DOC HOME
SITE MAP
MAN PAGES
GNU INFO
SEARCH
PRINT BOOK
System Administration Guide
About this book
How this book is organized
C2 security documentation requirements
How can we improve this book?
Administering user accounts
The Account Manager interface
Authorization
About default selections
Adding and modifying user accounts
Using account templates
Removing or retiring a user account
Reactivating a retired user account
Setting and changing user and group IDs (UID/GID)
Changing ownership of files with an obsolete UID/GID
Changing user login groups
Changing a user's group membership
Changing user login shells
Login shells
Restricted shells
Changing user home directories
Changing user type
Changing user priority
Adding and modifying default environment files
Managing groups
About groups
Adding or modifying a group
Removing a group
Setting the group ID for file creation in a directory
Changing the limit on simultaneous group membership
Managing passwords
Setting or changing a user password
Controlling password expiration
Controlling password selection
Allowing accounts without passwords
Preventing users from changing their passwords
Allowing users to generate passwords
Restricting password obviousness
Customizing password checking
Setting password length
Setting passwords for dial-in lines
Setting login restrictions
Setting login restrictions on accounts
Setting login restrictions on terminals
Locking or unlocking a user account
Locking or unlocking a terminal
Assigning user powers
Assigning subsystem authorizations
Primary authorizations
Secondary authorizations
Changing system privileges
System privileges and authorizations
Allowing users to skip login messages
Allowing users to execute superuser commands
Accessing other accounts with su(C)
Logging su(C) usage
Controlling the use of job scheduling commands
Changing the default permissions for job scheduling
Changing the job scheduling permissions for a user
Using environment files for the at or batch commands
Changing the system security profile
Security profiles
Understanding account database files
Configuring database precedence and recovery
Editing the /etc/passwd file
Configuring the shadow password file
Copying user accounts
Copying user accounts to non-SCO OpenServer systems
Copying user accounts from SCO XENIX or non-SCO OpenServer systems
Password compatibility across UNIX systems
Troubleshooting the Account Manager
Illegal specification for a user or group attribute
Remote administration problem
Missing or corrupted database files
Administering filesystems
The Filesystem Manager interface
Authorization
About filesystems
Filesystem types
Adding support for different filesystem types
Adding and removing mount configuration
Modifying filesystem mount configuration
Modifying HTFS, EAFS, AFS, and S51K root filesystem mount configuration
Modifying DTFS root filesystem mount configuration
Enabling users to mount filesystems
Filesystem mount options (HTFS, EAFS, AFS, S51K)
Mounting as a temporary filesystem
Checkpointing your filesystem
Logging filesystem transactions
Versioning filesystems (undelete)
Filesystem mount options (DTFS)
Data compression
Forced data writes to disk
Filesystem mount options (High Sierra and ISO9660)
Filesystem mount options (Rockridge)
Filesystem mount options (DOS)
Mounting and unmounting filesystems
About mounting DOS filesystems
DOS filesystems and access permissions
DOS filesystem limitations
Creating filesystems on floppy disks
Checking and repairing filesystems
Check and repair options
Filesystem check phases (HTFS, EAFS, AFS, S51K)
Filesystem check phases (DTFS)
How UNIX systems maintain files and filesystems
Maintaining free space in filesystems
Displaying filesystem and directory usage statistics
Locating files
Finding temporary files
Executing commands based on find output
Checking and clearing system log files
Using the
System Logs Manager
Clearing system log files from the command line
Clearing log files automatically
Adding disk space and restructuring filesystems
Moving a subdirectory to another filesystem using symbolic links
Maintaining filesystem efficiency
Reducing disk fragmentation
Monitoring and limiting directory sizes
Removing empty directory slots
Out of inodes on filesystem
Troubleshooting the Filesystem Manager
Remote administration problem
Missing or corrupted database files
Backing up filesystems
The Backup Manager interface
Authorization
About backups
About media devices
About block and volume sizes
Preparing media for backups
Running scheduled backups
Maintaining backup archives and records
Labeling backups
Keeping a backup log book
Rotating and archiving backup media
Removing file lists from the backup history
Verifying backups
Performing unattended backups
Running unscheduled filesystem backups
Running unscheduled backups of other remote filesystems
Adding, modifying, and removing filesystem backup schedules
Modifying scheduled filesystem backup options
About the backup schedule
Understanding incremental backups
Adding remote filesystems to the backup schedule
Establishing backup user equivalence
Examining the backup history
About the backup history
Browsing backup file lists
Examining the contents of a backup
Restoring a scheduled filesystem backup
How backups restore complete filesystems
Restoring files from a scheduled filesystem backup
Restoring files or directories from backup media
Selecting directories or files to restore
Specifying the Backup Manager default values
