tivoli secureway security managerpublib.boulder.ibm.com/tividd/td/security/gc32... · ¶ tivoli...

Tivoli SecureWay SecurityManagerReference Manual for TACFVersion 3.7

Tivoli SecureWay Security Manager Reference Manual for TACF (November 2000)

Copyright Notice

© Copyright IBM Corporation 2000 All rights reserved. May only be used pursuant to a TivoliSystems Software License Agreement, an IBM Software License Agreement, or Addendum forTivoli Products to IBM Customer or License Agreement. No part of this publication may bereproduced, transmitted, transcribed, stored in a retrieval system, or translated into any computerlanguage, in any form or by any means, electronic, mechanical, magnetic, optical, chemical,manual, or otherwise, without prior written permission of IBM Corporation. IBM Corporationgrants you limited permission to make hardcopy or other reproductions of any machine-readabledocumentation for your own use, provided that each such reproduction shall carry the IBMCorporation copyright notice. No other rights under copyright are granted without prior writtenpermission of IBM Corporation. The document is not intended for production and is furnished“as is” without warranty of any kind. All warranties on this document are hereby disclaimed,including the warranties of merchantability and fitness for a particular purpose.

U.S. Government Users Restricted Rights-Use, duplication or disclosure restricted by GSA ADPSchedule Contract with IBM Corporation.

Trademarks

IBM, the IBM logo, Tivoli, the Tivoli logo, AIX, AS/400, Cross-Site, NetView, OS/2, OS/390,OS/400, Policy Director, RACF, RS/6000, S/390, Tivoli Certified, Tivoli Enterprise, TivoliReady, and TME are trademarks or registered trademarks of International Business MachinesCorporation or Tivoli Systems Inc. in the United States, other countries, or both.

Lotus is a registered trademark of Lotus Development Corporation.

Microsoft, Windows, Windows NT, Windows 2000, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the UnitedStates, other countries, or both.

Novell, NetWare, NetWare Directory Services, and NDS are trademarks of Novell, Inc.

TACF Copyright © 1993-2000 by MEMCO Software Ltd., U.S. patent pending. All rightsreserved.

Other company, product, and service names may be trademarks or service marks of others.Notices

References in this publication to Tivoli Systems or IBM products, programs, or services do notimply that they will be available in all countries in which Tivoli Systems or IBM operates. Anyreference to these products, programs, or services is not intended to imply that only TivoliSystems or IBM products, programs, or services can be used. Subject to valid intellectualproperty or other legally protectable right of Tivoli Systems or IBM, any functionally equivalentproduct, program, or service can be used instead of the referenced product, program, or service.The evaluation and verification of operation in conjunction with other products, except thoseexpressly designated by Tivoli Systems or IBM, are the responsibility of the user. Tivoli Systemsor IBM may have patents or pending patent applications covering subject matter in thisdocument. The furnishing of this document does not give you any license to these patents. Youcan send license inquiries, in writing, to the IBM Director of Licensing, IBM Corporation, NorthCastle Drive, Armonk, New York 10504-1785, U.S.A.

Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiiiWho Should Read This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

Prerequisite and Related Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii

What This Guide Contains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Conventions Used in This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv

Platform-specific Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv

Contacting Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi

Platform-specific Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi

Other Info for Your Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii

Accessing Publications Online . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii

Ordering Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix

Providing Feedback about Publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx

Contacting Customer Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx

Chapter 1. TACF Command Language . . . . . . . . . . . . . . . . . . . 1TACF Commands by Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

Resource Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

Miscellaneous Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

How to Use the TACF Command Language . . . . . . . . . . . . . . . . . . . . . . . . . 4

TACF Command Shell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4

TACF Command Line Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

authorize . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

authorize– . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

iiiTivoli SecureWay Security Manager Reference Manual for TACF

Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

checklogin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

chfile or editfile or newfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

chgrp or editgrp or newgrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

chres or editres or newres . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42

chusr or editusr or newusr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55

environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71

find. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72

help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74

history. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

join– . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82

rename . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84

rmfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85

rmgrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86

rmres . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88

rmusr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

ruler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92

setoptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94

showfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

showgrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

showres . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105

showusr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

unalias. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

iv Version 3.7

Chapter 2. TACF Commands in the UNIXEnvironment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

Commands by Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

User Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Group Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

File Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112

Miscellaneous Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Working in the UNIX Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113

Changing to the UNIX Environment . . . . . . . . . . . . . . . . . . . . . . . . . 113

Getting Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Setting the System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114

Command Line Syntax for UNIX. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116

chfile or editfile. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

chgrp or editgrp or newgrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

chusr or editusr or newusr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124

find . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

help. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127

history. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130

join– . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132

rmgrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134

rmusr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135

showfile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

showgrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137

showusr. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

Chapter 3. TACF Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

vTivoli SecureWay Security Manager Reference Manual for TACF

TACF Utilities by Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

User Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Administration Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140

Installation Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Support Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141

Password Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

dbdump or rdbdump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

dbutil . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146

issec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148

S58SEOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149

S68SEOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

seagent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151

seaudit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153

sebuildla . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

sechkey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171

seclassadm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173

secompas. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176

secons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

secredb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184

secrepsw . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185

sedbpchk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

sedb2scr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188

seerrlog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

segrace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192

sehostinf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

seini . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195

vi Version 3.7

selang . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

seload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

selogrcd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207

selogrd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

semigrate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

semsgtool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228

senable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

senone. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233

SEOS_load . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235

SEOS_syscall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236

seosd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237

seoswd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249

sepass . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

sepropadm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259

sepurgdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261

sereport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

seretrust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268

serevu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

sesu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

sesudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282

seuidpgm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288

seversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292

sewhoami . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

UxImport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

Chapter 4. TACF Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Database Properties by TACF Class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299

viiTivoli SecureWay Security Manager Reference Manual for TACF

ADMIN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

CATEGORY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302

CONNECT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303

FILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305

GFILE. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

GHOST. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

GROUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312

GSUDO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316

GTERMINAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317

LIDAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

HOST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

HOSTNET . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323

HOSTNP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

LOGINAPPL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327

PROCESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332

PROGRAM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336

SECFILE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340

SECLABEL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

SEOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

SPECIALPGM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346

SUDO. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348

SURROGATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

TCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354

TERMINAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

UACC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360

USER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

Chapter 5. TACF Status Codes . . . . . . . . . . . . . . . . . . . . . . . . . 369Stage Codes for Login Interception . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369

Stage Codes for General Resource Checks . . . . . . . . . . . . . . . . . . . . . . . . . 370

viii Version 3.7

Stage Codes for _default Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

Class SURROGATE Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Class INET Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372

Class PROGRAM Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374

Reason Codes That Specify Why a Log Record Was Created . . . . . . . . . . . 374

Watchdog Untrust Logging Reasons. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Password Quality Return Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375

Codes Received After Performing a TACF Command. . . . . . . . . . . . . . . . . 376

Chapter 6. TACF Trace Messages . . . . . . . . . . . . . . . . . . . . . . 379Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379

Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380

Chapter 7. The seos.ini File . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

ldap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

lang. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410

logmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412

message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414

pam_seos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

passwd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415

segrace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

selogrd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

seos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420

seosd. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421

seosdb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 428

seoswd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429

serevu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 430

ixTivoli SecureWay Security Manager Reference Manual for TACF

sesu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431

sesudo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432

Chapter 8. The lang.ini File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433general . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434

history. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434

newres. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

newusr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435

properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

User Defined Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

The Definition Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437

The Tokens File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438

The Attributes File. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439

unix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 440

Chapter 9. String Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441Wildcard Expressions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Wildcard Matching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Character Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441

Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

Appendix A. Improving Performance . . . . . . . . . . . . . . . . . . 445TACF Global Access Check (GAC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445

How Does GAC Work? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446

Implementing GAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Setting Up GAC Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 447

Starting GAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448

GAC Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448

Troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 449

x Version 3.7

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

xiTivoli SecureWay Security Manager Reference Manual for TACF

xii Version 3.7

Preface

The Tivoli SecureWay Security Manager: Reference Manual forTACFdocuments the commands, utilities, and files of the TivoliAccess Control Facility (TACF).

Who Should Read This GuideThe target audience for this guide is system managers who areresponsible for maintaining security in a distributed enterprise. Usersof the guide should have some knowledge of

¶ The UNIX operating system

¶ The Microsoft Windows NT operating system

¶ Basic security principles

Prerequisite and Related DocumentsThe following books accompany the Tivoli SecureWay SecurityManager: Reference Manual for TACF:

¶ Tivoli SecureWay Security Manager User’s Guide

Provides information about using Tivoli SecureWay SecurityManager to provide centralized role-based securityadministration on multiple UNIX platforms and Windows NT.

¶ Tivoli SecureWay Security Manager Programmer’s Guide forTACF

This manual documents TACF commands, utilities, properties,status codes, and trace messages for use on UNIX platforms.

¶ Tivoli Security Management Design Guide

This redbook provides a methodology for designing TivoliSecureWay Security Manager Installations. It shows how todefine what needs protecting, and how to implement the rightlevels of protection management.

xiiiTivoli SecureWay Security Manager Reference Manual for TACF

What This Guide ContainsThe Tivoli SecureWay Security Manager: Reference Manual forTACFcontains the following sections:

¶ TACF Command Language

Provides a detailed reference to the TACF command language.

¶ TACF Commands in the UNIX Environment

Provides a reference to the TACF commands available in theUNIX environment.

¶ TACF Utilities

Provides a complete reference to the TACF utilities.

¶ TACF Properties

Describes every property in every class defined in the database.

¶ TACF Status Codes

Provides detailed information on all status, return, and errorcodes returned by TACF.

¶ TACF Trace Messages

Provides a detailed description of the TACF trace messages.

¶ The seos.ini File

Provides a detailed description of the TACF initialization file,seos.ini.

¶ The lang.ini File

Describes the tokens in the lang.ini file.

¶ String Matching

Describes how TACF performs string matching.

Conventions Used in This GuideThe guide uses several typeface conventions for special terms andactions. These conventions have the following meaning:

Bold Commands, keywords, file names, authorizationroles, URLs, or other information that you must use

xiv Version 3.7

literally appear like this, in bold. Names ofwindows, dialogs, and other controls also appear likethis, in bold.

Italics Variables and values that you must provide appearlike this, in italics. Words and phrases that areemphasized also appear like this, in italics.

Monospace Code examples, output, and system messages appearlike this, in a monospace font.

This guide uses the UNIX convention for specifying environmentvariables and for directory notation. When using the Windows NTcommand line, replace $variable with %variable% for environmentvariables and replace each forward slash (/) with a backslash (\) indirectory paths.

Note: When using the bash shell on a Windows NT system, you canuse the UNIX conventions.

Platform-specific InformationThe following table identifies the Tivoli SecureWay SecurityManager supported platform versions known at the time ofpublication. For more detailed and up-to-date information, please seethe release notes.

Platform Operating Systems

AIX IBM RS/6000 series running AIX 4.2.1, 4.3, 4.3.1, or4.3.2

HP-UX HP9000/700 and 800 series running HP-UX 10.02,HP-UX 11, or HP-UX 11 SP1

Solaris Sun SPARC series running Solaris 2.6 or 7.0

Windows NT IBM-compatible PCs 486 or higher running MicrosoftWindows NT 3.51 SP5+, Windows NT 3.51 SP9, 4.0SP4, 4.0 SP5, or 4.0 SP6

OS/2 IBM-compatible PCs 486 or higher running Warp v3,Warp v4, WSOD r2 v4, WSOD r2 Win32, Aurora

OS/390 IBM S/390 running v1r3, v2r4, v2r5, v2r6, v2r7, or v2r8

xvTivoli SecureWay Security Manager Reference Manual for TACF

Platform Operating Systems

OS/400 IBM AS/400 running v3r2, v4r1, v4r2, v4r3, v4r4,

NetWare A NetWare-compatible system running NetWare 3.12, 3.2,4.1, 4.11, 4.2

Contacting Customer SupportWe are very interested in hearing from you about your experiencewith Tivoli products and documentation. We welcome yoursuggestions for improvements. If you have comments or suggestionsabout this documentation, please send e-mail to [email protected].

If you encounter difficulties with any Tivoli products, you can enterhttp://www.support.tivoli.com to view the Tivoli Support homepage. After you link to and submit the customer registration form,you will be able to access many customer support services on theWeb.

Use the following phone numbers to contact customer support in theUnited States: the Tivoli number is 1-800-848-6548(1-800-TIVOLI8) and the IBM number is 1-800-237-5511. (Press orsay 8 after you reach this number.) Both of these numbers directyour call to the Tivoli Customer Support Call Center.

Platform-specific InformationAttention: The table in this section is an example ofplatform-specific information. Modify this table or create your ownhere.

The following table identifies the supported platform versions knownat the time of publication. For more detailed and up-to-dateinformation, please see the release notes.

xvi Version 3.7

Platform Supported Versions

AIX 4.x Managed Node, Endpoint:

IBM RS/6000 series running AIX, Versions 4.1, 4.2,and 4.3

AS/400 Endpoint:

V3R2, V3R7, V4R1, and V4R2

Digital UNIX Managed Node, Endpoint:

Versions 4.0a and 4.0d.

