#!/bin/bash
#
#
#  COPYRIGHT 2003-2014, EMULEX CORPORATION
#  3333 Susan St., Costa Mesa, CA 92626
#
#  All rights reserved.  This computer program and related documentation
#  is protected by copyright  and distributed under licenses restricting
#  its use,  copying,  distribution  and decompilation.    This computer
#  program  and its  documentation  are CONFIDENTIAL  and a TRADE SECRET
#  of EMULEX CORPORATION.   The receipt or  possession of  this  program
#  or its documentation does not  convey rights to reproduce or disclose
#  its  contents,  or to  manufacture, use, or sell anything that it may
#  describe, in whole or in part,  without the specific  written consent
#  of  EMULEX CORPORATION.   Any reproduction  of  this program  without
#  the express  written  consent  of EMULEX  CORPORATION  is a violation
#  of the  copyright laws  and may  subject you to  criminal prosecution.

platform_os=`uname -s`
mode_of_operation="3"
enable_tcpip_operation="y"
secure_management_mode="u"
change_mode_of_operation="y"
read_only_mode_of_operation="n"
tcp_socket_change="n"
socket_port_value="23333"
management_host_address=""
management_host_mode="n"
management_host_is_exclusive="n"
user_input="y"
install_called=$1
undefined_groups=""

if [ "$platform_os" = "Linux" ];then
    INSTALL_DIR=usr/sbin/ocmanager
    CONF_DIR="etc/emulex/ocmanager"
    DUMP_DIR=var/opt/emulex/ocmanager/Dump
    LOG_DIR=var/opt/emulex/ocmanager/logs
else
    INSTALL_DIR=opt/ELXocm
    DUMP_DIR="$INSTALL_DIR"
    LOG_DIR="$INSTALL_DIR"
fi

question_enable_tcpip()
{
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do
        echo ""
        if [ "$mode_of_operation" = "2" ];then
            echo "Do you want to enable TCP/IP Management from remote hosts? (Y/N)" 
        else
            echo "Do you want to enable TCP/IP Management to/from remote hosts? (Y/N)"
        fi 
        echo ""
        echo "Enter 'y' to enable TCP/IP remote management (default)."
        echo "Enter 'n' to disable TCP/IP remote management."
        echo 
        printf "Enter the letter 'y' or 'n': "

        # Obtain user selection for OneCommand Manager client read only mode of operation
        read enable_tcpip_operation
        if [ "$enable_tcpip_operation" = "N" ] || [ "$enable_tcpip_operation" = "n" ]; then
            enable_tcpip_operation="n"
            socket_port_value="0"
            echo "You selected: disable TCP/IP remote management "
            stay_in_loop=0;
        elif [ "$enable_tcpip_operation" = "Y" ] || [ "$enable_tcpip_operation" = "y" ]; then
            enable_tcpip_operation="y"
            echo "You selected: enable TCP/IP remote management "
            stay_in_loop=0;
        else
            echo "Invalid Selection "
        fi
    done
}

question_tcp_port_number()
{
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do
        echo ""

        printf "Enter TCP/IP port number to use or blank for default (23333): "

        # Obtain user selection for OneCommand Manager tcp port number
        read socket_port_value
        if [ "$socket_port_value" = "" ];then
            stay_in_loop=0;
            socket_port_value="23333"
        fi

        # verify user did not enter any non-digit in integer string
        test_value=`echo $socket_port_value | tr -d "0123456789"`
        if [ "$test_value" == "" ];then
            if [ $((socket_port_value)) -ge 1024 ];then
                if [ $((socket_port_value)) -le 65536 ];then
                    stay_in_loop=0;
                fi
            fi
        fi
        if [ $stay_in_loop -eq 1 ];then
            echo "Invalid entry; valid port number must be decimal integer value > 1024 and < 65536 "
        fi
    done
}

question_management_host_address()
{
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do
        echo ""
        printf "Enter management host address (blank for none): " 
        # Obtain user selection for OneCommand Manager remote IP address or host name
        read management_host_address
        if [ "$management_host_address" = "" ];then
            stay_in_loop=0;
            management_host_address=""
        else
            # call verification script
            #           -1 = no address argument
            #            0 = good address
            #            1 = bad address
            #            2 = local host
            #            3 = host name not found
            /${INSTALL_DIR}/elxchkaddr $management_host_address
            return_status=$?
            if [ $return_status -eq 0 ]; then
                stay_in_loop=0;     # good address
            else
                if [ $return_status -eq 1 ]; then
                    echo "Host address $management_host_address appears to be an invalid IP address or host name."
                    echo "Please correct address and re-enter.\n"
                else
                    if [ $return_status -eq 2 ]; then
                        echo "Host address $management_host_address appears to be the local host address."
                        echo "Address should be address of remote machine."
                        echo "Please re-enter using remote address or hostname."
                    else
                        if [ $return_status -eq 3 ]; then
                            stay_in_loop2=1
                            while [ $stay_in_loop2 -eq 1 ]
                            do
                                echo ""
                                echo "Host name $management_host_address not found."
                                echo "Do you want to use this host name anyway? (Y/N)"
                                echo 
                                printf "Enter the letter 'y' or 'n': "

                                # Obtain user selection 
                                read user_input
                                if [ "$user_input" = "N" ] || [ "$user_input" = "n" ]; then
                                    stay_in_loop2=0
                                elif [ "$user_input" = "Y" ] || [ "$user_input" = "y" ]; then
                                    echo "You selected host name $management_host_address "
                                    stay_in_loop2=0
                                    stay_in_loop=0
                                else
                                    echo "Invalid Selection, enter either 'y' or 'n'."
                                fi 
                            done
                        else
                            echo "Host address $management_host_address appears to be an invalid IP address or host name."
                            echo "Please correct address and re-enter.\n"
                        fi
                    fi
                fi
            fi
        fi
    done
}

question_exclusive_host()
{
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do
        echo ""
        echo ""
        echo "Exclude management of this host from any other host"
        echo "(other than management host) (y/n)?"
        echo ""
        echo "Enter 'y' to limit remote management to ONLY the management host (default)."
        echo "Enter 'n' to allow other remote hosts to manage this host"
        echo "          in addition to the management host."
        echo 
        printf "Enter the letter 'y' or 'n': "

