SAS/SHARE Server Tasks

Task List

  1. Configure the SAS/SHARE server service.
  2. Specify SAS options and security programs and services (optional).
    • If the server is to run secured, set the TCPSEC= option to require client authentication.
    • Configure the authorization of users on servers.
    • Configure the Authentication program.
    • Configure the Permission program.
    • Specify options to encrypt client/server data transfers.
  3. Specify TCP/IP as the communications access method.
  4. Specify the server.

Configuring the Server Service

Each server must be defined as a service in the /etc/services file on each node that a client will access. For details about editing the /etc/services file, see Configuring the SERVICES File.
Example: 
sassrv2   5011/tcp  # 
SAS/SHARE server 2

Setting the TCPSEC Option to Require Client Authentication

To authenticate connecting clients, you must specify the value _SECURE_ in the TCPSEC= option to require that clients provide a user ID and a password that are valid on the server. For details about the TCPSEC= option, see SAS/SHARE Options Only .
Example: 
options TCPSEC=_secure_;

Configuring User Access Authority

If SAS was installed from the root account, you can assume that the following task has already been performed. If SAS was not installed from the root account, in order to verify a client's identity and the user's authority to access resources, you must configure resources on the computer that the server runs on. You can provide security on the server by using one of the following:
  1. From the root account, to access the SAS Setup Primary menu, issue the following command at a shell prompt (where !sasroot is the directory in which SAS was installed). 
    !sasroot/sassetup
    From the SAS Setup Primary menu, select the following Run Setup Utilitiesthen selectPerform SAS System Configurationthen selectConfigure User Authorization
  2. Alternatively, issue the following commands at a UNIX shell prompt: 
    su root
cd !sasroot/utilities/bin
chown root sasauth sasperm sastcpd objspawn
chmod 4755 sasauth sasperm sastcpd objspawn
exit

Configuring the Authentication Program

To configure the Authentication program, !sasroot/utilities/bin/sasauth must be owned by root, and the “Set-user-id” mode bit must be set for the file (chmod 4755 !sasroot/utilities/bin/sasauth). The built-in Authentication program sasauth is started automatically when a client accesses a server that is secured. This program verifies the user ID and password that allows a client to access the server.

Configuring the Permission Program

To configure the Permission program, !sasroot/utilities/bin/sasperm must be owned by root, and the “Set-user-id” mode bit is set for the file (chmod 4755 !sasroot/utilities/bin/sasperm).
When given a validated user ID, the server automatically runs the default program sasperm. The sasperm program verifies that the requesting user has access authority to the file or to the directory that is specified. sasperm validates:
  • the user ID
  • the file or the directory path for a SAS library or SAS file
  • the file or the directory access permissions (read or write)

Encrypting Data in Server/Client Transfers

If an encryption service is configured at the server, you can specify SAS options to encrypt data that a server transfers to a client. For example: 
options netencrypt netencryptalgorithm=ssl;
options sslcalistloc="/users/johndoe/certificates/cacerts.pem";
The NETENCRYPT option specifies that all data transfers between a server and a client will be encrypted. SSL is the encryption service that is specified in the NETENCRYPTALGORITHM= option. The SSLCALISTLOC= option specifies the name of a file that contains a list of CA certificates that are to be trusted. For details about encryption, see Encryption in SAS, located in the Base SAS Help and Documentation.

Specifying TCP/IP as the Communications Access Method

You must specify the TCP/IP communications access method at the server before a client can access it. Use the COMAMID= option in an OPTIONS statement.
Example: 
options comamid=tcp;
The COMAMID= option specifies the communications access method. TCP specifies the TCP/IP access method.
Alternatively, you can specify the COMAMID= option in a SAS start-up command or in a SAS configuration file.

Specifying the Server

You must specify the name of the server in the SERVER= option in the PROC SERVER statement. Here is the syntax: 
SERVER=server-ID
server-ID can be either a server-ID or a port number. The value for server-ID corresponds to the service that was configured in the /etc/services file. For details, see Configuring the SERVICES File.
port is the unique number that is associated with the service that is used for transferring data between a client and a server.
Precede the port number with two consecutive underscores.
Note: Do not space after the first underscore or the second underscore.
Note: Specifying a server by using a port number is not supported for ODBC clients.
Examples: 
proc server server=apex;
proc server server=_ _5000;
For more information about creating valid SAS names, see Rules for Words and Names in the SAS Language in SAS Language Reference: Concepts. For details about PROC SERVER, see The SERVER Procedure in SAS/SHARE User's Guide.

SAS/SHARE Server Example

The following example shows commands that you specify in the server configuration file on a UNIX computer. The value _SECURE_ that is specified in the TCPSEC option requires clients to provide a user ID and a password that are valid on the server. 
-set TCPSEC _secure_

options comamid=tcp;
proc server id=share1;
run;
The COMAMID= option specifies the TCP/IP access method. The PROC SERVER statement specifies the server SHARE1.
Copyright © SAS Institute Inc. All rights reserved.