DG/UX Endpoint:

Versions 4.11 and 4.20 on the ix86 platform

HP-UX Managed Node, Endpoint:

HP9000/700 and 800 series running HP-UX, Versions10.01, 10.10, 10.20 and 11.00

NCR Managed Node, Endpoint:

NCR 3000 series running NCR UNIX SVR4MP-RAS 3.0.1 and 3.0.2

NetWare PC Agent, Endpoint:

IBM-compatible PCs 486 or higher running NovellNetWare, Versions 3.11, 3.12, 4.01, 4.1, and 4.11

OS/2 TME 10 Desktop for Windows, PC Agent, Endpoint:

IBM-compatible PCs 486 or higher running IBMOS/2, Versions 2.0, 2.1,Warp 3.0, and Warp 4.0 withWin-OS/2

Pyramid Endpoint:

Pyramid MIServer-ES, Version 5.4MN

Sequent Managed Node, Endpoint:

Sequent DYNIX/ptx, Releases 4.2.3 and 4.4.2

SCO Managed Node, Endpoint:

SCO UnixWare 7, SCO UnixWare Versions 2.1.1 and2.1.2

xviiTivoli SecureWay Security Manager Reference Manual for TACF

Platform Supported Versions

SGI Managed Node, Endpoint:

SGI IRIX, Versions 6.2 and 6.4

Solaris Managed Node, Endpoint:

Sun SPARC series running Solaris, Versions 2.4, 2.5,2.5.1, and 2.6

Solaris Intel Managed Node, Endpoint:

Solaris2-ix86, Versions 2.5.1 and 2.6

SunOS Managed Node, Endpoint:

Sun SPARC series running SunOS, Versions 4.1.3 and4.1.4

Windows TME 10 Desktop for Windows, PC Agent, Endpoint:

IBM-compatible PCs 486 or higher running MicrosoftWindows, Versions 3.1, 3.11, and Windows 95

Windows NT TME 10 Desktop for Windows, PC Agent, ManagedNode, Endpoint:

IBM-compatible PCs 486 or higher running MicrosoftWindows NT, Versions 3.51 SP5, 4.0, and 4.0 SP3.

Other Info for Your ProductIf you have other product-specific sections to include in preface,include them here.

Accessing Publications OnlineThe Tivoli Customer Support Web site(http://www.tivoli.com/support/) offers a guide to support services(the Customer Support Handbook); frequently asked questions(FAQs); and technical information, including release notes, user’sguides, redbooks, and white papers. You can access Tivolipublications online at http://www.tivoli.com/support/documents/.

xviii Version 3.7

The documentation for some products is available in PDF andHTML formats. Translated documents are also available for someproducts.

To access most of the documentation, you need an ID and apassword. To obtain an ID for use on the support Web site, go tohttp://www.tivoli.com/support/getting/.

Resellers should refer tohttp://www.tivoli.com/support/smb/index.html for moreinformation about obtaining Tivoli technical documentation andsupport.

Business Partners should refer to “Ordering Publications” for moreinformation about obtaining Tivoli technical documentation.

Attention: The following note is an example of exceptionalinformation. If your documentation requires similar, exceptionalinformation, add it in the appropriate section (however, it is likelythat your documentation does not require any additional notes oraddenda). In all instances, remove this Attention element.

Note: For NetView OS/390 customers, additional support is alsoavailable on the NETVIEW CFORUM (Customer Forum)through the IBMLink system. This forum is monitored byNetView developers who answer questions and provideguidance. When a problem with the code is found, you areasked to open an official problem management record (PMR)to get resolution.

Ordering PublicationsOrder Tivoli publications online athttp://www.tivoli.com/support/Prodman/html/pub_order.html orby calling one of the following telephone numbers:

¶ U.S. customers: (800) 879-2755

¶ Canadian customers: (800) 426-4968

xixTivoli SecureWay Security Manager Reference Manual for TACF

Providing Feedback about PublicationsWe are very interested in hearing about your experience with Tivoliproducts and documentation, and we welcome your suggestions forimprovements. If you have comments or suggestions about ourproducts and documentation, contact us in one of the followingways:

¶ Send e-mail to [email protected].

¶ Fill out our customer feedback survey athttp://www.tivoli.com/support/survey/.

Contacting Customer SupportIf you need support for this or any Tivoli product, contact TivoliCustomer Support in one of the following ways:

¶ Submit a problem management record (PMR) electronically fromour Web site at http://www.tivoli.com/support/reporting/. Forinformation about obtaining support through the Tivoli CustomerSupport Web site, go to http://www.tivoli.com/support/getting/.

¶ Submit a PMR electronically through the IBMLink™ system. Forinformation about IBMLink registration and access, refer to theIBM Web page at http://www.ibmlink.ibm.com.

¶ Send e-mail to [email protected].

¶ Customers in the U.S. can call 1-800-TIVOLI8(1-800-848-6548).

¶ Customers outside the U.S. should refer to the Tivoli CustomerSupport Web site athttp://www.tivoli.com/support/locations.html for customersupport telephone numbers.

When you contact Tivoli Customer Support, be prepared to providethe customer number for your company so that support personnelcan assist you more readily.

xx Version 3.7

TACF Command Language

This chapter provides a detailed reference to the TACF commandlanguage. It lists the TACF commands by category, describescommand line syntax, and provides a detailed reference to thecommands, including examples of how to perform commonprocedures. The commands are arranged alphabetically.

TACF Commands by CategoryThis section contains a complete list of TACF commands arrangedby the following categories:

¶ Commands for managing users

¶ Commands for managing groups

¶ Commands for managing resources

¶ Miscellaneous commands

Some commands are listed in more than one category.

User Commands

Command Name Description

authorize Sets the authority a specific user or group haswhen accessing a specific resource.

authorize– Removes the authority previously given to aspecific user or group when accessing a specificresource.

1

1Tivoli SecureWay Security Manager Reference Manual for TACF

1.TA

CF

Co

mm

and

Lan

gu

age


check Determines a user’s access privileges to aparticular resource.

checklogin Determines a user’s login privileges and cancheck the user’s password.

chusr Changes existing user settings in the TACFdatabase.

editusr Adds a new user to or changes an existing userin the TACF database.

join Joins a user to a group or replaces the user’sproperties in a group.

join– Removes a user from a group.

newusr Adds a new user to the TACF database and setsthe user’s access authority.

rmusr Removes users from the TACF database.

showusr Lists the properties of user records in the TACFdatabase.

Group Commands




check Determines a user’s access privileges to aparticular resource.


chgrp Changes existing group settings in the TACFdatabase.

editgrp Adds a new group to or changes an existinggroup in the TACF database.

join Joins a user to a group or replaces the user’sproperties in a group.

2 Version 3.7


join– Removes a user from a group.

newgrp Adds new groups to the TACF database.

rmgrp Removes groups from the TACF database.

showgrp Lists the properties of group records in theTACF database.

Resource Commands




check Allows you to determine if a user has accesspriveleges to a particular resource.


chfile Changes the definition of a file record in theTACF database.

chres Changes existing resource settings in the TACFdatabase.

editfile Adds a new file record or changes an existingfile record.

editres Adds a new resource record or changes anexisting resource record.

newfile Adds new file records to the TACF database.

newres Adds new resources to the TACF database.

rmfile Removes file records from the TACF database.

rmres Removes resources from the TACF database.

showfile Lists the properties of file records in the TACFdatabase.

showres Lists the properties of resource records in theTACF database.

Resource Commands


1.TA

CF

Co

mm

and

Lan

gu

age

Miscellaneous Commands


alias Builds an alias for TACF commands.


chfile Changes the definition of a file record in theTACF database.

environment Sets the security environment to either the TACFor the native UNIX security system.

find Lists the records in a class and displaysclass-based information.

help Displays help text.

history Displays the commands that were issuedpreviously in the session.

hosts Shows the host to which the TACF commandsare sent, or sets the hosts to which allsubsequent commands are sent.

ruler Sets the properties that will be displayed everytime a particular command is executed.

setoptions Sets or displays the global options that controlthe behavior of the TACF database.

source Executes the commands in a particular file.

unalias Removes an alias from the TACF database.

How to Use the TACF Command LanguageTACF provides a command language for manipulating the TACFdatabase. This section introduces you to the TACF commandlanguage.

TACF Command ShellTACF commands can be entered from the following TACF commandshell:

selang The selang utility is a command shell for entering


4 Version 3.7

commands to access and update the TACF database. Typeselang to enter TACF commands interactively using theTACF command language.

Command Line OptionsWhen invoking selang, some of the command line options availableare:

–f fileNameReads the TACF commands from the specified file instead offrom the terminal. The TACF command prompt is notdisplayed; only the command currently being executed isdisplayed.

–d dbdirectorySpecifies the path and name of the database on which selangis to operate.

–l Specifies that selang is to operate on the default database,usually /usr/seos/seosdb. This option is only valid whenseosd is not running.

–o fileNameSpecifies that the output of selang should be written to thespecified file instead of being displayed. Each time selang isinvoked, the file is created again; therefore, if you use thesame file name again in the selang command, you willoverwrite the existing file.

After you enter the selang command shell, the following promptappears:TACF>

After the prompt, you can type a TACF command. Enter only onecommand at a time. Type a backslash (\) at the end of a line tocontinue typing the command on the next line.

The TACF command shell operates on the local TACF database bydefault. To operate on the TACF database of a different host, specifythe hosts command before entering the TACF commands. See“hosts” on page 77 for more information.

How to Use the TACF Command Language


1.TA

CF

Co

mm

and

Lan

gu

age

The TACF command shell supports some common UNIXcommands, allowing you to maintain the UNIX environment fromwithin TACF. See “TACF Commands in the UNIX Environment” onpage 111 for more information.

HelpYou can get help at any time in the interactive TACF commandenvironment.

To obtain TACF online help, type ? or help or help topic, wheretopic is a TACF command or other topic related to the TACFcommand shell.

Note: To display the help text for a command typed in thecommand line without deleting the text in the command line,press the Ctrl+2 key combination.

If you specified a topic, the help text that describes the topic isdisplayed; otherwise, the Help Table of Contents is displayed. Seehelp, on “help” on page 74 for more information.

TACF Command Line SyntaxEach TACF command performs a specific action on the TACFdatabase. The reference pages in this chapter use the following textconventions to define the command syntax.

[ ] Identifies optional arguments. Arguments not enclosed inbrackets are required.

| Indicates mutually exclusive information. You can use theargument to the left of the separator or the argument to theright of the separator. You cannot use both arguments in asingle iteration of the command.

{ } Delimits a set of mutually exclusive arguments when one ofthe arguments is required. If the arguments are optional, theyare enclosed in brackets ([ ]).

Bold Commands, keywords, and other information that you mustuse literally appear in bold.

Command Line Options

6 Version 3.7

Italics Variables, values, and names that you must provide appear initalics.

For example:

{find | f | search | s} [class(className) [objName | \objectNamePattern]]

The command name itself is required: it tells TACF which commandto execute. You can use find or f (or search or s) to invoke the findcommand. The class parameter is optional. When you specify theclass parameter, you must also specify className. Optionally, youcan also specify objName or objNamePattern. You must replaceclassName, objName, and objNamePattern with actual values andnames. Enclose the className argument in parentheses (), as shownin the example.

The brackets ([]), braces ({}), and vertical bar (|) are used only fordescribing command syntax and are not to be typed.

The reference information for each command includes some or all ofthe following sections:

¶ DESCRIPTION: Describes the command and providesinformation about the authorization levels required to run thecommand. The description lists the parameters and argumentsthat can be used.

¶ EXAMPLES: Contains examples on using the command.

¶ SEE ALSO: Refers you to related commands.

Command names are usually followed by one or more parametersthat supply additional information needed to execute the command.Some parameters accept more than one argument. When more thanone argument is specified, separate the arguments with spaces orcommas.

TACF Help


1.TA

CF

Co

mm

and

Lan

gu

age

TACF commands and parameters may be entered in either lowercaseor uppercase, unless otherwise noted. User-supplied information iscase-sensitive and can consist of both lowercase and uppercasecharacters.

Using Wildcards in CommandsIn some cases, you can use an asterisk (*) as an argument, to coverall possible values for that argument. If you use an asterisk, then theasterisk does not override earlier or later commands that givespecific values to the same argument.

If the argument is a file name, you can use a UNIX wildcard as partof a file name pattern. The wildcards are * (meaning “zero or morecharacters”) and ? (meaning “one character”).

Entering Long Command LinesUsually, a command is typed on a single line. Type a backslash (\) atthe end of a line to continue typing the command on the next line.In this book, backslashes are often used to break up long commands;you need not type backslashes exactly where they appear in thisbook.

Command and Parameter Prefixes and AbbreviationsThe TACF command language supports command and parameterprefixes. You need only type those characters required to specify aunique command or parameter; you do not need to type thecommand or parameter name in full. For example, to type theshowusr command, type showu. TACF identifies the command asthe showusr command.

Likewise, every command has an abbreviated form consisting of oneor more characters. For example, instead of typing the showusrcommand in full, you can type su.

TACF Help

8 Version 3.7

aliasCreates an alias for a TACF command.

SYNOPSISalias [aliasName [commandName [parameters]]

DESCRIPTIONThe alias command builds an alias for any TACF command youselect. The alias command can be entered in one of several ways, asdescribed in this section.

Note: The TACF command alias is similar to the alias command incsh and tcsh.

AuthorizationAll users can use this command.

ArgumentsThe alias command without any arguments displays all the aliasescurrently defined to the command shell.

aliasName Specifies the name to assign to the alias. If no otherarguments are specified, TACF displays theinterpretation of aliasName.

commandNameSpecifies that TACF should build a new alias, calledaliasName, which will be interpreted by TACF as theTACF command specified by commandName.Whenever the selang command shell findsaliasName, the command shell replaces it withcommandName and uses any parameters that werespecified when the alias was created.

parameters Specifies the number of variable parameters thatmust be entered when the alias is used anddesignates the constants that TACF will use wheninvoking the command identified by aliasName.Specify parameters in the following format:

($0) ($1) ... ($N) const1 const2 ... constN

alias Command


1.TA

CF

Co

mm

and

Lan

gu

age

If commandName contains variables, you mustreplace each with a value when the alias is used andenclose the values in parentheses ().