        # Obtain user selection for OneCommand Manager exclusive remote oob management
        read management_host_is_exclusive
        if [ "$management_host_is_exclusive" = "N" ] || [ "$management_host_is_exclusive" = "n" ]; then
            management_host_is_exclusive="n"
            echo "You selected: no exclusive host management "
            stay_in_loop=0;
        elif [ "$management_host_is_exclusive" = "Y" ] || [ "$management_host_is_exclusive" = "y" ]; then
            management_host_is_exclusive="y"
            echo "You selected: exclusive host management "
            stay_in_loop=0;
        else
            echo "Invalid Selection "
        fi
    done
}

question_secure_management_mode()
{
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do
        echo ""
        echo "Do you want to enable Secure Management feature for OneCommand? (s/u)" 
        echo ""
        echo "The secure management feature requires OneCommand groups be configured on"
        echo "the LDAP network or the local host machine to provide for OneCommand operation."
        echo ""
        echo "Enter 's' to select secure management. (LDAP/NIS OCM group configuration required)"
        echo "Enter 'u' to run without secure management (default). "
        echo
        printf "Enter the letter 's' or 'u': "

        # Obtain user selection for OneCommand Manager client read only mode of operation
        read secure_management_mode
        if [ "$secure_management_mode" = "U" ] || [ "$secure_management_mode" = "u" ]; then
            secure_management_mode="u"
            echo "You selected: Secure Management Disabled"
            stay_in_loop=0;
        elif [ "$secure_management_mode" = "S" ] || [ "$secure_management_mode" = "s" ]; then
            secure_management_mode="s"
            echo "You selected: Secure Management Enabled"
            stay_in_loop=0;
        else
            echo "Invalid Selection "
        fi
    done
}

question_management_mode()
{
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do     
        echo
        echo "Select desired mode of operation for OneCommand Manager"
        echo
        echo  "   1   Strictly Local Management : Only manage the adapters on this host."
        echo  "                                   Management of adapters on this host from other"
        echo  "                                   hosts is not allowed."
        echo  "   2   Local Management Plus     : Only manage the adapters on this host."
        echo  "                                   Management of adapters on this host from other"
        echo  "                                   hosts is allowed."
        echo  "   3   Full Management           : Manage the adapters on this host and other"
        echo  "                                   hosts that allow it.  Management of the adapters"
        echo  "                                   on this host from another host is allowed."
        echo  "   4   Management Host           : Manage the adapters on this host and other hosts"
        echo  "                                   that allow it.  Management of the adapters on"
        echo  "                                   this host from another host is not allowed."
        echo
        printf "Enter the number 1, 2, 3, or 4: "

        # Obtain user selection for OneCommand Manager mode of operation
        read mode_of_operation
        if [ "$mode_of_operation" = "1" ];then
            echo "You selected: 'Local Only Mode' "
#        echo "(CNAs on this Platform can be managed by OneCommand apps on this Platform Only)"
    
            # On Linux:
            # Starting elxdiscoveryd at boot time is controlled by
            # chkconfig now. Previously, this was controlled
            # by /etc/emulexDiscConf.
            # By default, elxdiscoveryd does not start at time.
            
            # Turn off discovery daemon
            if [ "$platform_os" = "Linux" ];then
                if [ -f /etc/init.d/elxdiscoveryd ]; then
                    chkconfig --level 235 elxdiscoveryd off
                fi
            else
                if [ "$platform_os" = "SunOS" ];then
                    # Permanently disable the elxdiscoveryd daemon (until re-enabled by the user)
                    svcadm disable svc:/application/elxdiscoveryd:default > /dev/null 2>&1    

                    # Permanently disable the elxhbamgr daemon (until re-enabled by the user)    
                    # svcadm disable svc:/application/elxhbamgrd:default > /dev/null 2>&1    
                fi
            fi
            stay_in_loop=0
        else
            if [ "$mode_of_operation" = "2" ];then
                echo "You selected: 'Managed-only Mode' "
 
                question_enable_tcpip
           
                if [ "$enable_tcpip_operation" = "y" ]; then
                    question_management_host_address
                    if [ "$management_host_address" != "" ];then
                       question_exclusive_host    
                    fi
                    question_tcp_port_number
                fi
				
                # On Linux:
                # Starting elxdiscoveryd at boot time is controlled by
                # chkconfig now. Previously, this was controlled
                # by /etc/emulexDiscConf.
                # By default, elxdiscoveryd does not start at time.

                # Turn off discovery daemon
                if [ "$platform_os" = "Linux" ];then
                    if [ -f /etc/init.d/elxdiscoveryd ]; then
                        chkconfig --level 235 elxdiscoveryd off
                    fi
                else
                    if [ "$platform_os" = "SunOS" ];then
                        # Permanently disable the elxdiscoveryd daemon (until re-enabled by the user)
                        svcadm disable svc:/application/elxdiscoveryd:default > /dev/null 2>&1
                    fi
                fi
                # Turn on rmserver daemon
                if [ "$platform_os" = "Linux" ];then
                    chkconfig --level 235 elxhbamgrd on
                else
                    if [ "$platform_os" = "SunOS" ];then
                        # Permanently enable the elxhbamgrd daemon so that it initializes at boot
                        svcadm enable svc:/application/elxhbamgrd:default > /dev/null 2>&1    
                    fi
                fi
                stay_in_loop=0
            else
                if [ "$mode_of_operation" = "3" ];then
                    echo "You selected: 'Remote Mode' "
        
                    question_enable_tcpip

                    if [ "$enable_tcpip_operation" = "y" ]; then
                        question_management_host_address
                        if [ "$management_host_address" != "" ];then
                           question_exclusive_host
                        fi
                        question_tcp_port_number    
                    fi

                    # On Linux:
                    # Starting elxdiscoveryd at boot time is controlled by
                    # chkconfig now. Previously, this was controlled
                    # by /etc/emulexDiscConf.
                    # By default, elxdiscoveryd does not start at time.
                    
                    # Turn on discovery daemonaddress
                    if [ "$platform_os" = "SunOS" ];then
                        # Temporarily enable the elxdiscoveryd daemon (until the next reboot)
                        # To have it start at boot, /etc/emulexDiscConfig needs to be modified,
                        # which is done below.
                        svcadm enable -t svc:/application/elxdiscoveryd:default > /dev/null 2>&1
                    fi
                    
                    # current design has discovery daemon starting by 1st running of application
                    # unless AUTOSTART entry in /etc/emulexDiscConf is true
#                    /${INSTALL_DIR}/start_elxdiscovery	&

                    # Turn on rmserver daemon
                    if [ "$platform_os" = "Linux" ];then
                        chkconfig --level 235 elxhbamgrd on
                    else
                        if [ "$platform_os" = "SunOS" ];then
                            # Permanently enable the elxhbamgrd daemon so that it initializes at boot
                            svcadm enable svc:/application/elxhbamgrd:default > /dev/null 2>&1   
                        fi
                    fi
                    stay_in_loop=0
                else
                    if [ "$mode_of_operation" = "4" ];then
                        echo "You selected this host as a: 'Management Host' "
                        management_host_mode="y"
                        question_tcp_port_number
					    
                        # On Linux:
                        # Starting elxdiscoveryd at boot time is controlled by
                        # chkconfig now. Previously, this was controlled
                        # by /etc/emulexDiscConf.
                        # By default, elxdiscoveryd does not start at time.
                        
