The options file allows the system administrator to control various operating parameters of FLEX lm . Specifically the system administrator can:
· Allow the use of features based on user, hostname, or display name.
· Deny the use of features based on user, hostname, or display name.
· Reserve licenses based on user, hostname, or display name.
· Control the amount of information logged about license usage.
Options files allow you, as the system administrator, to be as secure or open with licenses as you like.
Creating an Options File
1. Use the appropriate options listed in Customizing the Options File to create the options file using any text editor. You can put the options file anywhere; however, we recommend that the option file for vendor xyz be placed in/usr/local/flexlm/options/xyz.opt .
2. Add the pathname to the options file in the license file. The fourth field on the DAEMON line for the application's vendor daemon. For example,
Customizing the Options File
The following sections provide an overview of the options file syntax. See Understanding Options Files for examples and additional information.
Each line of the file controls one option. The following table lists the options:
You can include comments in your options file by starting each comment line with a pound sign "#". Everything in an options file is case sensitive. Be sure that user names and feature names, for example, are entered correctly.
INCLUDE
Includes a user, host, display, or group of users in the list of users allowed to use the feature. Anyone not in an INCLUDE statement will not be allowed to use that feature.
featurename Name of the feature being affected.
type One of GROUP, USER, HOST, DISPLAY.
name Name of the user or group to include.
To include user "bob" in the list of users able to use feature f1:
INCLUDEALL
Includes a user, host, display, or group of users in the list of users allowed to use all features served by this vendor daemon. Anyone not in an INCLUDEALL statement will not be allowed to use that feature.
type One of GROUP, USER, HOST, DISPLAY.
name Name of the user or group to include.
To allow the user "sallie" to use all features served by this vendor daemon:
EXCLUDE
Excludes a user, host, display, or group of users in the list of users allowed to use the feature. Excluded users will not be allowed to use the feature.
featurename Name of the feature being affected.
type One of GROUP, USER, HOST, DISPLAY.
name Name of the user or group to include.
To exclude the user "hank" from the list of users able to use feature f1:
EXCLUDEALL
Excludes a user, host, display, or group of users in the list of users allowed to use all features served by this vendor daemon.
type One of GROUP, USER, HOST, DISPLAY.
name Name of the user or group to include.
To exclude any user on the server "chaos" from using all features served by this vendor daemon:
RESERVE
RESERVE numlic featurename type name
Reserves licenses for a specific user.
numlic Number of licenses to reserve.
featurename Name of feature to reserve.
type Type of user to reserve for, one of GROUP, USER, HOST, DISPLAY.
name Name of the user or group to reserve licenses for.
To reserve one license of feature f1 for user "mel":
Note: Any licenses reserved for a user are dedicated to that user. Even when that user is not actively using the license, the license is unavailable to other users.
GROUP
Defines a group of users for use in INCLUDE, INCLUDEALL, EXCLUDE, EXCLUDEALL, and RESERVE option lines.
groupname Name of the group being defined.
usernamelist List of user names in that group.
To define the group Hackers consisting of bob, howard, and james:
Note: In FLEX lm v3.0 multiple GROUP lines add all the users specified into the group. Pre-v3.0 FLEX lm daemons do not allow multiple GROUP lines to concatenate.
NOLOG
Turns off logging of specific events from lmgrd .
what What to turn off; one of IN, OUT, DENIED, or QUEUED.
To turn off logging of checkins from lmgrd :
To turn off logging of checkouts and queued requests two separate NOLOG lines are required:
TIMEOUT
Set the time after which an inactive license is reclaimed by the vendor daemon.
featurename Name of the feature.
seconds Number of seconds after which inactive license is reclaimed.
To set the timeout for feature f1 to one hour (3600 seconds):
TIMEOUT removes a feature from a user if he has been "idle" for a period longer than the specified time period, and someone else wants the license. The daemon declares a process idle when it has not heard from the process (the client sends heartbeats). The application must explicitly declare itself idle for this to work, or it must be stopped (^Z).
The application vendor can also disable the timeout feature, in which case the TIMEOUT option has no effect. The vendor can set a minimum value for the timeout. If you specify a timeout value smaller than the minimum, the minimum is used. The default minimum value is 9000 seconds (15 minutes).
If you do not specify a timeout value in your options file, then there will be no timeout for that feature.