TACF will apply the values in the constants inwhatever way is relevant for the TACF commandcommandName.

EXAMPLESA TACF administrator (a user with the ADMIN attribute) wants tocreate an alias that will make adding new administrators to theTACF database easier.

The new TACF administrators will be added to the database withdefault values. The current TACF administrator will simply add thenames of the new administrators.alias newadm newusr $0 admin

When the TACF administrator enters the following:newadm (Terri)

TACF will add a user named Terri to the database. Terri will begiven the ADMIN attribute; therefore, Terri will be able toadminister the TACF database.

SEE ALSOunalias

alias Command

10 Version 3.7

authorizeAdds accessors to a resource access control list and modifies existingaccess authority. Sets the authority a specific user or group has whenaccessing a specific resource.

SYNOPSIS{authorize | auth} className resourceName [uid(userName | *)][gid(groupName)] [access(authority)] [via(pgm(programName))][unix]

{authorize | auth} {HOST | GHOST | HOSTNET | HOSTNP}stationName service(name | number | range) [access(read | none)]

{authorize | auth} TCP serviceName [access(read | write | none)][gid (groupName)] {host(hostName) | hostnet(hostNetName) |hostnp (hostNamePattern)} [id(accessorName)] [uid(userName)]

DESCRIPTIONThe authorize command maintains the lists of users, groups, andhosts who are authorized to access resources or services. TACF usesACLs and PACLs when it checks a user’s authority to access aresource; it uses the INETACL when it checks a host’s authority toaccess a TCP service.

¶ ACL: A standard access control list that contains the user namesor group names, or both, that are authorized to access theresource and specifies the level of access granted to each.

¶ PACL: A program access control list, also known as aconditional access control list, that contains the user names orgroup names, or both, the levels of access, and the name of theprogram or shell script the user must execute to access theparticular resource.

¶ INETACL: An internet access control list that contains the hostnames that are authorized to access a TCP service and the levelof access granted to each.

There are different forms of the authorize command for the varioussets of classes. These sets are:

authorize Command


1.TA

CF

Co

mm

and

Lan

gu

age

¶ HOST, GHOST, HOSTNET, and HOSTNP

¶ TCP

¶ All remaining classes

The following table identifies the classes that support ACLs, PACLs,and INETACLs. Classes that do not appear in this list cannot beused with the authorize command.

Classes Supported ControlLists

ADMIN, CONNECT, FILE, PROCESS, SUDO,SURROGATE, TERMINAL

ACL, PACL

GHOST, HOST, HOSTNET, HOSTNP INETACL

GSUDO, GTERMINAL, HOLIDAY, PROGRAM,TCP, UACC

ACL

TCP PACL (reserved)

AuthorizationTo use the authorize command, you must have sufficient authorityover the resource. TACF makes the following checks until one of theconditions is met:

¶ You have the ADMIN attribute.

¶ The resource record is within the scope of a group in which youhave the GROUP-ADMIN attribute.

¶ You are the owner of the resource record.

¶ You are assigned the MODIFY access authority in the accesscontrol list of the resource class record in the ADMIN class.

Argumentsaccess(authority)

Specifies the access authority the accessors identifiedby the uid or gid parameter, or both, have to theresource. If the via parameter is not specified, theaccess authority is set in the resource standard accesscontrol list. If the via parameter is specified, the

authorize Command

12 Version 3.7

access authority is set in the resource conditionalaccess control list. If the access parameter is notspecified, the default access is read. The variableauthority is the access authority, whose valuesdepend on the class the record belongs to as follows:

For the FILE class, valid values are all, alter, chdir,chmod, chown, control, create, delete, execute,none, read, rename, sec, update, utime, and write.

For the PROGRAM, SUDO, and GSUDO classes,valid values are all, none, and execute.

For the ADMIN class, valid values are all, create,delete, join, modify, none, password, and read.

For the TERMINAL and GTERMINAL classes,valid values are all, none, read, and write. The useror group that is given the value read is allowed tolog in to the terminal; the value write enables theuser or group to administer the terminal.

For the TCP class, valid values are read, write, andnone.

For the HOLIDAY class, valid values are all, read,and none. The user who is given the read value canlog in during the specified holiday.

For all other classes, valid values are all, none, andread.

(The value all represents the group of access valuesfor a particular class.)

If the access parameter is omitted, TACF assigns thedefault access specified in the DEFACCS object forthe resource class in the UACC (universal accessauthority) class.

className Specifies the name of the class to whichresourceName belongs.

gid(groupName)Specifies the TACF group or groups whose authority

authorize Command


1.TA

CF

Co

mm

and

Lan

gu

age

to access the resource is being set. When specifyingmore than one group, separate the names with spacesor commas.

host(hostName)Specifies the name of an object in class HOST.

hostnet(hostNetName)Specifies the name of an object in class HOSTNET.

hostnp(hostNamePattern)Specifies a pattern defined in class HOSTNP.

id(accessorName)

Specifies the TACF accessors (users, groups, orboth) whose authority to access the resource is beingset. accessorName is the user name of one or moreTACF accessors. If a name belongs both to a userand to a group, TACF assumes that you are referringto the user.

When specifying more than one accessor, separatetheir names with a space or a comma. To specify allusers who are defined to TACF, specify an asterisk(*) for accessorName.

resourceName Specifies the name of the resource record whoseaccess control list is being modified. Specify onlyone resource record.

serviceName Specifies the name of the TCP service for whichaccess is to be provided.

service(name | number | range)Identifies the services the local host is permitted toprovide to the hosts specified by stationName, where

name Specifies the name of the service.

numberSpecifies the service number.

range Specifies a range of service numbers, such as3300–3600.

authorize Command

14 Version 3.7

stationName Specifies the record name of a resource asdetermined by the type of class specified. Thefollowing values are valid for the classes listed:

Class stationName Value

HOSTA host.

GHOSTA group of hosts.

HOSTNET

Specifies a range of IP addresses or one IPaddress as defined by the mask and matchparameters that were specified when theHOSTNET record was created or last edited.

For hosts that cannot be resolved using the/etc/hosts file, DNS, or NIS, specify aHOSTNET station name.

HOSTNPSpecifies a group of host names defined witha regular expression.

uid(userName)Specifies one or more TACF users whose authorityto access the resource is being set. When specifyingmore than one user, separate the names with spacesor commas. To specify all users who are defined toTACF, use an asterisk (*) for userName.

unix Adds values to the UNIX system ACLs in the UNIXsystems that support them. This parameter is onlyvalid for the TACF class FILE.

via(pgm(programName))Sets a conditional (program) access rule. Thespecified access applies only when the resource isaccessed from the specified program or shell script.For a program path that specifies access from a shellscript, the shell script must have #!/bin/sh as its first

authorize Command


1.TA

CF

Co

mm

and

Lan

gu

age

line. If programName specifies a program or shellscript that is not defined in the PROGRAM class,TACF automatically creates a PROGRAM record toprotect it.

EXAMPLES1. A TACF administrator wants to give all the users in the

RESEARCH group READ access authority to the terminal tty10.The terminal tty10 is currently protected by a record of theTERMINAL class.authorize TERMINAL tty10 gid(RESEARCH) access(read)

2. A TACF administrator wants to allow the user Joe, who backs upthe system, to back up the sensitive file/projects/projectA/secrets.authorize FILE /projects/projectA/secrets uid(Joe) \via(pgm(/bin/backup)) access(read)

SEE ALSOauthorize–, chres, editres, newres

authorize Command

16 Version 3.7

authorize–Removes accessors from a resource access control list.

SYNOPSIS{authorize– | auth–} className resourceName [uid(userName | *)][gid(groupName)] [id(accessorName)] [via(pgm(programName))][unix]

{authorize– | auth–} {HOST | GHOST | HOSTNET | HOSTNP}stationName service(name | number | range)

{authorize– | auth–} TCP serviceName {host(hostName) | ghost(hostGroupName) | hostnet(hostNetName) | hostnp(hostNamePattern)}

DESCRIPTIONThe authorize– command removes accessors from a resource accesscontrol list (ACL) or conditional (program) access control list(PACL) by deleting the accessor IDs from the standard accesscontrol list. There are different forms of the authorize– commandfor various sets of classes. These sets are:

¶ HOST, GHOST, HOSTNET, and HOSTNP

¶ TCP

¶ All remaining classes

AuthorizationTo use the authorize– command, you must have sufficient authorityover the resource. TACF makes the following checks until one of theconditions is met:




¶ You are assigned the MODIFY access authority in the accesscontrol list of the resource class record in the ADMIN class.

authorize- Command


1.TA

CF

Co

mm

and

Lan

gu

age

ArgumentsclassName Specifies the name of the class to which

resourceName belongs.

gid(groupName)Specifies the TACF group or groups whose authorityto access the resource is being set. When specifyingmore than one group, separate the group names withspaces or commas.

ghost(hostGroupName)Specifies the name of an object in class GHOST.

host(hostName)Specifies the name of an object in class HOST.

hostnet(hostNetName)Specifies the name of an object in class HOSTNET.

hostnp(hostNamePattern)Specifies a pattern defined in class HOSTNP.

id(accessorName)Specifies the TACF accessors (users, groups, orboth) whose authority to access the resource is beingset. accessorName is the user name of one or moreTACF accessors. If a name belongs both to a userand to a group, TACF assumes that you are referringto the user.

When specifying more than one accessor, separatetheir names with a space or a comma. To specify allusers who are defined to TACF, specify an asterisk(*) for accessorName.

resourceName Specifies the name of the resource record whoseaccess control list is being modified. Specify onlyone resource record.

serviceName Specifies the name of the TCP service for whichaccess is being modified.

authorize- Command

18 Version 3.7

service(name | number | range)Identifies the services the local host will no longerbe permitted to provide to the hosts specified bystationName,where

name Specifies the name of the service.

numberSpecifies the service number.

range Specifies a range of service numbers, such as3300-3600.

stationName Specifies the record name of a resource asdetermined by the type of class specified. Thefollowing values are valid for the classes listed:

Class stationNameValue

HOSTA host.

GHOSTA group of hosts.

HOSTNETA range of IP addresses or one IP address asdefined by the mask and match parameterswhen the HOSTNET record was created orlast edited.

For hosts that cannot be resolved using the/etc/hosts file, DNS, or NIS, specify aHOSTNET station name.

HOSTNPA group of host names defined with aregular expression.

uid(userName)Specifies one or more TACF users whose authorityto access the resource is being set. When specifyingmore than one user, separate the names with spacesor commas. To specify all users who are defined toTACF, use an asterisk (*) for userName.

authorize- Command


1.TA

CF

Co

mm

and

Lan

gu

age

unix Deletes values from the system ACLs in UNIX inthe UNIX systems that support them. This parameteris only valid for the TACF class FILE.

via(pgm(programName))Sets a conditional (program) access rule. Thespecified access applies only when the resource isaccessed from the specified program or shell script.If programName specifies a program or shell scriptthat is not defined in the PROGRAM class, TACFautomatically creates a PROGRAM record to protectit.

EXAMPLES1. A TACF administrator wants to remove Bob’s access from the

access control list, which explicitly granted access to thecommand su root.authorize– SURROGATE USER.root uid(bob)

2. A TACF administrator wants to remove the telnet authorizationthat enables venus to access the machine on which the followingcommand is entered.authorize– HOST(venus) service(telnet)

SEE ALSOauthorize, chres, editres, newres

authorize- Command

20 Version 3.7

CheckThe check

command allows you to determine if a user has access privileges toa particular resource.

SYNOPSIScheck className resourceName uid (userName) access (authority)

EXAMPLESYou can determine if a root user has access to the resourcetestfile

of class file by issuing thecheck

command. The output resembles t he following:TACF> check FILE/ testfile uid (root) access (w) (localhost)Access to FILE / testfile GRANTEDAccess to FILE / testfile DENIEDStage: Resource OWNER checkTACF>

Argumentsaccess (authority)

Specifies the access authority to be checked for the accessoridentified by the uid parameter.

classNameSpecifies the name of the class to which resourceNamebelongs.

resourceNameSpecifies the name of the resource record whose accesscontrol list is being modified. Specify only one resourcerecord.

uid (userName)Specifies the name of the TACF user whose authority toaccess resourceName is to be verified.

check Command


1.TA

CF

Co

mm

and

Lan

gu

age

checkloginThe checklogin

command determines a user’s login privileges. This command alsodetermines if a password check is needed, and whether a terminalaccess check is needed.