                        # Turn on discovery daemonaddress
                        if [ "$platform_os" = "SunOS" ];then
                            # Temporarily enable the elxdiscoveryd daemon (until the next reboot)
                            # To have it start at boot, /etc/emulexDiscConfig needs to be modified,
                            # which is done below.
                            svcadm enable -t svc:/application/elxdiscoveryd:default > /dev/null 2>&1
                        fi
                
                        # current design has discovery daemon starting by 1st running of application
                        # unless AUTOSTART entry in /etc/emulexDiscConf is true
#                      /${INSTALL_DIR}/start_elxdiscovery	&

                        # Turn on rmserver daemon
                        if [ "$platform_os" = "Linux" ];then
                            chkconfig --level 235 elxhbamgrd on
                        else
                            if [ "$platform_os" = "SunOS" ];then
                                # Permanently enable the elxhbamgrd daemon so that it initializes at boot
                                svcadm enable svc:/application/elxhbamgrd:default > /dev/null 2>&1   
                            fi
                        fi
                        stay_in_loop=0
                    else
                        stay_in_loop=1
                        echo
                        echo "Invalid Entry"
                        echo "Must Enter either '1', '2', '3' or '4'"
                    fi
                fi
            fi
        fi
    done
}

question_read_only()
{
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do
        echo ""
        echo "Would you like to enable configuration features for OneCommand" 
        echo "Manager clients on this platform?"
        echo ""
        echo "Enter 'y' to allow configuration (default)."
        echo "Enter 'n' for read-only mode. "
        echo
        printf "Enter the letter 'y' or 'n': "

        # Obtain user selection for OneCommand Manager client read only mode of operation
        read read_only_mode_of_operation
        if [ "$read_only_mode_of_operation" = "N" ] || [ "$read_only_mode_of_operation" = "n" ]; then
            read_only_mode_of_operation="y"
            echo "You selected: Read Only mode "
            stay_in_loop=0;
        elif [ "$read_only_mode_of_operation" = "Y" ] || [ "$read_only_mode_of_operation" = "y" ]; then
            read_only_mode_of_operation="n"
            echo "You selected: Yes, enable configuration"
            stay_in_loop=0;
        else
            echo "Invalid Selection "
        fi
    done
}

question_change_management_mode()
{
    # obtain user selection for change mode permission
    stay_in_loop=1
    while [ $stay_in_loop -eq 1 ]
    do 
        echo ""
        echo "Do you want to allow user to change management mode using" 
        echo "set_operating_mode script located in /${INSTALL_DIR} ?"
        echo ""
        printf "Enter the letter 'y' if yes, or 'n' if no: "

        # Obtain user selection for OneCommand Manager mode of operation
        read change_mode_of_operation
        if [ "$change_mode_of_operation" = "y" ] || [ "$change_mode_of_operation" = "Y" ];then
            echo "You selected: Yes "
            stay_in_loop=0;
        fi
        if [ "$change_mode_of_operation" = "n" ] || [ "$change_mode_of_operation" = "N" ];then
            echo "You selected: No "
            stay_in_loop=0;
        fi
        if [ $stay_in_loop -eq 1 ];then
            echo "Invalid Selection "
        fi
    done
}

add_group_privileges_ufs()
{
    # Some files may or may not exist yet. Create them so we can set the privileges.
    touch /${INSTALL_DIR}/rm.log
    touch /${INSTALL_DIR}/cnaboardmgmt.log
    touch /etc/emulexRMPref
    
    setfacl -r -m g:ocmadmin:rwx      /${INSTALL_DIR} > /dev/null 2>&1 
    setfacl -r -m g:ocmlocaladmin:rwx /${INSTALL_DIR} > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rwx       /${INSTALL_DIR} > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rwx  /${INSTALL_DIR} > /dev/null 2>&1

    setfacl -r -m g:ocmadmin:r-x      /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:r-x /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    setfacl -r -m g:ocmuser:r-x       /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:r-x  /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    
    setfacl -r -m g:ocmadmin:rw-      /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rw- /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rw-       /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rw-  /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    
    setfacl -r -m g:ocmadmin:rw-      /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rw- /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rw-       /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rw-  /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1

    # If RMRepository doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/RMRepository ]; then
        mkdir -p /${INSTALL_DIR}/RMRepository
    fi
    setfacl -r -m g:ocmadmin:rwx      /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rwx /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rwx       /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rwx  /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    
    # If misc directory doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/misc ]; then
        mkdir -p /${INSTALL_DIR}/misc
    fi
    setfacl -r -m g:ocmadmin:r-x      /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:r-x /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -r -m g:ocmuser:r-x       /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:r-x  /${INSTALL_DIR}/misc > /dev/null 2>&1

    # bugzill 125989
    if [ ! -r /${INSTALL_DIR}/misc/lockFile.sem ]; then
        touch /${INSTALL_DIR}/misc/lockFile.sem
    fi
    setfacl -r -m g:ocmadmin:rw-      /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rw- /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rw-       /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rw-  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
 
    # bugzill 134308
    if [ ! -r /${INSTALL_DIR}/misc/hbahost_lock.sem ]; then
        touch /${INSTALL_DIR}/misc/hbahost_lock.sem
    fi   
    setfacl -r -m g:ocmadmin:rw-      /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rw- /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rw-       /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rw-  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
 
    # If Dump doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/Dump ]; then
        mkdir -p /${INSTALL_DIR}/Dump
    fi
    setfacl -r -m g:ocmadmin:rwx      /${INSTALL_DIR}/Dump > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rwx /${INSTALL_DIR}/Dump > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rwx       /${INSTALL_DIR}/Dump > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rwx  /${INSTALL_DIR}/Dump > /dev/null 2>&1
    
    setfacl -r -m g:ocmadmin:rw- /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -r -m g:ocmadmin:rw- /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -r -m g:ocmadmin:rw- /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -r -m g:ocmadmin:rw- /etc/emulexRMPref > /dev/null 2>&1

    setfacl -r -m g:ocmlocaladmin:rw- /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rw- /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rw- /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:rw- /etc/emulexRMPref > /dev/null 2>&1

    setfacl -r -m g:ocmuser:rw- /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rw- /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rw- /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -r -m g:ocmuser:rw- /etc/emulexRMPref > /dev/null 2>&1

    setfacl -r -m g:ocmlocaluser:rw- /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rw- /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rw- /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:rw- /etc/emulexRMPref > /dev/null 2>&1
    
    setfacl -r -m g:ocmadmin:r-x      /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    setfacl -r -m g:ocmlocaladmin:r-x /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    setfacl -r -m g:ocmuser:r-x       /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    setfacl -r -m g:ocmlocaluser:r-x  /${INSTALL_DIR}/ocmanager > /dev/null 2>&1