Setting the default backup device
Setting the default media values
Using the command line to create and restore backups
Troubleshooting the Backup Manager
Remote administration problem
Missing or corrupted database files
Managing printers and print jobs
The Printer Manager interface
Adding local printers
Duplicating a local printer
Connecting to remote UNIX system printers
Configuring Hewlett-Packard network printers and print services
Setting up a BOOTP server
Configuring hosts to use an HP network printer
Performing maintenance with the HP Network Printer Manager
Configuring an UUCP dialup printer
Removing local or remote printers
Servicing printers and print services
Enabling and disabling printers
Accepting or rejecting print jobs
Starting and stopping the print services
Changing printer names and connections
Specifying the system default printer
Modifying printer creation defaults
About printer device connections
About serial communication parameters
Controlling access to printers
About printer classes
Grouping printers into a class
About the print service
Overview of print request processing
About the print request log
Print service command summary
Managing print jobs
The Print Job Manager interface
Selecting and deselecting multiple jobs
Viewing jobs in the print queue
Deleting print jobs
Holding and resuming print jobs
Transferring a job to another printer
Moving jobs to the top of the queue
Setting print queue priorities
Setting the priority level for a print job
Setting individual and default priority limits
Setting the default priority level
Customizing printer configuration
Setting default printer page size and spacing
Bypassing the spooler
Specifying the number of banners
About printer interface scripts
Creating printer interface scripts
Setting up printer interface scripts
Adding a new printer manually
Adding a printer entry to the terminfo database
Creating and using printer forms
Mounting and unmounting forms
Creating and using printer filters
About content types
Detecting printer fault indicators with filters
Font cartridges, character sets, print wheels
Specifying character sets
Specifying font cartridges to use with a printer
Setting up printer fault alerts
Specifying the print fault recovery method
Alerting to mount forms and font cartridges
Setting up a printer with multiple names
Attaching a printer to a serial terminal
Handling different stty settings
Configuring a spooled local terminal printer
Initializing parallel printers with an init device file
Customizing the toolbar
Troubleshooting the Printer Manager
Remote administration problem
Transferring jobs between printers
Missing or corrupted database files
Troubleshooting the print system
lpsched print scheduler is not running
Printer does not print
Cannot redirect output to printer
Port does not respond
Printer output is illegible
Printer output spacing is wrong
Parallel printer is slow
Setting up polling
Changing the MODE_SELECT kernel parameter
Printer reports UUCP errors
Maintaining system security
Understanding system security
Physical security
Trusted system concepts
Trusted computing base
Accountability
Discretionary access control
Object reuse
Authorizations and privileges
Identification and authentication (I&A)
Auditing
Protected subsystems
Security in a networked environment
Network Information Service
The graphical environment
Network mail
Administering a trusted system
Assigning administrative roles and system privileges
Controlling system access
Password restrictions
Terminal use restrictions
Login restrictions
Logging out idle users (non-graphical sessions only)
Restricting root logins to a specific device
Using auditing on your system
Protecting the data on your system
SUID/SGID bits and security
SUID, SGID, and sticky bit clearing on writes
The sticky bit and directories
Data encryption
Imported data
Imported files
Imported filesystems
Terminal escape sequences
Creating account and login activity reports
Reporting password status
Creating an account summary
Reporting terminal access status
Reporting user login activity
Reporting terminal login activity
Logging unsuccessful login attempts
Detecting system tampering
Stolen passwords
Abuse of system privileges
Unsupervised physical access to the computer
Dealing with filesystem and database corruption
The authentication database files
Checking the system after a crash
Using the override terminal
Automatic database checking and recovery: tcbck(ADM)
Database consistency checking: authck(ADM) and addxusers(ADM)
Creating UNIX system and TCB account database reports
System file integrity checking: integrity(ADM)
System file permission repair: fixmog(ADM)
Understanding how trusted features affect programs
LUID enforcement
stopio(S) on devices
Privileges
Sticky directories
Disabling C2 features
Troubleshooting system security
Account is disabled -- see Account Administrator
Account is disabled but console login is allowed Terminal is disabled but root login is allowed
Audit: filesystem is getting full
Authentication database contains an inconsistency
Can't rewrite terminal control entry for tty Authentication error; see Account Administrator
Cannot access terminal control database entry
Cannot obtain database information on this terminal
Login incorrect
login: resource Authorization name file could not be allocated due to: cannot open;
Terminal is disabled -- see Account Administrator
You do not have authorization to run ...