SYNOPSISchecklogin userName [password (userPassword)][terminal(terminalName)]

EXAMPLES1. To determine if a user (Frank) has logon privileges to the

localhost from terminal mutra, issue the following command:checklogin frank terminal(mutra)(localhost)

The output resembles the following:TACF>checklogin frank terminal (mutra) (localhost)Login by USER frank to host winsome is GRANTEDStage: Resource class global universal access

2. To verify Frank’s password, issue the following command:checklogin frank password (moonshine) (localhost)

The output resembles the following:TACF> checklogin frank password (111) (localhost)Given password does not match OS passwordTACF> checklogin frank password(moonshine)(localhost)Warning: TACF password check is disabledLogin by USER frank to host gnodola is GRANTEDStage: Resource class global universal access TACF>

3. Now, to verify user Frank’s password against the one in theAccess Control database, execute the following commands. Theoutput resembles the following:TACF> so class+ (PASSWORD)(localhost)Successfully updated TACF options TACF> checklogin frank password

checklogin Command

22 Version 3.7

(moonshine) terminal (tack)(localhost)Login by USER frank to host gondola is GRANTEDStage: Resource class global universal access TACF>

Argumentsuid (userName)

Specifies the name of the TACF user whose authority toaccess resourceName is to be verified.

passwordThe password, if specified. When you enable passwordchecking, the TACF utility checks this password against theoperating system password and against the TACF database.

terminalIf you designate the terminal check function, TACF checksthis terminal to determine if a user has logon privileges.

checklogin Command


1.TA

CF

Co

mm

and

Lan

gu

age

chfile or editfile or newfileThe chfile command changes the definition of a record of the FILEclass. The editfile command can define a new record and change anexisting record of the FILE class. The newfile command defines anew record of the FILE class.

SYNOPSIS{{chfile | cf} fileName {editfile | ef} fileName {newfile | nf}fileName} [audit(none | all | success | failure)][category(categoryName) | category–(categoryName)][comment(string) | comment–] [defaccess (accessAuthority)][label(labelName) | label–] [level(number) | level–][notify(mailAddress) | notify–] [gowner(groupName)][owner(userName | groupName)] [restrictions([days(anyday |weekdays | [mon] [tue] [wed] [thu] [fri] [sat] [sun])] [time(anytime | startTime:endTime)]) | restrictions–] [warning |warning–]

DESCRIPTIONThe chfile command modifies one or more records in the FILEclass.

The editfile command either creates one or more records like thenewfile command or modifies one or more records like the chfilecommand, depending on whether the file record identified byfileName already exists in the FILE class.

The newfile command creates one or more records in the FILEclass.

By using the warning parameter, you can test the effectiveness ofthe setup before activating it. When warning is set, TACF enablesaccess to protected resources, but will write a warning message tothe audit file if an access occurs that would normally be deniedbased on the rules established for the resource.

Generic File ProtectionGeneric file protection enables you to apply a particular access ruleto all the files that fit a specified file name pattern (regular

chfile or editfile or newfile Command

24 Version 3.7

expression). Any resource with a name that matches the wildcardpattern is protected by the generic access rule. If a resource matchesmore than one generic access rule, the closest of the matches is usedfor that resource.

For example, /usr/bin/* or /home/*/.rhosts can be used to protectfiles whose names fit these patterns. With generic file protection,only a few security rules need to be defined to protect most of thefiles that need protection in a UNIX system.

TACF, however, will not accept the following patterns:

¶ /*

¶ /tmp/*

¶ /etc/*

AuthorizationTo add or change a record for a file belonging to the FILE class,you must have sufficient authority over the file. TACF makes thefollowing checks until one of the conditions is met:



¶ When changing a record, that you are its owner.

¶ You have CREATE (for newfile or editfile) or MODIFY (forchfile) access authority in the ACL of the FILE record in theADMIN class.

¶ When defining a file to TACF that exists in UNIX, that you arethe owner of the file, if the token use_unix_file_owner in theseos.ini file is set to yes.

Argumentsaudit Specifies which access events are logged. To use the

audit parameter in the chfile command, you musthave the AUDITOR attribute.



1.TA

CF

Co

mm

and

Lan

gu

age

all TACF logs both authorized accesses anddetected unauthorized access attempts.

none TACF does not write any records in the logfile.

successTACF logs authorized accesses to theresource.

failureTACF logs detected unauthorized accessattempts. This is the default value.

category(categoryName)Assigns one or more security categories to the file. Ifthe category parameter is specified when theCATEGORY class is not active, TACF updates thefile’s definition in the database; however, the updatedcategory assignment has no effect until theCATEGORY class is again activated.

When assigning more than one security category,separate the category names with spaces or commas.

category–(categoryName)Deletes one or more security categories from therecord. The specified security categories are deletedfrom the record, regardless of whether theCATEGORY class is active. Use this parameter onlywith the chfile and editfile commands.

When removing more than one security category,separate the category names with spaces or commas.

comment(string)Adds a comment string of up to 255 alphanumericcharacters to the file record. If a comment string wasdefined previously, this new comment string replacesthe existing string. If the string contains any spaces,enclose the string in single quotation marks.


26 Version 3.7

comment– Deletes the comment string from the file record. Usethis parameter only with the chfile and editfilecommands.

fileName For the command chfile, fileName is the name of thefile record to modify.

For the command editfile, if fileName already existsin class FILE, editfile modifies the record; iffileName does not already exist, editfile adds the filerecord to class FILE.

For the command newfile, fileName is the name ofthe file record being added to class FILE.

If you are adding a record to or changing a record inclass FILE using a generic file name, use thewildcard expressions permitted in TACF. See “StringMatching” on page 441 for more information.

When defining or changing more than one record,enclose the list of file names in parentheses andseparate the names with spaces or commas.

If more than one file name is specified, TACFprocesses each file record independently inaccordance with the specified parameters. If an erroroccurs while processing a file, TACF issues amessage and continues processing with the next filein the list.

defaccess(accessAuthority)Specifies the default access authority for the file. Thedefault access authority is the authority granted toany accessor not in the file’s access control lists thatrequests access to the file. The default access is alsoapplied to users who are not defined in the TACFdatabase.

The accessAuthority argument must be one of thefollowing values: all, alter, chdir, chmod, chown,control, create, delete, none, read, rename, sec,update, utime, or write.



1.TA

CF

Co

mm

and

Lan

gu

age

gowner(groupName)Assigns a TACF group as the owner of the filerecord. The group owner of the file record hasunrestricted access to the file, provided the groupowner’s security level, security label, and securitycategory authorities are sufficient to allow access tothe file. The group owner of the file is alwayspermitted to update and delete the file record.

label(labelName)Assigns a security label to the record. A securitylabel represents an association between a particularsecurity level and zero or more security categories. Ifthe record currently contains a security label, thesecurity label specified here replaces the currentsecurity label.

label– Deletes the security label defined in the file record.Use this parameter only with the chfile and editfilecommands.

level(number) Assigns a security level to the resource record. If asecurity level was previously assigned to theresource record, the new value replaces the existingvalue. The number must be a positive integerbetween 1 and 255.

level– Stops TACF from performing security level checkingfor the resource. Use this parameter only with thechfile and editfile commands.

notify(mailAddress)Instructs TACF to send notification messageswhenever the file represented by the record issuccessfully accessed. The notification messages aresent to the users identified by mailAddress. ThemailAddress can be a user name, the electronic mail(e-mail) address of a user, or the e-mail address(alias) of a mail group.

Notification takes place only when the Log RoutingSystem is active. The notification messages are sent


28 Version 3.7

either to the screen or to the mail box of the users,depending on the setup of the Log Routing System.Each time a notification message is sent, an auditrecord is written in the audit log. See “seaudit” onpage 153, for more information on filtering andviewing audit records.

The user who receives notification messages shouldlog in frequently to respond to the unauthorizedaccess attempts described in each message.

notify– Specifies that no one is notified when TACF grantsaccess to the file represented by the record. Use thisparameter only with the chfile and editfilecommands.

owner Assigns a TACF user or group as the owner of thefile record. The owner of the file record hasunrestricted access to the file, provided the owner’ssecurity level, security label, and security categoryauthorities are sufficient to allow access to the file.The owner of the file is always permitted to updateand delete the file record.

userNameThe name of a TACF user.

groupNameThe name of a TACF group.

restrictions Specifies the days of the week and the hours in theday when the file is accessible to users.

If you omit the days argument and specify the timeargument, the time restriction applies to anyday-of-week restriction already indicated in therecord. If you omit time and specify days, the dayrestriction applies to any time restriction alreadyindicated in the record. If you specify both days andtime, the users are allowed to access the system onlyduring the specified time period on the specifieddays.



1.TA

CF

Co

mm

and

Lan

gu

age

days Specifies the days on which the file can beaccessed by users. The days argument takesthe following subarguments:

anyday-Allows users access to the file onany day.

weekdays-Allows users access to the fileonly on weekdays, Monday through Friday.

mon tue wed thu fri sat sun-Allows usersaccess to the resource only on the specifieddays. You can specify the days in any order.If more than one day is specified, separatethe days with spaces or commas.

time Specifies the time period during which thefile can be accessed by users. The timeargument takes the following subarguments:

anytime-Allows users access to the file atany time of the day.

startTime:endTime-Allows access to the fileonly during the specified time period. Theformat of both startTime and endTime ishhmm, where hh is the hour in 24-hournotation (00 through 23) and mm is theminutes (00 through 59). Note that 2400 isnot a valid time value. The setting forstartTime must be less than the setting forendTime, and both times must occur on thesame day. If the terminal is in a differenttime zone from the processor, adjust the timevalues by translating the start and end timesfor the terminal to the equivalent local timesfor the processor. For example, if theprocessor is in New York and the terminal isin Los Angeles, to allow access to theterminal from 8:00 a.m. to 5:00 p.m. in LosAngeles, specify time(1100:2000).


30 Version 3.7

restrictions– Deletes any restrictions that limit the ability toaccess the file. Use this parameter only with thechfile and editfile commands.

warning Specifies that, even if an accessor’s authority isinsufficient to access the file, TACF is to allowaccess to the file. However, TACF writes a warningmessage in the audit file.

warning– Specifies that, if an accessor’s authority isinsufficient to access the file, TACF is to deny theuser access to the file and does not write a warningmessage. Use this parameter only with the chfile andeditfile commands.

EXAMPLES1. The security administrator wants to restrict access to the

/etc/passwd file by allowing only READ access to all usersexcept root; root is to be allowed free access to the file.chfile /etc/passwd defaccess(read) owner(root)

2. The user Bob wants to prevent all users from accessing his file/home/bob/secrets. In addition, Bob wants to restrict his accessto the file to weekdays between 08:00 and 18:00.chfile /home/bob/secrets defaccess(none)\restrictions(days(weekdays) time(0800:1800))

3. The user Bob wants to prevent all other users from accessing anyfile in his home directory, /home/bob.newfile /home/bob/* defaccess(none)

SEE ALSOauthorize, authorize–, rmfile, showfile



1.TA

CF

Co

mm

and

Lan

gu

age

chgrp or editgrp or newgrpThe chgrp command changes the definition of a group. The editgrpcommand can define a new group and change an existing group. Thenewgrp command defines a new group.

SYNOPSIS{{chgrp | cg} groupName {editgrp | eg} groupName {newgrp | ng}groupName} [comment(string) | comment–] [expire[(date)] |expire–] [grace(nLogins) | grace–] [inactive(nDays) | inactive–][interval(nDays) | interval–] [maxlogins(nLogins) | maxlogins–][min_life(nDays) | min_life–] [name(string)] [owner(userName |groupName)] [parent(groupName) | parent–][restrictions([days(anyday | weekdays | [mon] [tue] [wed] [thu][fri] [sat] [sun])] [time(anytime | startTime:endTime)] |restrictions–] [resume[(date)] | resume–] [suspend[(date)] |suspend–] [unix | unix([groupid(number)] [userlist(userName)])]

DESCRIPTIONThe chgrp command changes the definition of a TACF group. If thegroup is also defined to UNIX, the chgrp command can be used tochange the group’s UNIX definition. You can change the definitionof more than one group with a single chgrp command.

The editgrp command either adds a new group to the TACFdatabase like the newgrp command or changes the definition of anexisting TACF group like the chgrp command depending on whetherthe group record identified by groupName already exists.

The newgrp command defines a new group to TACF by adding arecord for the group to the TACF database and, optionally,establishes a relationship between the new group and a specifiedparent group.

Note: Use the join command to add members to a group; use thejoin– command to remove members from a group.

AuthorizationTo use the chgrp or editgrp command, at least one of the followingconditions must be true:

chgrp or editgrp or newgrp Command

32 Version 3.7


¶ The group record is within the scope of a group in which youhave the GROUP-ADMIN attribute.

¶ You are the owner of the group.

¶ You are assigned the MODIFY (for chgrp) or CREATE (foreditgrp) authority in the access control list (ACL) of theGROUP record in the ADMIN class.

To use the newgrp command, at least one of the followingconditions must be true:


¶ You are assigned the CREATE authority in the ACL of theGROUP record in the ADMIN class.

Argumentscomment(string)

Adds a comment string of up to 255 alphanumericcharacters to the group record. If a comment stringwas defined previously, this new comment stringreplaces the existing string. If the string contains anyspaces, enclose the string in single quotation marks.

comment– Deletes the comment string, if any, from the grouprecord. Use this parameter only with the chgrp andeditgrp commands.

expire(date) Sets the date on which the accounts of the groupexpire. If a date is not specified, the user accountsexpire immediately, provided the users are notcurrently logged in. If the users are logged in, theaccounts expire when the users log out.

Expired user records cannot be enabled by specifyingthe resume argument with a resume date. Use theexpire– argument to enable expired user records.

expire– For the newgrp command, this command definesuser accounts that do not have an expiry date. For



1.TA

CF

Co

mm

and

Lan

gu

age

the chgrp and editgrp commands, this argumentremoves the expiry date from the user accounts.

grace(nLogins)Sets the maximum number of logins that arepermitted before the users are suspended. Thenumber of grace logins must be between 0 and 255.After the number of grace logins is reached, theusers are denied access to the system and mustcontact the system administrator to select a newpassword. If grace is set to zero, the users cannot login.

grace– Deletes the grace login setting for the group. Onlyuse this argument with the chgrp command or theeditgrp command.

groupName For the command chgrp, groupName specifies thename of the group whose properties you arechanging.