    # Recursively set privileges to all files and subdirectories in opt/ELXocm/jre.
    find /${INSTALL_DIR}/jre -exec setfacl -r -m g:ocmadmin:r-x > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/jre -exec setfacl -r -m g:ocmlocaladmin:r-x > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/jre -exec setfacl -r -m g:ocmuser:r-x > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/jre -exec setfacl -r -m g:ocmlocaluser:r-x > /dev/null 2>&1 {} \;

    # If config doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/config ]; then
        mkdir -p /${INSTALL_DIR}/config
    fi
    # Recursively set privileges to all files and subdirectories in opt/ELXocm/config.
    find /${INSTALL_DIR}/config -exec setfacl -r -m g:ocmadmin:rwx > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/config -exec setfacl -r -m g:ocmlocaladmin:rwx > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/config -exec setfacl -r -m g:ocmuser:rwx > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/config -exec setfacl -r -m g:ocmlocaluser:rwx > /dev/null 2>&1 {} \;
}

remove_group_privileges_ufs()
{
    setfacl -d g:ocmadmin:      /${INSTALL_DIR} > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR} > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR} > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR} > /dev/null 2>&1

    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    
    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    
    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1

    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    
    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/misc > /dev/null 2>&1
   
    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1

    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1

    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/Dump > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/Dump > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/Dump > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/Dump > /dev/null 2>&1
    
    setfacl -d g:ocmadmin: /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -d g:ocmadmin: /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -d g:ocmadmin: /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -d g:ocmadmin: /etc/emulexRMPref > /dev/null 2>&1

    setfacl -d g:ocmlocaladmin: /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /etc/emulexRMPref > /dev/null 2>&1

    setfacl -d g:ocmuser: /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -d g:ocmuser: /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -d g:ocmuser: /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -d g:ocmuser: /etc/emulexRMPref > /dev/null 2>&1

    setfacl -d g:ocmlocaluser: /etc/emulexDiscConfig > /dev/null 2>&1
    setfacl -d g:ocmlocaluser: /etc/emulexRMConfig > /dev/null 2>&1
    setfacl -d g:ocmlocaluser: /etc/emulexRMOptions > /dev/null 2>&1
    setfacl -d g:ocmlocaluser: /etc/emulexRMPref > /dev/null 2>&1
    
    setfacl -d g:ocmadmin:      /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    setfacl -d g:ocmlocaladmin: /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    setfacl -d g:ocmuser:       /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    setfacl -d g:ocmlocaluser:  /${INSTALL_DIR}/ocmanager > /dev/null 2>&1

    # Recursively set privileges to all files and subdirectories in opt/ELXocm/jre.
    find /${INSTALL_DIR}/jre -exec setfacl -d g:ocmadmin: > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/jre -exec setfacl -d g:ocmlocaladmin: > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/jre -exec setfacl -d g:ocmuser: > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/jre -exec setfacl -d g:ocmlocaluser: > /dev/null 2>&1 {} \;

    # Recursively set privileges to all files and subdirectories in opt/ELXocm/config.
    find /${INSTALL_DIR}/config -exec setfacl -d g:ocmadmin: > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/config -exec setfacl -d g:ocmlocaladmin: > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/config -exec setfacl -d g:ocmuser: > /dev/null 2>&1 {} \;
    find /${INSTALL_DIR}/config -exec setfacl -d g:ocmlocaluser: > /dev/null 2>&1 {} \;
}

add_group_privileges_zfs()
{
    # Some files may or may not exist yet. Create them so we can set the privileges.
    touch /${INSTALL_DIR}/rm.log
    touch /${INSTALL_DIR}/cnaboardmgmt.log
    touch /etc/emulexRMPref
    
    /usr/bin/chmod  A+group:ocmadmin:rwx:allow       /${INSTALL_DIR} > /dev/null 2>&1 
    /usr/bin/chmod  A+group:ocmlocaladmin:rwx:allow  /${INSTALL_DIR} > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rwx:allow        /${INSTALL_DIR} > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rwx:allow   /${INSTALL_DIR} > /dev/null 2>&1

    /usr/bin/chmod  A+group:ocmadmin:rx:allow       /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rx:allow  /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rx:allow        /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rx:allow   /${INSTALL_DIR}/hbacmd > /dev/null 2>&1

    /usr/bin/chmod  A+group:ocmadmin:rw:allow       /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rw:allow  /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rw:allow        /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rw:allow   /${INSTALL_DIR}/rm.log > /dev/null 2>&1

    /usr/bin/chmod  A+group:ocmadmin:rw:allow       /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rw:allow  /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rw:allow        /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rw:allow   /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1

    # If RMRepository doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/RMRepository ]; then
        mkdir -p /${INSTALL_DIR}/RMRepository
    fi
    /usr/bin/chmod  A+group:ocmadmin:rwx:allow       /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rwx:allow  /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rwx:allow        /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rwx:allow   /${INSTALL_DIR}/RMRepository > /dev/null 2>&1

    # If misc directory doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/misc ]; then
        mkdir -p /${INSTALL_DIR}/misc
    fi
    /usr/bin/chmod  A+group:ocmadmin:rx:allow /${INSTALL_DIR}/misc > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rx:allow /${INSTALL_DIR}/misc > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rx:allow /${INSTALL_DIR}/misc > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rx:allow /${INSTALL_DIR}/misc > /dev/null 2>&1

    # bugzill 125989
    if [ ! -r /${INSTALL_DIR}/misc/lockFile.sem ]; then
        touch /${INSTALL_DIR}/misc/lockFile.sem
    fi   
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
 
    # bugzill 134308
    if [ ! -r /${INSTALL_DIR}/misc/hbahost_lock.sem ]; then
        touch /${INSTALL_DIR}/misc/hbahost_lock.sem
    fi   
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
 
    # If Dump doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/Dump ]; then
        mkdir -p /${INSTALL_DIR}/Dump
    fi
    /usr/bin/chmod  A+group:ocmadmin:rwx:allow       /${INSTALL_DIR}/Dump > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rwx:allow  /${INSTALL_DIR}/Dump > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rwx:allow        /${INSTALL_DIR}/Dump > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rwx:allow   /${INSTALL_DIR}/Dump > /dev/null 2>&1