Understanding Options Files
The following information gives an overview of the syntax of a complete options file and some samples intended to illustrate ways to effectively control access to your licenses.
How lmgrd uses the options file
When the vendor daemon is started by lmgrd , it is passed the location of the options file. The location is specified inlicense file for that product, in the DAEMON line. If no file is listed the daemon will not use any options file.
Rules of precedence in options files
Before you can use options to secure licenses effectively you must understand the options file precedence. INCLUDE and EXCLUDE statements can be combined in the same options file and control access to the same features. When doing so, keep in mind the following:
· If there is only an EXCLUDE list, everyone who is not on the list will be allowed to use the feature.
· If there is only an INCLUDE list, only those users on the list will be allowed to use the feature.
· If neither list exists, then everyone is allowed to use the feature.
· The EXCLUDE list is checked before the INCLUDE list; so someone who is on both lists will not be allowed to use the feature.
Once you create an INCLUDE or EXCLUDE list everyone else is implicitly "outside" the group. This feature allows you, as an administrator, the ability to secure licenses without having to explicitly list each user that you wish to allow or deny access to. In other words there are two approaches; you can either:
· Give most users access and list only the exceptions or
· Severely limit access and list only the those users with access privileges.
Simple options file example
RESERVE 3 compile HOST mainline
· Reserve one copy of the feature "compile" for the user "robert."
· Reserve three copies for anyone on a computer with the hostname "mainline."
· Prevent the user "lori" from using the "compile" feature on any node on the network.
· Cause QUEUED messages to be omitted from the log file.
The sum total of the licenses reserved must be less than or equal to the number of licenses specified in the FEATURE line. In the example above, there must be a minimum of four licenses on the "compile" FEATURE line.
If this data were in file /usr/local/flexlm/options/local.options you would modify the license file DAEMON line as follows:
Note: The previous example should appear on one line in your license file for pre-v3.0 FLEX lm software. After v3.0, it can appear either on one line, or continued on a second line as shown.
Limiting access for multiple users
Each INCLUDE, INCLUDEALL, EXCLUDE, EXCLUDEALL, and RESERVE line must have a single user name (or group) listed. To affect more than one user name create a GROUP. For example to exclude "bob," "howard," and "james" from using the feature called "toothbrush" we could create the following options file:
EXCLUDE toothbrush USER howard
There is an easier way though. Create a GROUP and exclude the list of users from using the feature. Like the previous example, the following options file would exclude "bob", "howard" and "james" from using the feature called "toothbrush":
- # First define the group "Hackers"
- GROUP Hackers bob howard james
- # Then exclude the group
- EXCLUDE toothbrush GROUP Hackers
Now when you want to allow or deny access to any feature to that group, you have an "alias" list to make it simple.
Note: In FLEX lm v3.0 multiple GROUP lines will add all the users specified into the group. Pre-v3.0 FLEX lmdaemons do not allow multiple GROUP lines to concatenate.
The GROUP function only works for a list of user names. To allow, deny or reserve licenses for multiple hosts or displays you must use multiple option lines. For example, to exclude all users logged in on the hosts "fred" and "barney" from using a feature called "f1" add these lines to your options file:
EXCLUDE example
- #First Define the group "painters"
- GROUP painters picasso mondrian klee
- EXCLUDE spell GROUP pinters
- EXCLUDE spell USER bob
- EXCLUDE spell HOST bigbrush
· Prevent the users "picasso," "mondrian," and "klee" from using the feature "spell" on any machine on the network.
· Prevent the user "bob" from using the feature "spell" on any machine on the network.
· Prevent any user logged into the host "bigbrush" from using the feature "spell"
· Allow any other user, as long as they are not on "bigbrush", and they are not in "painters" and they are not "bob" to use feature "spell" (By implication.)
Note that "bob" could have been added to the group painters. However, "painters" might be used for some other purpose in the future so the system administrator chose to handle "bob" as a special case here. In this case, the two EXCLUDE statements concatenate to create a list of four users.
INCLUDE example
This options file allows the following:
· User "picasso" to use the feature "paint" on any machine on the network.
· User "mondrain" to use the feature "paint" on any machine on the network.
· Any user, as long as they are on the host "bigbrush", to use feature "paint"
· Deny access to the feature "paint" to anyone except "jenny", "bob" or anyone from the host "bigbrush" (By implication.)