For the command editgrp, if groupName alreadyexists, editgrp changes the properties of the group;if groupName does not already exist, editgrp addsthe group record to the database.

For the command newgrp, groupName specifies thename of the group record being added to thedatabase. Each group name must be unique and mustnot currently exist in the TACF database as a groupname.

When defining or changing the properties of morethan one group, enclose the list of group names inparentheses and separate the names with spaces orcommas.

inactive(string)Specifies the number of days that must pass beforethe system changes users to inactive status. When the


34 Version 3.7

number of days is reached, users become inactiveand cannot log in. The default is that the user willnot become inactive.

inactive– Changes the users’ status from inactive to active.Only use this argument with the chgrp command orthe editgrp command.

interval(nDays)Sets the number of days that must pass after thepassword was set or changed before the systemprompts the users for a new password. When thespecified number of days is reached, TACF informsthe user that the current password has expired. Theuser can immediately renew the password orcontinue using the old password until the number ofgrace logins is reached. After the number of gracelogins is reached, the user is denied access to thesystem and must contact the system administrator toselect a new password.

interval– Cancels the password interval setting for the group.If canceled and there is a value for interval in theuser record, the value in the user record is used.Otherwise, the default set by the setoptionscommand is used. Only use this parameter with thechgrp command or the editgrp command.

maxlogins(nLogins)

Sets the maximum number of terminals the users canlog in from concurrently. A value of 0 (zero) meansthere is no maximum and the users can log in fromany number of terminals concurrently. If thisparameter is not specified and the maxloginsparameter is set in the user record, the value in theuser record is used. Otherwise, the global maximumlogins setting is used.

If maxlogins is set to 1, you cannot run the selangcommand. You must bring down TACF, change thesetting to greater than 1, and restart TACF.



1.TA

CF

Co

mm

and

Lan

gu

age

maxlogins– Deletes the group’s maximum login setting. If thisparameter is not specified and the parameter is set ina user record, the value in the user record is used.Otherwise, the global maximum logins setting isused. Only use this parameter with the chgrpcommand or the editgrp command.

min_life(nDays)The minimum number of days that must pass beforeusers are allowed to change the password again.

min_life Deletes the group’s min_life setting. If thisparameter is not specified and the min_lifeparameter is set in a user record, the value in theuser record is used. Otherwise the global min_lifesetting is used. Only use this parameter with thechgrp command or the editgrp command.

name(string) Specifies an alphanumeric string of up to 47characters that represents the full name of the group.If the string contains any spaces, enclose the stringin single quotation marks.

owner Assigns a TACF user or group as the owner of thegroup record. If you are adding a group to thedatabase and you omit this parameter, you areassigned ownership of the group record.



parent(groupName)Assigns an existing TACF group as the parent groupof the group record.

parent– Deletes the link between a group and its parentgroup. Only use this parameter with the chgrpcommand or the editgrp command.

restrictions


36 Version 3.7

Specifies when users who are members of the groupare allowed to log in to the system. The loginrestrictions apply only when the users log in to thesystem; i.e., TACF does not force a user off thesystem if the login period expires while the user islogged in. Also, the login restrictions do not apply tobatch jobs; a user can run a background process atany time.

If you omit the days argument and specify the timeargument, the time restriction applies to anyday-week restriction already indicated in the grouprecord. If you omit time and specify days, the dayrestriction applies to any time restriction alreadyindicated in the group record. If you specify bothdays and time, the members of the group areallowed to log in to the system only during thespecified time period on the specified days.

days Specifies the days on which the users canlog in to the system. The days argumenttakes the following subarguments:

anydayAllow the users to log in to thesystem on any day.

weekdaysAllow the users to log in to thesystem only on weekdays- Mondaythrough Friday.

dayListAs shown in the syntax-allow theusers to log in to the system only onthe specified days. You can specifythe days in any order. If more thanone day is specified, separate thedays with a space or a comma.

time Specifies the time period during which the



1.TA

CF

Co

mm

and

Lan

gu

age

users can log in to the system. The timeargument takes the following subarguments:

anytimeAllow the user to log in at any timeof the day.

startTime:endTime

Allow the users to log in only duringthe specified time period. The formatof both startTime and endTime ishhmm, where hh is the hour in24-hour notation (00 through 23) andmm is the minutes (00 through 59).Note that 2400 is not a valid timevalue.

If endTime is a smaller number thanendTime, the time period isconsidered to extend acrossmidnight. Otherwise, it is consideredto take place on a single day.

If the terminal is in a different timezone from the processor, adjust thetime values by translating the startand end times for the terminal to theequivalent local times for theprocessor.

restrictions– Deletes any restrictions that limit the users’ ability tolog in to the system from the group record. If thisparameter is not specified and the restrictionsparameter is set in a user record, the value in theuser record is used. Only use this parameter with thechgrp command or the editgrp command.

resume Enables user records that were disabled byspecifying the suspend parameter. If you specifyboth the suspend parameter and the resumeparameter, the resume date must fall after the


38 Version 3.7

suspend date. If you omit date, the user records areresumed immediately upon execution of the chgrpcommand.

resume– Erases the resume date, and time if used, from thegroup record. As a result, the status of the users ischanged from active (enabled) to suspended. Onlyuse this parameter with the chgrp command or theeditgrp command.

suspend Disables user records, but leaves them defined in theTACF database. A user cannot use a suspended useraccount to log in to the system. If date is specified,the user records are suspended on the specified date.If date is omitted, the user records are suspendedimmediately upon execution of the chgrp command.

suspend– Erases the suspend date from the user records,changing the status of the users from disabled toactive (enabled). Only use this parameter with thechgrp command or the editgrp command.

unix For the command chgrp, the unix parameter changesthe group’s attributes in both the local UNIX systemand the TACF database.

For the command editgrp, the unix parameter adds agroup or changes the group’s attributes in both thelocal UNIX system and the TACF database,depending on whether the record already exists.

For the command newgrp, unix adds a group toboth the local UNIX system and the TACF database.To add the group using the default attributes, specifythe unix parameter without any arguments. To set anattribute, specify the relevant argument.

If more than one argument is specified, separate thearguments with spaces.

groupidSets the group’s unique numeric ID. The



1.TA

CF

Co

mm

and

Lan

gu

age

number is a decimal number other than zero.You cannot specify a group ID of zero.

If number is not specified, TACF finds thelargest current group ID and sets the groupID of the group to this number plus one.TACF creates group ID numbers in the sameway when adding or modifying more thanone group at a time.

The token UntouchableGid in the seos.inifile may define certain numbers that areunavailable.

userlistAssigns members to the group in both thelocal UNIX system and the TACF database.The userName is the name of one or moreUNIX users. When assigning more than oneuser, separate the names with spaces orcommas.

For the chgrp and editgrp commands, thespecified member list replaces any memberlist that is currently defined for the group.

EXAMPLES1. A TACF administrator wants to change the parent group for the

group Sales to DivisionB and assign the group Marketing as thenew owner.chgrp Sales parent(DivisionB) owner(Marketing)

2. Admin1, a TACF administrator, wants to add the group ProjectAas a child group of the group RESEARCH. Because an owner isnot specified, the owner by default becomes Admin1, theadministrator who is creating the new group.newgrp ProjectA parent(RESEARCH)

3. Admin1 wants to add Bob, Pierre, and Maria to the group Tellersin both the local UNIX system and the TACF database.editgrp Tellers unix(userlist(Bob, Pierre, Maria))


40 Version 3.7

SEE ALSOrmgrp, showgrp, join, join–



1.TA

CF

Co

mm

and

Lan

gu

age

chres or editres or newresThe chres command changes the definition of a resource. Theeditres command can define a new resource and change an existingresource. The newres command defines a new resource.

The warning parameter can be used to set “test” mode, whichenables the setup to be tested before being activated.

Note: You cannot use thechres

oreditres

command to modify users or groups.

SYNOPSIS{{chres | cr} className resourceName {editres | er} classNameresourceName {newres | nr} className resourceName} [audit(none | all | success | failure)] [category(categoryName) |category–(categoryName)] [comment(string) | comment–] [dates(time-period)] [defaccess(accessAuthority)] [flags(flagname)][gowner(groupName)] [label(labelName) | label–] [level(number) |level–] [mask(inetAddress) match(inetAddress)][mem(resourceName) | mem–(resourceName)] [notify(mailAddress) |notify–] [owner(userName | groupName)] [password | password–][restrictions([days (anyday | weekdays | [mon] [tue] [wed] [thu][fri] [sat] [sun])] [time(anytime | startTime:endTime)]) |restrictions–] [targuid(userName)] [trust | trust–] [warning |warning–]

DESCRIPTIONThe chres command modifies one or more resource records thatbelong to a TACF class. The editres command either defines a newresource like newres or modifies an existing resource like chres,depending on whether the resource already exists. The newrescommand defines a new resource to a TACF class.

chres or editres or newres Command

42 Version 3.7

By using the warning parameter, you can test the effectiveness ofthe setup before activating it. When warning is set, TACF allowsaccess to protected resources, but will write a warning message tothe audit file if an access occurs that would normally be deniedbased on the rules established for the resource.

The following classes can be administered using the chres, editres,and newres commands: ADMIN, CATEGORY, CONNECT, FILE,GHOST, GSUDO, GTERMINAL, HOLIDAY, HOST, HOSTNET,HOSTNP, PROCESS, PROGRAM, SECFILE, SECLABEL, SUDO,SURROGATE, TCP, TERMINAL, UACC, and any user-definedclass.

Note: You cannot use the chres and editres commands to modifyusers and groups.

The following table lists the parameters that apply for each class.

Class audi

t

cate

gory

com

men

t

defa

cces

s

labe

l

leve

l

mas

k&

mat

ch

mem

noti

fy

owne

r

rest

rict

ions

,re

stri

ctio

ns–

war

ning

trus

t,tr

ust–

trus

t-

ADMIN X X X X X X X X X

CATEGORY X X

CONNECT X X X X X X X X X X X

FILE X X X X X X X X X X X

GHOST X X X X X X

GSUDO X X X X

GTERMINAL X X X X X

HOLIDAY X X X X X X X X X X X

HOST X X X X X

HOSTNET X X X X X



1.TA

CF

Co

mm

and

Lan

gu

age

Class audi

t

cate

gory

com

men

t

defa

cces

s

labe

l

leve

l

mas

k&

mat

ch

mem

noti

fy

owne

r

rest

rict

ions

,re

stri

ctio

ns–

war

ning

trus

t,tr

ust–

trus

t-

HOSTNP X X X X X

PROCESS X X X X X X X X X X

PROGRAM X X X X X X X X X X X

SECFILE X X X

SECLABEL X X X X

SUDO X X X X X X X X X X

SURROGATE X X X X X X X X X

TCP X X X X X X X X X

TERMINAL X X X X X X X X X

UACC X X X X X

AuthorizationTo use the chres or editres commands, you must have sufficientauthority over the resource. TACF makes the following checks untilone of the conditions is met:



¶ You are the owner of the record.

¶ You are assigned MODIFY (for chres) or CREATE (for editres)access authority in the access control list of the resource class’srecord in the ADMIN class.

To use the newres command, one of the following conditions mustbe true:


44 Version 3.7


¶ You have CREATE access authority in the ACL of the resourceclass’s record in the ADMIN class.

¶ If the token use_unix_file_owner in the seos.ini file is set toyes, an owner of a file in UNIX can define it as a new resourceto TACF.

Argumentsaudit Specifies which access events are logged. To use the

audit parameter, you must have the AUDITORattribute.

none TACF does not write any records in the logfile.

all TACF logs both authorized accesses anddetected unauthorized access attempts.

successTACF logs authorized accesses to theresource.

failureTACF logs detected unauthorized accessattempts. This is the default value.

category(categoryName)Assigns one or more security categories to theresource. If the category parameter is specified whenthe CATEGORY class is not active, TACF updatesthe resource’s definition in the database; however,the updated category assignment has no effect untilthe CATEGORY class is again activated. Whenassigning more than one security category, separatethe category names with spaces or commas.

category–(categoryName)Deletes one or more security categories from theresource record. The specified security categories aredeleted from the resource record, regardless of



1.TA

CF

Co

mm

and

Lan

gu

age

whether the CATEGORY class is active. Use thisparameter only with the chres and editrescommands.

When removing more than one security category,separate the category names with spaces or commas.

className Specifies the name of the class to which the resourcebelongs. To list the resource classes defined toTACF, use the find command.

comment(string)Adds a comment string of up to 255 alphanumericcharacters to the resource record. If a commentstring was defined previously, this new commentstring replaces the existing string. If the stringcontains any spaces, enclose the string in singlequotation marks.

comment– Deletes the comment string from the resource record.Use this parameter only with the chres and editrescommands.

dates(time-period)Specifies one or more periods of time when userscannot log in, such as holidays. If more than onetime period is specified, separate the time periodswith a space. The time period is specified in thefollowing format:mm/dd[/yy[yy]] [@hh:mm] [–mm/dd] [/yy[yy]] [@hh:mm]

defaccess(accessAuthority)Specifies the default access authority for theresource. The default access authority is the authoritygranted to any accessor not in the resource’s accesscontrol list (ACL). The default access is also appliedto users who are not defined in the TACF database.

The valid values for accessAuthority depend on theclass to which the resource belongs.