    /usr/bin/chmod  A+group:ocmadmin:rw:allow /etc/emulexDiscConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow /etc/emulexRMConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow /etc/emulexRMOptions > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmadmin:rw:allow /etc/emulexRMPref > /dev/null 2>&1

    /usr/bin/chmod  A+group:ocmlocaladmin:rw:allow /etc/emulexDiscConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rw:allow /etc/emulexRMConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rw:allow /etc/emulexRMOptions > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rw:allow /etc/emulexRMPref > /dev/null 2>&1

    /usr/bin/chmod  A+group:ocmuser:rw:allow /etc/emulexDiscConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rw:allow /etc/emulexRMConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rw:allow /etc/emulexRMOptions > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmuser:rw:allow /etc/emulexRMPref > /dev/null 2>&1

    /usr/bin/chmod  A+group:ocmlocaluser:rw:allow /etc/emulexDiscConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rw:allow /etc/emulexRMConfig > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rw:allow /etc/emulexRMOptions > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rw:allow /etc/emulexRMPref > /dev/null 2>&1
    
    /usr/bin/chmod  A+group:ocmadmin:rx:allow       /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaladmin:rx:allow  /${INSTALL_DIR}/ocmanager > /dev/null 2>&1 
    /usr/bin/chmod  A+group:ocmuser:rx:allow        /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    /usr/bin/chmod  A+group:ocmlocaluser:rx:allow   /${INSTALL_DIR}/ocmanager > /dev/null 2>&1

    /usr/bin/chmod -R  A+group:ocmadmin:rx:allow      /${INSTALL_DIR}/jre > /dev/null 2>&1
    /usr/bin/chmod -R  A+group:ocmlocaladmin:rx:allow /${INSTALL_DIR}/jre > /dev/null 2>&1
    /usr/bin/chmod -R  A+group:ocmuser:rx:allow       /${INSTALL_DIR}/jre > /dev/null 2>&1
    /usr/bin/chmod -R  A+group:ocmlocaluser:rx:allow  /${INSTALL_DIR}/jre > /dev/null 2>&1
    
    # If config doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/config ]; then
        mkdir -p /${INSTALL_DIR}/config
    fi
    /usr/bin/chmod -R A+group:ocmadmin:rw:allow       /${INSTALL_DIR}/config > /dev/null 2>&1
    /usr/bin/chmod -R A+group:ocmlocaladmin:rw:allow  /${INSTALL_DIR}/config > /dev/null 2>&1
    /usr/bin/chmod -R A+group:ocmuser:rw:allow        /${INSTALL_DIR}/config > /dev/null 2>&1
    /usr/bin/chmod -R A+group:ocmlocaluser:rw:allow   /${INSTALL_DIR}/config > /dev/null 2>&1
}

remove_group_privileges_zfs()
{
    /usr/bin/chmod -f A-  /${INSTALL_DIR} > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/hbacmd > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/rm.log > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/cnaboardmgmt.log > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/RMRepository > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/misc > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/Dump > /dev/null 2>&1
    /usr/bin/chmod -f A-  /etc/emulexRMPref > /dev/null 2>&1
    /usr/bin/chmod -f A-  /etc/emulexRMPref > /dev/null 2>&1
    /usr/bin/chmod -f A-  /etc/emulexRMPref > /dev/null 2>&1
    /usr/bin/chmod -f A-  /etc/emulexRMPref > /dev/null 2>&1
    /usr/bin/chmod -f A-  /${INSTALL_DIR}/ocmanager > /dev/null 2>&1
    /usr/bin/chmod -fR A- /${INSTALL_DIR}/jre > /dev/null 2>&1	
    /usr/bin/chmod -fR A- /${INSTALL_DIR}/config > /dev/null 2>&1	
}

add_group_privileges_linux()
{
    # Some files may or may not exist yet. Create them so we can set the privileges.
    // This file should not be here!
    touch /etc/emulexRMPref

    setfacl -m g:ocmadmin:rwx      /${INSTALL_DIR} 
    setfacl -m g:ocmlocaladmin:rwx /${INSTALL_DIR}
    setfacl -m g:ocmuser:rwx       /${INSTALL_DIR}
    setfacl -m g:ocmlocaluser:rwx  /${INSTALL_DIR}
    
    setfacl -m g:ocmadmin:rx      /${INSTALL_DIR}/hbacmd
    setfacl -m g:ocmlocaladmin:rx /${INSTALL_DIR}/hbacmd
    setfacl -m g:ocmuser:rx       /${INSTALL_DIR}/hbacmd
    setfacl -m g:ocmlocaluser:rx  /${INSTALL_DIR}/hbacmd
    
    setfacl -m g:ocmadmin:rx      /${INSTALL_DIR}/convert_conf_file 
    setfacl -m g:ocmlocaladmin:rx /${INSTALL_DIR}/convert_conf_file 
    setfacl -m g:ocmuser:rx       /${INSTALL_DIR}/convert_conf_file 
    setfacl -m g:ocmlocaluser:rx  /${INSTALL_DIR}/convert_conf_file 
    
    setfacl -m g:ocmadmin:rwx      /${INSTALL_DIR}/RMRepository
    setfacl -m g:ocmlocaladmin:rwx /${INSTALL_DIR}/RMRepository
    setfacl -m g:ocmuser:rwx       /${INSTALL_DIR}/RMRepository
    setfacl -m g:ocmlocaluser:rwx  /${INSTALL_DIR}/RMRepository
    
    # [Bug 151562] - Update OCM to comply with FHS
    setfacl -m g:ocmadmin:rw      /${CONF_DIR}/rm.conf
    setfacl -m g:ocmlocaladmin:rw /${CONF_DIR}/rm.conf
    setfacl -m g:ocmuser:rw       /${CONF_DIR}/rm.conf
    setfacl -m g:ocmlocaluser:rw  /${CONF_DIR}/rm.conf
    
    setfacl -m g:ocmadmin:rw      /${LOG_DIR}/cnaboardmgmt.log
    setfacl -m g:ocmlocaladmin:rw /${LOG_DIR}/cnaboardmgmt.log
    setfacl -m g:ocmuser:rw       /${LOG_DIR}/cnaboardmgmt.log
    setfacl -m g:ocmlocaluser:rw  /${LOG_DIR}/cnaboardmgmt.log
    
    setfacl -R -m g:ocmadmin:rwx      /${DUMP_DIR}
    setfacl -R -m g:ocmlocaladmin:rwx /${DUMP_DIR}
    setfacl -R -m g:ocmuser:rwx       /${DUMP_DIR}
    setfacl -R -m g:ocmlocaluser:rwx  /${DUMP_DIR}