Unable to remove files
Using the Audit Manager
Understanding the audit subsystem
Audit subsystem components
Kernel audit mechanism
Audit device driver
Audit compaction daemon
Audit Manager interface
Data reduction and analysis facility
Audit methodology
Audit privileges
Audit record sources
Accountability for audit
Audit event types
System audit event mask
User-specific and process event masks
Guidelines for effective system auditing
Performance goals
Reliability goals
Security goals
Administrative concerns
Collecting audit data
Choosing audit events
Auditing individual users and groups
Displaying current audit statistics
Enabling and disabling auditing
Maintaining audit trail continuity
Adjusting audit performance parameters
Managing audit files and directories
Listing audit sessions
Backing up audit files
Restoring audit files
Deleting audit files
Monitoring disk space consumption
Maintaining collection directories
Listing collection directories
Creating a collection directory
Deleting a collection directory
Adding a collection directory entry
Removing a collection directory entry
Generating audit reports
Creating or modifying a report template
Viewing a report template
Listing report templates
Removing report templates
Running an audit report
Example report and template
Understanding audit reports
System call record formats
Application audit records
Login/Logoff record
User password record
Protected database record
Audit subsystem record
Protected subsystem record
Terminal and user account record
Extending auditing capabilities to users
Connecting to other computers with UUCP
Setting up a simple UUCP connection
Testing the UUCP connection
Changing the system name
Configuring UUCP
Setting up maintenance scripts
Setting up polling
Creating login accounts for sites dialing in
Adding entries for remote sites to the Systems file
Creating login scripts
Specifying dial-up parameters with the Devices file
The speed field
Limiting access with the Permissions file
How UUCP works
A sample UUCP transaction
How a UUCP transmission proceeds
Advanced UUCP configuration
Defining a communications protocol
Creating a portable UUCP Systems file
Specifying alternate UUCP configuration files
Preventing unknown sites from logging in
Configuring UUCP for 7-bit systems
Connecting two local systems using a direct wire
Troubleshooting UUCP
Checking for a faulty ACU or modem
Errors when testing the connection with cu
Connect failed: CANNOT ACCESS DEVICE
Common ``UUCP failed'' messages
Checking the status of a UUCP request
Alarms in UUCP audit output, data is not transferring
Generating log reports on usage: uulog
Common UUCP log and status file messages
DEVICE LOCKED
Common UUCP error messages
UUCP STATUS error messages
Checking UUCP files and permissions settings
Verifying that your site name is unique
UUCP truncates system names to seven characters
What to check if UUCP is abnormally slow
What to do if UUCP works, but uux does not
UUCP troubleshooting utilities
The UUCP spool directory contents
Administering virtual disks
About virtual disks
Disk arrays and data striping
Hot spares
Clusters
RAID
Redundancy and parity
Virtual disk types
Simple disk
Concatenated disk
Striped array (RAID 0)
Mirrored disk (RAID 1)
Block-interleaved undistributed parity array (RAID 4)
Block-interleaved distributed parity array (RAID 5)
Striped, mirrored array (RAID 10)
Striped array of arrays (RAID 53)
How configuration information is stored
Planning your system layout with virtual disks
Application and filesystem requirements
Distribution of I/O
Performance and reliability requirements
Planning for increased reliability
The Virtual Disk Manager interface
Adding virtual disks
Allocating or modifying disk pieces
Creating nested virtual disks
Adding a configuration backup
Mirroring boot, swap, and root onto virtual disks
Adding hot spares to virtual disks
Setting virtual disk defaults
Creating additional virtual disk nodes
Creating a RAID 10 virtual disk array
Creating a RAID 53 virtual disk array
Modifying virtual disks
Examining the current configuration
Deleting virtual disks
Creating filesystems on virtual disks
Converting filesystems to virtual disks
Tuning the performance of virtual disks
Monitoring virtual disk performance
Troubleshooting virtual disks
Disabling and re-enabling virtual disks
Forcing virtual disks online
Checking and restoring parity data
Repairing a failed drive
Possible problems
Invalid timestamp on root device mirror
Mirror root failure
Offline disk array
Kernel virtual memory shortage
Warning messages
Notice messages
Customizing UNIX system startup
Changing the /etc/inittab file
Changing scripts in /etc/rc2.d
Starting daemons on a trusted system
Daemons that must run without an LUID
Modifying .profile and .login files
Changing the /etc/motd file
Other message files
Using the system console and non-graphical displays
Using multiscreens
Reducing the number of multiscreens
Multiscreens and multiple video adapters
Using the console screen protection feature
Changing non-graphical video fonts
Controlling non-graphical color displays with setcolor
Changing the foreground and background colors
Changing reverse video colors
Changing the screen border color
Sounding the keyboard bell
Resetting the screen
Setting the console keyboard type
Switching keyboard modes manually
Changing modes permanently
Using serial multiscreens with mscreen
Adding pseudo-ttys
mscreen troubleshooting
Advanced mscreen configuration
UNIX directories and special device files
The root directory
The /bin directory
The /dev directory
The /etc directory
The /lib directory
The /mnt directory
The /opt directory
The /shlib directory
The /usr directory
The /stand directory
The /tcb directory
The /tmp directory
The /var directory
Using the crash(ADM) diagnostic tool
Running the crash command
Defining the default dump device
Examples of using crash
Examining processes
Examining the process table
Examining the u-area of a process
Finding out which files a process has open
Determining the size of a process
Finding regions shared by processes
Finding the largest processes on a system
Examining kernel text
Studying a system panic
panic command
Examining a kernel stack trace
Determining the kernel component that failed
Using strings(C) to find kernel component
Using nm(CP) to find kernel component
Additional help from SCO OpenServer Technical Support
Examining tty and cblock structures
Examining the values of kernel tunable parameters
Monitoring memory allocation
Examining use of STREAMS resources
Translating virtual addresses to physical addresses
Index