save directory (for example, /var/tmp/pb.{rev_rel}) that can be used to restore Privilege Management for Unix and Linux files from in case the upgrade fails. After creating the directory, copy (do not use move) the files that are listed below to the new save directory (a shell script can be created to copy the necessary files).

    Privilege Management for Unix and Linux files for all host types
    /etc/services
    /etc/pb.settings
    /etc/pb.cfg (and pb.cfg.* on older installations)
    /etc/pb.key (if encryption is in use on the system)
    pb* log files (typically in /var/adm, /var/log or /usr/adm)

     

    Privilege Management for Unix and Linux files Policy Server
    /opt/pbul/policies/pb.conf
    All included Security Policy Sub Files
    Privilege Management for Unix and Linux database files (contents of databasedir which default to /opt/pbul/dbs)
    /etc/inetd.conf (or your xinetd, launchd, or SMF configuration file)
    Any event log or I/O log files to save

     

    Privilege Management for Unix and Linux Submit Host and Run Host files
    /etc/inetd.conf (or your xinetd, launchd, or SMF configuration file)

     

    Privilege Management for Unix and Linux Log Server files
    /etc/inetd.conf (or your xinetd, launchd, or SMF configuration file), /etc/inetd.conf
    Any event log or I/O log files to save

     

    Privilege Management for Unix and Linux GUI Host files
    /etc/inetd.conf (or your xinetd, launchd, or SMF configuration file), /etc/inetd.conf
  4. Determine in which directories to install the new Privilege Management for Unix and Linux log files, administration programs, and user programs. If you choose different directories for the Privilege Management for Unix and Linux programs, you might need to update the path variable for the root user and other users.
  5. Be aware that users cannot submit monitored task requests while Privilege Management for Unix and Linux updates are in progress. Consider writing a Privilege Management for Unix and Linux configuration policy file that rejects all users from executing pbrun and echoes a print statement to their screen, informing them that a Privilege Management for Unix and Linux upgrade is in progress.
  6. Privilege Management for Unix and Linux releases are always upward-compatible when encryption is not used. We recommend that you perform an uninstall if a release is replaced by a Privilege Management for Unix and Linux version older than 2.8.1.
  7. If you use an encrypted settings file and intend to do an upgrade or reinstall, then the unencrypted version of the settings file needs to be restored before performing an upgrade or reinstall; otherwise, the settings file cannot be read.
  8. If you have a previous installation of Privilege Management for Unix and Linux for v5.1 or earlier and your encryption is set to none, then when you install Privilege Management for Unix and Linux v5.2, all the encryption options (options 98 through 103) are set to none. You can change these options during installation.

For more information on changing these options, please see Installation Process.

pbinstall Install Upgrades

Starting with Privilege Management for Unix and Linux v2.8.1, it is not necessary to uninstall Privilege Management for Unix and Linux to upgrade to a new version, reinstall the same version, or reinstall an older version.

To upgrade or reinstall Privilege Management for Unix and Linux with the same configuration as the currently installed version, run pbinstall in batch mode:

./pbinstall -b

If you perform a reinstall of an older version, be aware that the older version may not have the same features as the newer version. In this case, the upgrade process discards the configuration of the features that are not available in the older version of Privilege Management for Unix and Linux. When you upgrade to the newer version, make sure to configure the newer features when running pbinstall.

To change the configuration of Privilege Management for Unix and Linux during the upgrade or reinstall, run pbinstall in interactive mode:

./pbinstall

The present configuration is read into pbinstall. Make the desired configuration changes and then use the c command to continue. pbinstall then installs Privilege Management for Unix and Linux with the new configuration.

For step-by-step instructions for using pbinstall, please see Step-by-Step Instructions for a Basic Installation Using pbinstall.

pbmakeremotetar Install Upgrades and Reinstallations

Upgrading or reinstalling Privilege Management for Unix and Linux with pbmakeremotetar is the same process as installing with pbmakeremotetar. There is one difference to be aware of. In pbinstall, the in-place files are backed up as sybak files during the upgrade process; whereas in a pbmakeremotetar upgrade or reinstall, the files are overwritten.

Post-Upgrade Instructions

If you want to encrypt your settings file after upgrading Privilege Management for Unix and Linux, then save a copy of the unencrypted file (for future upgrades) and re-encrypt the settings file.

Patch Installations

For information on how to perform a patch installation, please see pbpatchinstall.