    setfacl -m g:ocmadmin:rw      /${LOG_DIR}/featuremgmt.log
    setfacl -m g:ocmlocaladmin:rw /${LOG_DIR}/featuremgmt.log
    setfacl -m g:ocmuser:rw       /${LOG_DIR}/featuremgmt.log
    setfacl -m g:ocmlocaluser:rw  /${LOG_DIR}/featuremgmt.log
    
    setfacl -m g:ocmadmin:rw      /${LOG_DIR}/rm.log
    setfacl -m g:ocmlocaladmin:rw /${LOG_DIR}/rm.log
    setfacl -m g:ocmuser:rw       /${LOG_DIR}/rm.log
    setfacl -m g:ocmlocaluser:rw  /${LOG_DIR}/rm.log
    
    setfacl -m g:ocmadmin:rw      /${LOG_DIR}/wwnmgmt.log
    setfacl -m g:ocmlocaladmin:rw /${LOG_DIR}/wwnmgmt.log
    setfacl -m g:ocmuser:rw       /${LOG_DIR}/wwnmgmt.log
    setfacl -m g:ocmlocaluser:rw  /${LOG_DIR}/wwnmgmt.log
    
    # If misc directory doesn't exist yet, create it so we can ensure that
    # the proper privileges are set.
    if [ ! -d /${INSTALL_DIR}/misc ]; then
        mkdir -p /${INSTALL_DIR}/misc
    fi
    setfacl -m g:ocmadmin:rx      /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -m g:ocmlocaladmin:rx /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -m g:ocmuser:rx       /${INSTALL_DIR}/misc > /dev/null 2>&1
    setfacl -m g:ocmlocaluser:rx  /${INSTALL_DIR}/misc > /dev/null 2>&1

    # bugzill 133450
    if [ ! -r /${INSTALL_DIR}/misc/lockFile.sem ]; then
        touch /${INSTALL_DIR}/misc/lockFile.sem
    fi   
    setfacl -m g:ocmadmin:rw      /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -m g:ocmlocaladmin:rw /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -m g:ocmuser:rw       /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1
    setfacl -m g:ocmlocaluser:rw  /${INSTALL_DIR}/misc/lockFile.sem > /dev/null 2>&1

    # bugzill 134308
    if [ ! -r /${INSTALL_DIR}/misc/hbahost_lock.sem ]; then
        touch /${INSTALL_DIR}/misc/hbahost_lock.sem
    fi   
    setfacl -m g:ocmadmin:rw      /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -m g:ocmlocaladmin:rw /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -m g:ocmuser:rw       /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    setfacl -m g:ocmlocaluser:rw  /${INSTALL_DIR}/misc/hbahost_lock.sem > /dev/null 2>&1
    
    setfacl -m g:ocmadmin:rw /etc/emulexDiscConfig
    setfacl -m g:ocmadmin:rw /etc/emulexRMConfig
    setfacl -m g:ocmadmin:rw /etc/emulexRMOptions
    setfacl -m g:ocmadmin:rw /etc/emulexRMPref
    
    setfacl -m g:ocmlocaladmin:rw /etc/emulexDiscConfig
    setfacl -m g:ocmlocaladmin:rw /etc/emulexRMConfig
    setfacl -m g:ocmlocaladmin:rw /etc/emulexRMOptions
    setfacl -m g:ocmlocaladmin:rw /etc/emulexRMPref
    
    setfacl -m g:ocmuser:rw /etc/emulexDiscConfig
    setfacl -m g:ocmuser:rw /etc/emulexRMConfig
    setfacl -m g:ocmuser:rw /etc/emulexRMOptions
    setfacl -m g:ocmuser:rw /etc/emulexRMPref
    
    setfacl -m g:ocmlocaluser:rw /etc/emulexDiscConfig
    setfacl -m g:ocmlocaluser:rw /etc/emulexRMConfig
    setfacl -m g:ocmlocaluser:rw /etc/emulexRMOptions
    setfacl -m g:ocmlocaluser:rw /etc/emulexRMPref

    if [ -r /${INSTALL_DIR}/ocmanager ]; then
        setfacl -m g:ocmadmin:rx      /${INSTALL_DIR}/ocmanager 
        setfacl -m g:ocmlocaladmin:rx /${INSTALL_DIR}/ocmanager 
        setfacl -m g:ocmuser:rx       /${INSTALL_DIR}/ocmanager 
        setfacl -m g:ocmlocaluser:rx  /${INSTALL_DIR}/ocmanager 
    fi
    if [ -d /${INSTALL_DIR}/jre ]; then
        setfacl -R -m g:ocmadmin:rx      /${INSTALL_DIR}/jre
        setfacl -R -m g:ocmlocaladmin:rx /${INSTALL_DIR}/jre
        setfacl -R -m g:ocmuser:rx       /${INSTALL_DIR}/jre
        setfacl -R -m g:ocmlocaluser:rx  /${INSTALL_DIR}/jre
    fi
    if [ -d /${INSTALL_DIR}/config ]; then
        setfacl -m g:ocmadmin:rwx       /${INSTALL_DIR}/config
        setfacl -m g:ocmlocaladmin:rwx  /${INSTALL_DIR}/config
        setfacl -m g:ocmuser:rwx        /${INSTALL_DIR}/config
        setfacl -m g:ocmlocaluser:rwx   /${INSTALL_DIR}/config
        setfacl -m g:ocmadmin:rw        /${INSTALL_DIR}/config/*
        setfacl -m g:ocmlocaladmin:rw   /${INSTALL_DIR}/config/*
        setfacl -m g:ocmuser:rw         /${INSTALL_DIR}/config/*
        setfacl -m g:ocmlocaluser:rw    /${INSTALL_DIR}/config/*    
    fi
}

remove_group_privileges_linux()
{
    setfacl -b /${INSTALL_DIR}
    setfacl -b /${INSTALL_DIR}/hbacmd
    setfacl -b /${INSTALL_DIR}/convert_conf_file 
    setfacl -b /${INSTALL_DIR}/RMRepository
    setfacl -b /etc/emulexDiscConfig
    setfacl -b /etc/emulexRMConfig
    setfacl -b /etc/emulexRMOptions
    setfacl -b /etc/emulexRMPref
    
    if [ -d /${DUMP_DIR} ]; then
        setfacl -R -b /${DUMP_DIR}
    fi
    
    if [ -d /${LOG_DIR} ]; then
        setfacl -R -b /${LOG_DIR}
    fi
    
    if [ -d /${CONFIG_DIR} ]; then
        setfacl -R -b /${CONF_DIR}
    fi
    
    if [ -r /${INSTALL_DIR}/ocmanager ]; then
        setfacl -b /${INSTALL_DIR}/ocmanager 
    fi
    if [ -d /${INSTALL_DIR}/jre ]; then
        setfacl -R -b /${INSTALL_DIR}/jre
    fi
    if [ -d /${INSTALL_DIR}/config ]; then
        setfacl -b /${INSTALL_DIR}/config
        setfacl -b /${INSTALL_DIR}/config/*    
    fi
}

write_configuration_to_file()
{
    # write server remote operation option to config file  
    TF=/etc/emulexRMConfig.tmp
    cat /etc/emulexRMConfig | sed "/RemoteOperation/d" > $TF
    if [ $mode_of_operation -eq 1 ];then
        echo "ServerRemoteOperation:disabled" >> $TF
    else
        echo "ServerRemoteOperation:enabled" >> $TF
    fi
    cp $TF /etc/emulexRMConfig
    rm $TF

