SAS/SHARE Server Tasks

Each server must be defined as a service in the /etc/services file on each node that a client will access. For details about editing the /etc/services file, see Configuring the Services File.

Example:

sassrv2   5011/tcp  # 
SAS/SHARE server 2

To authenticate connecting clients, you must specify the value _SECURE_ in the TCPSEC= option to require that clients provide a user ID and a password that are valid on the server. For details about the TCPSEC= option, see SAS/SHARE Options Only .

Example:

options TCPSEC=_secure_;

If SAS was installed from the root account, you can assume that the following task has already been performed. If SAS was not installed from the root account, you must configure resources on the computer that the server runs on. in order to verify a client's identity and the user's authority to access resources. You can provide security on the server by using one of the following:

To configure the Authentication program, !sasroot/utilities/bin/sasauth must be owned by root, and the “Set-user-id” mode bit must be set for the file (chmod 4755 !sasroot/utilities/bin/sasauth). The built-in Authentication program sasauth is started automatically when a client accesses a server that is secured. This program verifies the user ID and password that allows a client to access the server.

To configure the Permission program, !sasroot/utilities/bin/sasperm must be owned by root, and the “Set-user-id” mode bit is set for the file (chmod 4755 !sasroot/utilities/bin/sasperm).

When given a validated user ID, the server automatically runs the default program sasperm. The sasperm program verifies that the requesting user has access authority to the file or to the directory that is specified. sasperm validates:

If an encryption service is configured at the server, you can specify SAS options to encrypt data that a server transfers to a client. For example:

options netencrypt netencryptalgorithm=ssl;
options sslcalistloc="/users/johndoe/certificates/cacerts.pem";

The NETENCRYPT option specifies that all data transfers between a server and a client will be encrypted. SSL is the encryption service that is specified in the NETENCRYPTALGORITHM= option. The SSLCALISTLOC= option specifies the name of a file that contains a list of CA certificates that are to be trusted. For details about encryption, see Encryption in SAS, located in the Base SAS Help and Documentation.

You must specify the TCP/IP communications access method at the server before a client can access it. Use the COMAMID= option in an OPTIONS statement.

Example:

options comamid=tcp;

The COMAMID= option specifies the communications access method. TCP specifies the TCP/IP access method.

Alternatively, you can specify the COMAMID= option in a SAS start-up command or in a SAS configuration file.

You must specify the name of the server in the SERVER= option in the PROC SERVER statement. Here is the syntax:

server=server-ID

server-ID can be either a server-ID or a port number. The value for server-ID corresponds to the service that was configured in the /etc/services file. For details, see Configuring the Services File.

port is the unique number that is associated with the service that is used for transferring data between a client and a server.

Precede the port number with two consecutive underscores.

Examples:

proc server server=apex;
proc server server=_ _5000;

For more information about creating valid SAS names, see Rules for Words and Names in the SAS Language in SAS Language Reference: Concepts. For details about PROC SERVER, see SERVER Procedure in SAS/SHARE User's Guide.

The following example shows commands that you specify in the server configuration file on a UNIX computer. The value _SECURE_ that is specified in the TCPSEC option requires clients to provide a user ID and a password that are valid on the server.

-set TCPSEC _secure_

options comamid=tcp;
proc server id=share1;
run;

The COMAMID= option specifies the TCP/IP access method. The PROC SERVER statement specifies the server SHARE1.