46 Version 3.7

For the FILE class, valid values are all, alter, chdir,chmod, chown, control, create, delete, execute,none, read, rename, sec, update, utime, and write.

For the PROGRAM, GSUDO, and SUDO classes,valid values are all, none, and execute.

For the TERMINAL and GTERMINAL classes,valid values are all, none, read, and write. The useror group given the value read is allowed to log in tothe terminal; the value write allows the user orgroup to administrater the terminal.

For the ADMIN class, valid values are all, connect,create, delete, modify, none, password, and read.

For the HOLIDAY class, valid values are all, read,and none. Given the read value, the user can log induring the specified holiday.

For the TCP class, valid values are read, write, andnone.

For all other classes, valid values are all, none, andread.

flags(flagName)Flags that define the way in which the resource is tobe trusted and how it should be trusted and how itshould be checked for trusted status. Available flagsinclude Ctime, Mtime, Mode, Size, Device, Inode,Crc, Owner, Group, All, None.

gowner(gownerName)Assigns a TACF group as the owner of the resourcerecord. The group owner of the resource record hasunrestricted access to the resource, provided thegroup owner’s security level, security label, andsecurity category authorities are sufficient to allowaccess to the resource. The group owner of theresource is always permitted to update and delete theresource record.



1.TA

CF

Co

mm

and

Lan

gu

age

label(labelName)Assigns a security label to the resource record. Asecurity label represents an association between aparticular security level and zero or more securitycategories. If the resource record currently contains asecurity label, this new security label replaces theexisting security label.

label– Deletes the security label from the resource record.Use this parameter only with the chres and editrescommands.

level(number) Assigns a security level (a positive integer between 1and 255) to the resource record. If a security levelwas previously assigned to the resource record, thisnew value replaces the existing value.

level– Stops TACF from performing security level checkingfor the resource. Use this parameter only with thechres and editres commands.

mask and match(inetAddress)The mask and match parameters are applicable onlyto the HOSTNET class. They are required whenadding a record to the class with the newres andeditres commands and are optional when usingchres. Use mask and match together to definewhich hosts belong to the HOSTNET record. Whena bitwise AND is performed on the mask and the IPaddress of a host, and the result equals match, thehost is a member of the HOSTNET record. Forexample, specifying mask(255.255.255.0) andmatch(192.16.133.0) includes all hosts with IPaddresses of the format 192.16.133.anything.

mem(resourceName)Adds members to a resource group. The memparameter applies only to resource records of theGSUDO, GTERMINAL, or GHOST class. TheGSUDO class contains resource records that definegroups of commands. The GTERMINAL class


48 Version 3.7

contains resource records that define groups ofterminals. The GHOST class contains resourcerecords that define groups of hosts. The memparameter adds SUDO resource records to theGSUDO record you are adding or modifying,TERMINAL resource records to the GTERMINALresource record you are adding or modifying, orHOST resource records to the GHOST resourcerecord you are adding or modifying.

The member resource must already be defined inTACF. If you are adding more than one memberresource, separate the resource names with spaces orcommas.

mem–(resourceName)Removes resources from a resource group. Use thisparameter only with the chres and editrescommands. If you are removing more than onemember resource, separate the resource names withspaces or commas.

notify(mailAddress)Instructs TACF to send notification messageswhenever the resource represented by the resourcerecord is accessed. The notification messages aresent to the users identified by mailAddress. ThemailAddress can be a user name, the electronic(e-mail) address of a user, or the e-mail address(alias) of a mail group.

Notification takes place only when the Log RoutingSystem is active. The notification messages are senteither to the screen or to the mail box of the users,depending on the setup of the Log Routing System.

Each time a notification message is sent, an auditrecord is written in the audit log. See “seaudit” onpage 153, on “seaudit” on page 153for moreinformation on filtering and viewing audit records.



1.TA

CF

Co

mm

and

Lan

gu

age

The user who receives notification messages shouldlog in frequently to respond to the unauthorizedaccess attempts described in each message.

notify– Specifies that no one is notified when the resourcerepresented by the resource record is successfullyaccessed. Use this parameter only with the chres andeditres commands.

owner Assigns a TACF user or group as the owner of theresource record. The owner of the resource recordhas unrestricted access to the resource, provided theowner’s security level, security label, and securitycategory authorities are sufficient to allow access tothe resource. The owner of the resource is alwayspermitted to update and delete the resource record.



password Specifies, for the SUDO class, that the sesudocommand will require the target user’s password.

password– Cancels the password command, so that the sesudocommand will no longer require the target user’spassword. Only use this parameter with the chrescommand or the editres command. If the passwordargument was not used in the past, then thisargument is unnecessary.

resourceName Specifies the name of the resource record to modifyor add. When changing or adding more than oneresource, enclose the list of resource names inparentheses and separate the names with spaces orcommas. At least one resource name must bespecified.

TACF processes each resource record independentlyin accordance with the specified parameters. If an


50 Version 3.7

error occurs while processing a resource, TACFissues a message and continues processing with thenext resource in the list.

restrictions Specifies the days of the week and the hours in theday when the resource is accessible to users.

If you omit the days argument and specify the timeargument, the time restriction applies to anyday-of-week restriction already indicated in therecord. If you omit time and specify days, the dayrestriction applies to any time restriction alreadyindicated in the record. If you specify both days andtime, the users are allowed to access the resourceonly during the specified time period on thespecified days.

days Specifies the days on which the resource canbe accessed by users. The days argumenttakes the following subarguments:

anyday-Allows users access to the resourceon any day.

weekdays-Allows users access to theresource only on weekdays, Monday throughFriday.

mon tue wed thu fri sat sun-Allows usersaccess to the resource only on the specifieddays. You can specify the days in any order.If more than one day is specified, separatethe days with spaces or commas.

time Specifies the time period during which theresource can be accessed by users. The timeargument takes the following subarguments:

anytime-Allows users access to the resourceat any time of the day.

startTime:endTime-Allows access to theresource only during the specified timeperiod. The format of both startTime and



1.TA

CF

Co

mm

and

Lan

gu

age

endTime is hhmm, where hh is the hour in24-hour notation (00 through 23) and mm isthe minutes (00 through 59). Note that 2400is not a valid time value. The setting forstartTime must be less than the setting forendTime, and both times must occur on thesame day. If the terminal is in a differenttime zone from the processor, adjust the timevalues by translating the start and end timesfor the terminal to the equivalent local timesfor the processor. For example, if theprocessor is in New York and the terminal isin Los Angeles, to allow access to theterminal from 8:00 a.m. to 5:00 p.m. in LosAngeles, specify time(1100:2000).

restrictions– Deletes any restrictions that limit the ability toaccess the resource. Use this parameter only with thechres and editres commands.

targuid(target-username)Specifies, for the SUDO class, the name of the userwhose authority will be borrowed for executing thecommand. The default value is root.

trust Specifies that the resource is trusted. The trustparameter applies only to resources of thePROGRAM and SECFILE classes. For resources inthe PROGRAM class, users can execute the programas long as the program remains trusted. Use thisparameter only with the chres and editrescommands.

trust– Specifies that the resource is untrusted. The trust–parameter applies only to resources of thePROGRAM and SECFILE classes. Users cannotexecute an untrusted program that has been definedas a resource in the PROGRAM class. Use thisparameter only with the chres and editrescommands.


52 Version 3.7

warning Specifies that, even if an accessor’s authority isinsufficient to access the resource, TACF is to allowaccess. Further, when an access takes place thatwould normally be denied, TACF is to write awarning message in the audit file.

Use the warning parameter to test your securityinstallation’s setup. In new installations, in particular,the warning parameter can help determine whereaccess problems may occur in the future and whichresources, if any, are too strictly protected. Use theseaudit utility to view the audit file.

warning– Specifies that, if an accessor’s authority isinsufficient to access the resource, TACF is to denythe user access to the resource. TACF does not writea warning message. Use this parameter only with thechres and editres commands.

EXAMPLES1. Admin1 wants to change the owner and default access for the

terminal tty30 and restrict the use of the terminal to weekdaysduring regular business hours (8:00 a.m. to 6:00 p.m.).chres TERMINAL tty30 owner(admin1) defaccess(read)\restrictions (days(weekdays)time(0800:1800))

2. The user Bob wants to delete the comment field of the terminaltty190 and be notified whenever access to the terminal isgranted.chres TERMINAL tty190 comment– notify(Bob@athena)

3. Admin1 wants to add the OPERATOR category to the list ofsecurity categories of the resource USER.root in theSURROGATE class.chres SURROGATE USER.root category(OPERATOR)

4. Admin1 wants to define /bin/su as a trusted program with aglobal access of EXECUTE.editres PROGRAM /bin/su defaccess(x) trust



1.TA

CF

Co

mm

and

Lan

gu

age

5. Admin1 wants to define the substitution of group ID to the group“system” as a protected resource to which no user, includingAdmin1, has access.newres SURROGATE GROUP.system defaccess(n)\owner(nobody)

6. The TACF administrator SecAdmin wants to define ProjATerms,a group of terminals containing the terminals T1, T8, and T11.The terminal group is to be used only by the group PROJECTAand only during work hours on weekdays.newres GTERMINAL ProjATerms mem(T1,T8,T11)\owner(PROJECTA) defaccess(n) restrictions \(days(weekdays)time(0800:1800))

SEE ALSOauthorize, authorize–, rmres, seaudit, showres


54 Version 3.7

chusr or editusr or newusrThe chusr command changes the definition of a user. The editusrcommand can define a new user and change an existing user. Thenewusr command defines a new user.

SYNOPSIS{{chusr | cu} userName {editusr | eu} userName {newusr | nu}userName} [admin | admin–] [audit(none | all | [success] [failure][loginsuccess] [loginfail] [trace])] [auditor | auditor–][category(categoryName) | category–(categoryName)][comment(string) | comment–] [country(string)] [enable][expire[(date[@time])] | expire–] [gowner(gownerName) | grace–][grace(nLogins) | grace–] [ign_hol | ign_hol–] [inactive(nDays) |inactive–] [interval(nDays) | interval–] [label(labelName) | label–][level(number) | level–] [location(string)] [maxlogins(nLogins) |maxlogins–] [min_life(nDays) | min_life–] [name(string)][notify(mailAddress) | notify–] [operator | operator–][organization(string)] [org_unit(string)] [owner(userName |groupName)] [password(string)] [phone(string)][profile(groupName) | profile–] [pwmanager | pwmanager–][restrictions([days(anyday | weekdays | [mon] [tue] [wed] [thu][fri] [sat] [sun])] [time(anytime | startTime:endTime)]) |restrictions–] [resume[(date[@time])] |resume–] [server | server–][suspend[(date[@time])] | suspend–] [unix | unix([gecos(string)][homedir(path)] [pgroup(groupName)] [shellprog(fileName)][userid(number)])]

DESCRIPTIONThe chusr command changes the properties of a user record. If theuser is also defined to UNIX, the chusr command can be used tochange the user’s UNIX definition. The changes are made to the userrecord immediately upon execution of the chusr command, even ifthe user is currently logged in to the system.

The editusr command can define a new user, like the newusrcommand, and change the properties of an existing user, like thechusr command, depending on whether the record specified byuserName already exists. The changes are made to the user record

chusr or editusr or newusr Command


1.TA

CF

Co

mm

and

Lan

gu

age

immediately upon execution of the editusr command, even if theuser is currently logged in to the system.

The newusr command defines a new user to TACF and, optionally,to UNIX.

AuthorizationThe level of authority required to execute the chusr and editusrcommands depends on which parameters you want to specify. Thefollowing rules apply:

¶ If you have the ADMIN attribute, you can specify all parametersexcept audit.

¶ To specify the audit parameter, you must have the AUDITORattribute assigned in your user record.

¶ When updating an existing record, the owner of the user recordcan specify all parameters except admin, auditor, server,operator, and pwmanager. To assign a security category to theuser record, the security category must appear in the owner’suser record. To assign a security label to the user record, thesecurity label must be assigned in the owner’s user record. Theowner of the user record can assign any security level that is lessthan or equal to the security level assigned in the owner’s userrecord.

¶ If the user record is within the scope of a group in which youhave the GROUP-ADMIN attribute, you have the same authorityas the owner of the record.

¶ If the user record is within the scope of a group in which youhave the GROUP-AUDITOR attribute, you can specify the auditparameter.

¶ If you are assigned the MODIFY (for chusr) or CREATE (foreditusr) authority in the access control list of the USER recordin the ADMIN class, you have the same authority as the ownerof the user record, discussed in the previous paragraphs.

To use the newusr command, at least one of the followingconditions must be true:


56 Version 3.7

¶ You must have the ADMIN attribute. With the ADMIN attribute,you can specify all parameters except audit.

¶ If you have the CREATE access authority in the access controllist of the USER record in the ADMIN class, you can use thenewusr command with all parameters except audit, admin,auditor, operator, pwmanager, and server.

Argumentsadmin Assigns the ADMIN attribute to the user. A user with

the ADMIN attribute is allowed to issue all TACFcommands with all parameters except audit. Youmust have the ADMIN attribute to issue the adminparameter.

admin– Removes the ADMIN attribute from the user. Youmust have the ADMIN attribute to use the admin–parameter. Use this parameter only with the chusrand editusr commands. (It is not possible to removethe ADMIN attribute from a user if the user is theonly user in the TACF database with the ADMINattribute. There must always be at least one user withthe ADMIN attribute in the database.)

audit Specifies which user activities are logged to the auditlog file. If more than one event type is specified,separate the event type names with spaces orcommas. To use the audit parameter, you must havethe AUDITOR attribute.

none No user activities are logged.

all All user activities on resources protected byTACF are logged.

successSuccessful accesses are logged.

failureFailed access attempts are logged.

loginsuccessSuccessful logins are logged.