    # write client remote operation option to config file  
    TF=/etc/emulexDiscConfig.tmp
    cat /etc/emulexDiscConfig | sed "/RemoteOperation/d" > $TF
    if [ $mode_of_operation -eq 3 ] || [ $mode_of_operation -eq 4 ];then
        echo "ClientRemoteOperation:enabled" >> $TF
    else
        echo "ClientRemoteOperation:disabled" >> $TF
    fi
    cp $TF /etc/emulexDiscConfig
    rm $TF

    # this information only processed when called by install routine
    if [ $install_called -eq 45 ] || [ $install_called -eq 25 ];then
        TF=/etc/emulexDiscConfig.tmp
        cat /etc/emulexDiscConfig | sed "/OperationMode/d" > $TF
        if [ "$change_mode_of_operation" = "y" ];then
            echo "ClientOperationMode:enabled" >> $TF
        else
            echo "ClientOperationMode:locked" >> $TF
        fi
        cp $TF /etc/emulexDiscConfig
        rm $TF
    else
        echo "ClientOperationMode:enabled" >> $TF    
    fi

    # init related flag to same selection
    # commenting out next line as part of fix for CR 29557
    #if [ "$change_mode_of_operation" = "Y" ];then
    TF=/etc/emulexRMOptions.tmp
    cat /etc/emulexRMOptions | sed "/LocalHBAsOnly/d" > $TF
    if [ $mode_of_operation -eq 3 ] || [ $mode_of_operation -eq 4 ];then
        echo "LocalHBAsOnly:false" >> $TF
    else
        echo "LocalHBAsOnly:true" >> $TF
    fi
    cp $TF /etc/emulexRMOptions
    rm $TF
    
    # place user's 'read only' configuration selection into config file
    TF=/etc/emulexDiscConfig.tmp
    cat /etc/emulexDiscConfig | sed "/ClientReadOnlyOperation/d" > $TF
    if [ $read_only_mode_of_operation = "y" ];then    
        echo "ClientReadOnlyOperation:enabled" >> $TF
    else
        echo "ClientReadOnlyOperation:disabled" >> $TF
    fi
    cp $TF /etc/emulexDiscConfig
    rm $TF

    # place 'tcp/ip socket' port number into config file
    TF=/etc/emulexDiscConfig.tmp
    cat /etc/emulexDiscConfig | sed "/TcpSocketPortNumber/d" > $TF
    echo "TcpSocketPortNumber:$socket_port_value" >> $TF
    cp $TF /etc/emulexDiscConfig
    rm $TF

    # place 'ManagementHost' value into config file
    TF=/etc/emulexRMConfig.tmp
    cat /etc/emulexRMConfig | sed "/ManagementHost/d" > $TF
    if [ $management_host_mode = "y" ];then
        echo "ManagementHost:true" >> $TF
    else
        echo "ManagementHost:false" >> $TF
    fi
    cp $TF /etc/emulexRMConfig
    rm $TF

    # place 'SecureManagement' value into config file
    TF=/etc/emulexRMConfig.tmp
    cat /etc/emulexRMConfig | sed "/SecureManagement/d" > $TF
    if [ $secure_management_mode = "s" ];then
        echo "SecureManagement:enabled" >> $TF
    else
        echo "SecureManagement:disabled" >> $TF
    fi
    cp $TF /etc/emulexRMConfig
    rm $TF

    # place management host name or ip address value into config file
    TF=/etc/emulexRMConfig.tmp
    cat /etc/emulexRMConfig | sed "/MngmtHostIpAddress/d" > $TF
    echo "MngmtHostIpAddress:$management_host_address" >> $TF
    cp $TF /etc/emulexRMConfig
    rm $TF

    # place exclusive mgmnt host boolean into config file
    TF=/etc/emulexRMConfig.tmp
    cat /etc/emulexRMConfig | sed "/ExclusiveHostMgmnt/d" > $TF
    if [ $management_host_is_exclusive = "y" ];then
        echo "ExclusiveHostMgmnt:true" >> $TF
    else
        echo "ExclusiveHostMgmnt:false" >> $TF
    fi
    cp $TF /etc/emulexRMConfig
    rm $TF
}


# if OneCommand Manager GUI is running, exit script and request that user stop GUI
#  Get pid of script that started the OneCommand Manager GUI 
script_pid=`ps -eaf | grep ocmanager | grep "/bin/sh" | grep -v grep | head -n 1 | awk '{ print $2 }'`
#  echo "script pid of hbanyware is $script_pid"
if [ "$script_pid" != "" ];then
    gui_pid=`ps -eaf | grep java | grep -v grep | grep "OCManager.jar" | awk '{ print $2 }'`
    if [ "$gui_pid" != "" ];then
        echo "The OneCommand Manager GUI client must be stopped before changing the mode of operation."
        echo "Please exit the GUI application and re-run this script"
        exit
    fi
fi

# if rmiserver (web launch server) is running, exit script and request that user stop weblaunch 
#  Get pid of script that started the OneCommand Manager GUI
if [ "$platform_os" = "Linux" ];then
    rmiserver_pid=`ps -eaf | grep rmiserver.jar | grep -v grep | awk '{ print $2 }'`
else
    rmiserver_pid=`ps -eaf | grep ELXocm/jre/bin/java | grep rmi.server | grep HBAnyware | grep -v grep | awk '{ print $2 }' | sort -n | head -n 1`
fi
if [ "$rmiserver_pid" != "" ];then
    echo "This script should not be run while the OneCommand Manager Web Launch service is"
    echo "running.  Please execute the command 'stop_weblaunch', then re-run this script."
    echo "Note: Stopping the OneCommand Manager Web Launch service while remote OneCommand"
    echo "Manager Web Launch clients are running will cause those clients to abort.  It is"
    echo "therefore recommended that all remote Web Launch clients be stopped before"
    echo "terminating the Web Launch service.  After you are done changing the operating"
    echo "mode, you may restart the Web Launch service via the command 'start_weblaunch'."
    exit
fi