1.TA

CF

Co

mm

and

Lan

gu

age

loginfailFailed login attempts are logged.

trace Every message that appears in the TACFtrace file as a result of this user’s actions isalso logged in the audit file.

auditor Assigns the AUDITOR attribute to the user. A userwith the AUDITOR attribute can audit the use ofsystem resources and can control, with the auditparameter, whether logins and accesses to protectedresources are logged or not. To specify the auditorparameter, you must have the ADMIN attribute.

auditor– Removes the AUDITOR attribute from the userrecord. To specify the auditor– parameter, you musthave the ADMIN attribute. Use this parameter onlywith the chusr and editusr commands.

category(categoryName)Assigns one or more security categories to the user.When assigning more than one security category,separate the category names with spaces or commas.

category–(categoryName)Removes one or more security categories from theuser record. Use this parameter only with the chusrand editusr commands. When deleting more thanone security category, separate the category nameswith spaces or commas.

comment(string)Adds a comment string of up to 255 alphanumericcharacters to the user record. If a comment stringwas defined previously, this new comment stringreplaces the existing string. If the string contains anyspaces, enclose the string in single quotation marks.

comment– Deletes the comment string from the user record.Use this parameter only with the chusr and editusrcommands.


58 Version 3.7

country(string)An alphanumeric string of up to 19 characters thatspecifies the country where the user is located. Thisstring is not used during the authorization process. Ifthe string contains any spaces, enclose the string insingle quotation marks.

If the user record has a value for this parameter, thatvalue overrides the value in the group record.

enable Enables the login of a user that has for any reasonbeen disabled. Use this argument only with thechusr and editusr commands.

expire If a date is not specified, the user account expiresimmediately, provided the user is not currentlylogged in. If the user is logged in, the accountexpires when the user logs out.

If the user record has a value for this argument, thatvalue overrides the value in the GROUP record.

You may specify a date and, optionally, the time forthe expiration.

date Sets the date, in the format mm/dd/yy, onwhich the user’s account expires. If youspecify a date but not a time, the accountexpires at the beginning (midnight) of thedate specified.

time Sets the time at which the user’s accountexpires, in the format hh:mm, where hh isthe hour in 24-hour notation (00 through 23)and mm is the minutes (00 through 59).

Note: An expired user record cannot be enabled byspecifying the resume argument with aresume date. Use the expire– argument toenable an expired user record.



1.TA

CF

Co

mm

and

Lan

gu

age

expire– Removes an expiration date from a user account.Use this argument only with the chusr and editusrcommands.

gowner(gownerName)Assigns a TACF group as the owner of the resourcerecord. The group owner of the resource record hasunrestricted access to the resource, provided thegroup owner’s security level, security label, andsecurity category authorities are sufficient to allowaccess to the resource. The group owner of theresource is always permitted to update and delete theresource record.

grace(nLogins)Sets the number of grace logins the user is allowedafter this command is executed. After the number ofgrace logins is reached, the user is denied access tothe system and must contact the system administratorto select a new password. The number of gracelogins must be a positive integer between 0 and 255.If grace is set to zero, the user cannot log in.

If the user record has a value for this argument, thatvalue overrides the value in the GROUP record. Ifthis argument is not specified and the user has aprofile group that contains a value for this argument,the value in the GROUP record is used. If there isno value in the USER or GROUP record, the valueTACF global grace login setting is used.

grace– Deletes the user’s grace login setting. The TACFglobal grace login setting is used instead. Use thisparameter only with the chusr and editusrcommands.

ign_hol Assigns the IGN_HOL attribute to the user. A userwith the IGN_HOL attribute can log in during anyperiod of time defined in a holiday record.

ign_hol– Removes IGN_HOL attribute from the user, so that


60 Version 3.7

the user can no longer log in during all holidays.Use this argument only with the chusr and editusrcommands.

inactive(nDays)Specifies the number of days that must pass beforeth system changes the user to inactive. When thenumber of days is reached, the user becomes inactiveand cannot log in. The default value is that the userwill not become inactive.

inactive– Changes the user’s status from inactive to active.Use this argument only with the chusr and editusrcommands.

interval(nDays)A positive integer (or zero) that sets the number ofdays that must pass after the password was set orchanged before the system prompts the user for anew password. When the specified number of days isreached, TACF informs the user that the currentpassword has expired. The user can immediatelyrenew the password or continue using the oldpassword until the number of grace logins isreached. After the number of grace logins is reached,the user is denied access to the system and mustcontact the system administrator to select a newpassword.

An interval of zero disables password intervalchecking for the user. The default set by thesetoptions command is not used. Set the interval tozero if you do not want a password to expire. Aninterval of zero should only be used for users withlow security requirements.

interval– Cancels a user’s password interval setting; the valueset by the setoptions command is used instead. Youmust specify a user name when you use theinterval– argument. Use this parameter only with thechusr and editusr commands.



1.TA

CF

Co

mm

and

Lan

gu

age

label(labelName)Assigns a security label to the user record. A securitylabel represents an association between a particularsecurity level and zero or more security categories.

label– Deletes the security label from the user record. Usethis parameter only with the chusr and editusrcommands.

level(number) A positive integer between 1 and 255 that assigns asecurity level to the user record.

level– Deletes the security level from the user record, sothat the user no longer has access to any resourcethat requires the accessor to have a security level.Use this argument only with the chusr and editusrcommands.

location(string)Specifies the user’s location. This string is not usedduring the authorization process. The string cancontain up to 47 alphanumeric characters. If thestring contains any spaces, enclose the string insingle quotation marks.

maxlogins(nLogins)Sets the maximum number of concurrent loginsallowed for the user. TACF does not allow moreconcurrent sessions than the specified number. Avalue of 0 (zero) means there is no maximum andthe user can concurrently log in from any number ofterminals. If this argument is not specified, theglobal maximum logins setting is used.

Note: If maxlogins is set to 1, you cannot runselang. You must bring down TACF, changethe maxlogins setting to a number greaterthan 1, and start TACF again.

maxlogins– Deletes the user’s maximum login setting. The globalsetting is used instead. Use this parameter only withthe chusr and editusr commands.


62 Version 3.7

min_life(nDays)Specifies the minimum number of days that mustpass before the user is allowed to change thepassword again.

min_life– Deletes the user’s min_life setting. The globalsetting defined by the setoptions command is usedinstead. Use this parameter only with the chusr andeditusr commands.

name(string) Specifies the full name of the user that is associatedwith the user record. The string can contain up to255 alphanumeric characters. If the string containsany spaces, enclose the string in single quotationmarks.

notify(mailAddress)Notifies the user at mailAddress every time the userlogs in. The user who receives notification messagesshould log in frequently to respond to theunauthorized access attempts described in eachmessage. Each time a notification message is sent, anaudit record is written in the audit log. See“seaudit” on page 153, for more information onfiltering and viewing audit records.

notify– Specifies that no one is notified when the user logsin. Use this parameter only with the chusr andeditusr commands.

operator Assigns the OPERATOR attribute to the user. A userwith the OPERATOR attribute can list all resourcerecords in the TACF database and also has readauthority for all TACF defined files. A user with thisattribute can also use all the options of the seconscommand.

operator– Removes the OPERATOR attribute from a userrecord. Use this parameter only with the chusr andeditusr commands.



1.TA

CF

Co

mm

and

Lan

gu

age

organization(string)Specifies the organization in which the user works.This information is not used during the authorizationprocess. The string can contain up to 19alphanumeric characters. If the string contains anyspaces, enclose the string in single quotation marks.

org_unit(string)Specifies the organizational unit in which the userworks. This information is not used during theauthorization process. The string can contain up to19 alphanumeric characters. If the string containsany spaces, enclose it in single quotation marks.

owner Assigns a TACF user or group as the owner of theuser record.



password(string)Assigns a password to a user. If password checkingis enabled, the password is valid for one login only.When the user next logs in to the system, a newpassword must be set. The string cannot containspaces or commas. You cannot change your ownpassword, even if you have the ADMIN orPWMANAGER attribute.

phone(string) Specifies the user’s phone number. The string cancontain up to 19 alphanumeric characters. If thestring contains any spaces, enclose the string insingle quotation marks. This information is not usedduring the authorization process.

profile(groupName)


64 Version 3.7

Assigns a user to a profile group. TACF assignsproperties from the profile group to the user if theproperties have not been explicitly assigned to theuser in the user record.

The values that can be taken from the profile groupare expire, grace, inactive, interval, maxlogins,min_life, restrictions, resume, suspend, and unix.

profile– Removes a user from the profile group. Use thisparameter only with the chusr and editusrcommands.

pwmanager Assigns the PWMANAGER attribute to the user. Auser with this attribute can change the passwords ofusers in the TACF database.

pwmanager– Removes the PWMANAGER attribute from the userrecord. Use this parameter only with the chusr andeditusr commands.

restrictions Specifies when the user is allowed to log in to thesystem. The login restrictions apply only when auser logs in; that is, TACF does not force a user offthe system if the login period expires while the useris logged in. Also, the login restrictions do not applyto batch jobs; a user can run a background process atany time.

If you omit the days argument and specify the timeargument, the time restriction applies to anyday-of-week restriction already indicated in the userrecord. If you omit time and specify days, the dayrestriction applies to any time restriction alreadyindicated in the user record. If you specify both daysand time, the user is allowed to log in to the systemonly during the specified time period on thespecified days.

If the user record has a value for this argument, thatvalue overrides the value in the GROUP record.

days Specifies the days on which the user can log



1.TA

CF

Co

mm

and

Lan

gu

age

in to the system. The days argument takesthe following subarguments:

anyday-Allows the user to log in to thesystem on any day.

weekdays-Allows the user to log in to thesystem only on weekdays, Monday throughFriday.

mon tue wed thu fri sat sun-Allows theuser to log in to the system only on thespecified days. You can specify the days inany order. If more than one day is specified,separate the days with spaces or commas.

time Specifies the time period during which theuser can log in to the system. The timeargument takes the following subarguments:

anytime-Allows the user to log in at anytime of the day.

startTime:endTime-Allows the user to log inonly during the specified time period. Theformat of both startTime and endTime ishhmm, where hh is the hour in 24-hournotation (00 through 23) and mm is theminutes (00 through 59). Note that 2400 isnot a valid time value. The setting forstartTime must be less than the setting forendTime, and both times must occur on thesame day. If the terminal is in a differenttime zone from the processor, adjust the timevalues by translating the start and end timesfor the terminal to the equivalent local timesfor the processor. For example, if theprocessor is in New York and the terminal isin Los Angeles, to allow the user to log infrom 8:00 a.m. to 5:00 p.m. in Los Angeles,specify time(1100:2000).


66 Version 3.7

restrictions– Deletes any restrictions that limit the user’s ability tolog in to the system. Use this parameter only withthe chusr and editusr commands.

resume Reinstates (enables) a user record that was disabledusing the suspend parameter. If you specify both thesuspend parameter and the resume parameter, theresume date and time must fall after the suspend dateand time. If a date is not specified, the user record isreinstated immediately.

You may specify a date and, optionally, the time forthe user record to be reinstated.

date Sets the date, in the format mm/dd/yy, onwhich TACF reinstates the user’s record. Ifyou specify a date but not a time, the recordis reinstated at the beginning (midnight) ofthe date specified.

time Sets the time at which the user’s record isreinstated, in the format hh:mm, where hh isthe hour in 24-hour notation (00 through 23)and mm is the minutes (00 through 59).

resume– Erases the resume date, and time if used, from theuser record. As a result, the status of the user ischanged from active (enabled) to suspended. Use thisparameter only with the chusr and editusrcommands.

server Sets the SERVER attribute on. This attribute allowsa process running on behalf of the current user toask for authorization for other users.

server– Sets the SERVER attribute off. Use this parameteronly with the chusr and editusr commands.

suspend Disables a user record, but leaves it defined in theTACF database. A user cannot use a suspended useraccount to log in to the system. If a date is notspecified, the user record is suspended immediatelyif the user is not currently logged in. If the user is



1.TA

CF

Co

mm

and

Lan

gu

age

logged in, the record is suspended when the userlogs out. A suspended record can be reinstated usingthe resume parameter.

You may specify a date and, optionally, the time forthe user record to be suspended.

date Sets the date, in the format mm/dd/yy, onwhich the user’s record is suspended. If youspecify a date but not a time, the record issuspended at the beginning (midnight) of thedate specified.

time Sets the time at which the user’s record issuspended, in the format hh:mm, where hh isthe hour in 24-hour notation (00 through 23)and mm is the minutes (00 through 59).

suspend– Erases the suspend date from the user record,changing the status of the user from disabled toactive (enabled). Use this parameter only with thechusr and editusr commands.

unix For the command chusr, the unix parameter changesthe user’s definition in both the local UNIX systemand the TACF database.

For the command editusr, the unix parameterchanges or adds the user’s definition in both thelocal UNIX system and the TACF database,depending on whether the user already exists.

For the newusr command, the unix parameter addsthe user to the both the local UNIX system and theTACF database.

If more than one argument is specified, separate thearguments with spaces.

gecos(string) Specifies a comment string for theuser, such as the user’s full name.Enclose the string in single quotationmarks.