# first stop two daemons
echo
echo "Stopping OneCommand Manager daemons ..."
/${INSTALL_DIR}/stop_ocmanager > /dev/null 2>&1
echo

if [ -z $install_called ]; then
    install_called=0
fi

if [ "$platform_os" = "Linux" ];then
    # On Linux, only prompt for secure management mode during installation.
    if [ $install_called -eq 0 ] || [ $install_called -eq 25 ];then
        question_secure_management_mode
    fi
    
    if [ "$secure_management_mode" = "s" ];then
        # Check for the four OCM groups.
        local_ocm_groups=0
        for group in "ocmlocaluser" "ocmuser" "ocmlocaladmin" "ocmadmin"; do
            found_group=`getent group | grep -ic $group`
            local_ocm_groups=`expr $local_ocm_groups + $found_group`
            if [ $found_group -eq 0 ]; then
                undefined_groups="${undefined_groups} ${group}"
            fi
        done
   
        # Return an error if none of the four OCM groups was found and exit script.
        if [ $local_ocm_groups -eq 0 ]; then
            echo
            echo "Error: Attempting to enable secure management feature"
            echo "       but no OCM groups are configured on this machine"
            echo "       (the output of 'getent group' command does not" 
            echo "       show any OCM groups configured)"
            echo
            echo "Reinstall without selecting OCM 'secure management' feature" 
            echo "or else configure OCM secure management groups on machine"
            echo
            exit 1
        fi
    fi    
else
    # On Solaris, always prompt for secure management mode.
    question_secure_management_mode
    
    # If security has been enabled, make sure at least one of the OCM groups
    # is defined on this system.  Otherwise, proper security settings cannot 
    # cannot be applied during install.
    if [ "$secure_management_mode" = "s" ];then
        # Check for the four OCM groups.
        local_ocm_groups=0
        for group in "ocmlocaluser" "ocmuser" "ocmlocaladmin" "ocmadmin"; do
            found_group=`getent group | grep -ic $group`
            local_ocm_groups=`expr $local_ocm_groups + $found_group`
            if [ $found_group -eq 0 ]; then
                undefined_groups="${undefined_groups} ${group}"
            fi
        done
   
        # Return an error if none of the four OCM groups was found and exit script.
        if [ $local_ocm_groups -eq 0 ]; then
            echo ""
            echo "ERROR: Attempting to enable the Secure Management feature, but no OCM"
            echo "       groups are configured on this machine (the output of"
            echo "       'getent group' command does not show any OCM groups configured)."
            echo
            echo "Rerun without enabling the OCM 'Secure Management' feature or else"
            echo "configure OCM Secure Management groups on this machine."        
            echo ""
            exit 1
        fi
    fi
fi

if [ "$secure_management_mode" != "s" ];then

    question_management_mode

    # obtain user selection for 'read only' mode
    if [ "$mode_of_operation" != "1" ] && [ "$mode_of_operation" != "4" ];then
        question_read_only
    fi

    # If called by installation routine on solaris; ask this question. Never ask on
    # Solaris since set_operating_mode is not called during installation.
    if [ $install_called -eq 45 ] || [ $install_called -eq 25 ];then
        question_change_management_mode
    fi
fi

# Add or remove group privileges based on Secure Management selection.
if [ "$platform_os" = "SunOS" ];then
    if [ "$secure_management_mode" = "s" ];then
        # Secure Management has been enabled. Add group privileges on the necessary files.
        if [ `/usr/bin/df -n | grep -w / | awk '{ print $3 }'` = "ufs" ]; then 
            # UFS filesystem
            add_group_privileges_ufs
        else
            # ZFS filesystem
            add_group_privileges_zfs
        fi
        
        # Warn the user that if any of the 4 OCM groups are not currently defined, they
        # will not be given access privileges and if the group is added later, it will
        # not have privileges. 
        if [ "$undefined_groups" != "" ]; then
            echo ""
            echo "WARNING: The following OCM groups are not currently defined on this system"
            echo "and could not be granted access privileges. If these groups are added at a"
            echo "later time, run /${INSTALL_DIR}/set_operating_mode or reinstall to grant"
            echo "them privileges:"
            echo ""
            for group in $undefined_groups; do
                echo "  ${group}"
            done
        fi        
    else
        # Secure Management has been disabled. Remove group privileges on the necessary files.    
        if [ `/usr/bin/df -n | grep -w / | awk '{ print $3 }'` = "ufs" ]; then 
            # UFS filesystem
            remove_group_privileges_ufs
        else
            # ZFS filesystem
            remove_group_privileges_zfs
        fi
    fi
fi

if [ "$platform_os" = "Linux" ];then
    if [ $secure_management_mode = "s" ];then
        # Secure Management has been enabled. Add group privileges on the necessary files.
        if [ $install_called -eq 0 ];then
            # if called directly by user, set file permission
            add_group_privileges_linux > /dev/null 2>&1
            # Warn the user that if any of the 4 OCM groups are not currently defined, they
            # will not be given access privileges and if the group is added later, it will
            # not have privileges. 
            if [ "$undefined_groups" != "" ]; then
                echo ""
                echo "WARNING: The following OCM groups are not currently defined on this system"
                echo "and could not be granted access privileges. If these groups are added at a"
                echo "later time, run /${INSTALL_DIR}/set_operating_mode or reinstall to grant"
                echo "them privileges:"
                echo ""
                for group in $undefined_groups; do
                    echo "  ${group}"
                done
            fi  
        fi
    else
        # Secure Management has been disabled. Remove group privileges on the necessary files.
        if [ $install_called -eq 0 ];then
            # if called directly by user, set file permission
            remove_group_privileges_linux > /dev/null 2>&1
        fi
    fi
fi

write_configuration_to_file

# added next lines as part of fix for CR 29557
# discovery daemon was intermittently not reporting to gui when 'local only'
# or 'managed only' modes were selected, restarting daemon fixed problem
echo
#echo "Stopping OneCommand Manager daemons ..."
#/${INSTALL_DIR}/stop_ocmanager 
echo

# remote server daemon is ALWAYS started (for 'dump' and such)
if [ -x "/${INSTALL_DIR}/elxhbamgrd" ]; then
   /${INSTALL_DIR}/start_ocmanager > /dev/null 2>&1
fi

# FC authentication daemon is started by start_ocmanager script
# fibre channel authentication daemon is ALWAYS started
#if [ -x "/etc/init.d/fcauthd" ]; then
#   /etc/init.d/fcauthd start 1>/dev/null
#fi