68 Version 3.7

homedir(path)Specifies the full path of the user’shome directory. If the path youspecify ends with a slash, path isconcatenated to the specified path.

pgroup(groupName)Sets the user’s primary group ID.The variable groupName is the nameof a UNIX group.

shellprog(fileName)Specifies the full path of the initialprogram or shell that is executedafter the user invokes the login or sucommands. The variable fileName isa character string.

userid(number)Sets the user’s unique numeric ID,used for unique discretionary accesscontrol. The variable number is adecimal number. By default, numbersbelow 100 are not accepted.

userName Specifies the name of the user record. When usingthe newusr command, this name identifies the userto TACF. Each user name must be unique, must notcurrently exist in the TACF database as a user orgroup name, and, if the user is already defined toUNIX, must be the same as the UNIX user name.

A TACF user name should typically be identical to alogin name recognized by UNIX; however, there arecircumstances in which it is beneficial to have aTACF user name that is not a UNIX login name.

When defining or changing more than one userrecord, enclose the list of user names in parenthesesand separate the user names with spaces or commas.



1.TA

CF

Co

mm

and

Lan

gu

age

EXAMPLES1. The user Bob wants to add the FINANCIAL category to Jim’s

record, change Jim’s security level to 155, and restrict his accessto the system to weekdays between 8:00 a.m. and 8:00 p.m.chusr Jim category(FINANCIAL) level(155) \restrictions (days(weekdays)time(0800:2000))

2. The user Admin1 wants to suspend the user Joel, who will be onvacation for three weeks, starting on August 10, 1998.chusr Joel suspend(8/10/98) resume(8/28/98)

3. The user Security2 wants to remove the AUDITOR attributefrom the user Bill and wants to audit all activity by Bill.chusr Bill auditor– audit(all)

4. The user Rob, owner of Mary’s user record, wants to change thecomment stored in the record of the user Mary.chusr Mary comment ('Administrator of the SALES group')

5. The user Bob wants to define the users Peter and Joe to TACF.Bob will automatically become the owner of these new userrecords.newusr (Peter Joe)

6. The user Bob wants to define the user Jane to TACF and assign“payroll” as the owning group.newusr Jane owner(payroll) name('J. G. Harris')

7. The user Bob wants to define the user JohnD to TACF with thesecurity category NewEmployee and a security level of 3. JohnDis to be allowed to use the system only on weekdays between thehours of 8:00 a.m. and 6:00 p.m.newusr JohnD name('John Doe') category(NewEmployee)\level(3) restrictions(days(weekdays) time(0800:1800))

SEE ALSOjoin, join–, rmusr, showusr


70 Version 3.7

environmentSets the security environment.

SYNOPSIS{environment | env} {seos | unix}

DESCRIPTIONThe environment command sets the security environment. TACFsupports the seos and UNIX security environments. When the TACFcommand shell is invoked, the seos environment is selected bydefault.

AuthorizationAll users can use this command to change environments. However,only those with appropriate access authority can change the TACFdatabase in the environment specified.

Argumentsseos Specifies the seos security environment. The TACF

commands affect the TACF database. Some commandssupport simultaneous updates to the UNIX security settings.In the seos environment, the selang prompt is as follows:TACF

unix Specifies the UNIX security environment. The TACFcommands operate on the UNIX security system. In theUNIX environment, the selang prompt is as follows:TACF(unix)

environment Command


1.TA

CF

Co

mm

and

Lan

gu

age

findDisplays class information.

SYNOPSIS{find | search | f | s} [class(className) [objName |objNamePattern]]

DESCRIPTIONThe find command displays the names of all classes defined toTACF, displays all the objects in a specified class, or displaysspecified objects in the specified class.

Authorization¶ If you have the ADMIN, AUDITOR, or OPERATOR attribute,

you can use the find command with all parameters.

¶ If you have the PWMANAGER attribute, you can use the findcommand on the USER class.

¶ If you have READ authority in the access control list of a recordin the ADMIN class, you can specify the class parameter for theclass represented by the record.

ArgumentsEnter the find command without any arguments to display a list ofall classes defined to TACF.

className or class(className)Specifies the name of a class. TACF searches thedatabase for all objects in the specified class. TheclassName parameter is not case-sensitive.

objName Specifies the name of an object in className thatTACF is to display. You may enter multiple objectnames; enclose the object names in parentheses andseparate the names with commas or spaces. TheobjName parameter is case-sensitive.

objNamePatternSpecifies a name pattern that can be used to listmultiple objects in the specified class. Use wildcards

find Command

72 Version 3.7

(* and ?) to specify an objNamePattern. TheobjNamePattern is case-sensitive.

EXAMPLES1. The user wants to display the names of all the members in the

TERMINAL class in the TACF database.find terminal

2. The user wants to display the names of all the groups in theGROUP class whose names begin with Sec.find group Sec*

find Command


1.TA

CF

Co

mm

and

Lan

gu

age

helpDisplays selang command syntax, access authority values availablefor the authorize command, and special characters that can be usedto manipulate command lines.

SYNOPSIS{help | h | ?} [commandName | access | lineEdit]

DESCRIPTIONThe help command displays command syntax. Used withoutparameters, it displays a list of the selang commands, in alphabeticalorder, with a brief explanation of each.

To display the help text for a command typed at the commandprompt before you execute the command, press the Ctrl+2 keycombination.

AuthorizationAll users can use this command. However, only users withappropriate access authority can run the displayed commands.

ArgumentscommandName

Specifies the name of the command on which thehelp information is to be displayed.

access Displays a list of values for the access parameter ofthe authorize command and the defaccess parameterof the newfile, chfile, editfile, newres, chres, andeditres commands.

lineEdit Displays a list of special characters for selangcommand line manipulations.

help Command

74 Version 3.7

historyLists the previously entered commands.

SYNOPSIShistory

DESCRIPTIONThe history command lists all the commands that were enteredduring the current TACF command shell session. The commands areordered chronologically, and each is preceded by a number based onthe order in which it was invoked.

The history command does not display a password even if one wasentered as part of a chusr, newusr, or editusr command. Thehistory command displays a series of asterisks (***) instead of theclear text password.

Use the up- and down-arrow keys to display commands from thehistory list in the command line. To see only the commands thatbegin with specific characters, type those characters in the commandline before using the up- and down-arrow keys. When the Enter keyis pressed, the command currently displayed in the command line isexecuted.

The TACF command language also supports the following shortcutsthat make use of commands in the history list:

^^ [string]Invokes the previous command. If string is specified, it isappended to the original command.

^n [string]Invokes the command that is numbered n in the history list,where n is a positive integer. If string is specified, it isappended to the original command.

^–n [string]Invokes the nth command from the end of the list, where nis a positive integer. If string is specified, it is appended tothe original command.

history Command


1.TA

CF

Co

mm

and

Lan

gu

age

^match [string]Invokes the most recently issued command that begins withthe characters match, where match is a text string. If stringis specified, it is appended to the original command.Separate the match and string values with a space.

AuthorizationAll users can use this command. However, only users withappropriate access authority can run the displayed commands.

history Command

76 Version 3.7

hostsSpecifies the target hosts on which the TACF commands areexecuted, or displays the current list of hosts on which the TACFcommands are executed.

SYNOPSIShosts [systemIds]

DESCRIPTIONThe hosts command specifies the hosts to which the TACFcommands are sent. The hosts command must be executed beforeexecuting the commands that are to be directed to the hosts. If youdo not specify hosts, the local host is used by default; that is, allcommands are directed to the database on the local host.

Note: TACF protects hosts through their canonical host names andnot through aliases. To avoid the confusion caused by aliasnames, TACF issues a warning when a HOST rule is definedfor an alias name.

Similarly, TACF gives a warning if a host is defined with lessthan a fully qualified name, because TACF uses fullyqualified names (such mymachine.noontide.com) for hosts.

AuthorizationTo administer, or update, a remote host database from the local host,the user must be:

¶ Explicitly authorized to update the remote host database fromthe local database

¶ A member of a group that is allowed to update the remote hostdatabase from the local database

¶ The owner of the local host as defined in the remote host

To give a user authorization to update the remote host database fromthe local database, use the following command:authorize TERMINAL local_host uid(user_name)\access(write)

hosts Command


1.TA

CF

Co

mm

and

Lan

gu

age

To give a group authorization to update the remote host databasefrom the local database, use the following command:authorize TERMINAL local_host gid(group_name)\access(write)

ArgumentsTo list all the hosts that are currently available, specify the hostscommand without any parameters.

systemIdsSpecifies the system IDs of the hosts on which the TACFcommands are to be executed. When specifying more thanone host, enclose the list of systems IDs in parentheses andseparate the IDs with spaces or commas.

Note: To display the help text for a command typed in thecommand line without deleting the text in the command line,type <Ctrl><2>.

EXAMPLESThe administrator wants to apply all future commands to the hostathena.hosts athena

If successful connections are made to athena, the following messagesappear on the screen:(athena)Successfully connectedINFO: Target version is 2.00 (0.00)

Commands entered subsequent to this change are applied to athenaand not sent to the local host. If the administrator adds a new user,the user is added only to athena, as shown in the example:TACF> newusr steve(athena)Successfully created USER steve

hosts Command

78 Version 3.7

joinJoins users to a group or replaces their properties in a group.

SYNOPSIS{join | j} userName group(groupName) [admin | admin–] [auditor| auditor–] [operator | operator–] [owner(userName | groupName)][pwmanager | pwmanager–] [unix]

DESCRIPTIONThe join command adds users to one or more groups, or changestheir set of properties with respect to the groups. The specified usersand groups must already be defined to TACF.

The set of properties from the join command completely replacesany previous set of properties for the specified users in the specifiedgroups. If any such properties were previously defined, they are notretained unless the new join command specifies them again.

AuthorizationYou can use the join command only if at least one of the followingconditions is true:




¶ You are assigned CONNECT authority in the access control listof the GROUP record in the ADMIN class.

Argumentsadmin Assigns the GROUP-ADMIN attribute to userName.

admin– Removes the GROUP-ADMIN attribute fromuserName.

auditor Assigns the GROUP-AUDIT attribute to userName.

auditor– Removes the GROUP-AUDIT attribute fromuserName.

join Command


1.TA

CF

Co

mm

and

Lan

gu

age

group(groupName)Specifies that the user is being joined to the groupgroupName. When specifying more than one group,enclose the group names in parentheses and separatethe names with spaces or commas.

operator Assigns the GROUP-OPERATOR attribute touserName.

operator– Removes the GROUP-OPERATOR attribute fromuserName.

owner Specifies a TACF user or group as the owner of thejoin record. If you are creating a connection and youdo not specify an owner, you are assigned ownershipof the connection.



pwmanager Assigns the GROUP-PWMANAGER attribute touserName.

pwmanager– Removes the GROUP-PWMANAGER attribute fromuserName.

unix Connects userName to the group in the UNIXsecurity system.

userName Specifies the name of the user who is to beconnected (or reconnected with a new set ofproperties) to the group or groups specified by thegroup parameter. When specifying more than oneuser, enclose the user names in parentheses andseparate the user names with spaces or commas. TheuserName variable is required and appears as thefirst parameter.

join Command

80 Version 3.7

EXAMPLES1. The user Rorri wants to join the user Bob to the group staff.

join Bob group(staff)

2. The user Rorri wants to change the definition of Sue in the groupstaff. Sue currently has GROUP-AUDIT authority; Rorri wants toadd GROUP-PWMANAGER authority.join Sue group(staff) auditor pwmanager

When TACF executes this command, it deletes the previousrecord. No record is kept of Sue’s previous attributes. Therefore,Rorri must specify the two attributes Sue should have now.

SEE ALSOjoin–, showgrp, showusr

join Command


1.TA

CF

Co

mm

and

Lan

gu

age

join–Removes users from a group.

SYNOPSIS{join– | j–} userName group(groupName)

DESCRIPTIONThe join– command removes users from groups.

AuthorizationTo use the join– command, one of the following conditions must betrue:




¶ You are assigned CONNECT authority in the access control listof the GROUP record in the ADMIN class.

ArgumentsuserName Specifies the name of the user you want to remove

from the group. When removing more than one userfrom the group, enclose the list of user names inparentheses and separate the names with spaces orcommas.

group(groupName)Specifies the group from which to remove the user.When specifying more than one group, enclose thegroup names in parentheses and separate the nameswith spaces or commas.

EXAMPLESThe user Bill wants to remove the users sales25 and sales43 fromthe group PAYROLL.join– (sales25 sales43) group(PAYROLL)

join- Command

82 Version 3.7

SEE ALSOjoin, showgrp, showusr

join- Command


1.TA

CF

Co

mm

and

Lan

gu

age

renameChanges a record name in the TACF database.

SYNOPSISrename className <old resourceName> <new resourceName>

rename Command

84 Version 3.7

rmfileRemoves records of the FILE class from the TACF database.

SYNOPSIS{rmfile | rf} fileName

DESCRIPTIONThe rmfile command deletes files from the TACF database. Files areresource records that belongs to the FILE class.

AuthorizationYou can remove a file if one of the following conditions is met:


¶ The record is within the scope of a group in which you have theGROUP-ADMIN attribute.

¶ You are the owner of the file.

¶ You have the DELETE access authority assigned in the ACL ofthe FILE record in the ADMIN class.

ArgumentfileName

Specifies the name of the file you are removing. Whenremoving more than one file, enclose the list of file names inparentheses and separate the names with spaces or commas.TACF processes each file record independently. If an erroroccurs while a file is being processed, TACF issues amessage and continues processing with the next file in thelist.

EXAMPLESThe security administrator wants to remove TACF protection for thefile /etc/passwd.rmfile /etc/passwd

SEE ALSOchfile, editfile, newfile, showfile

rmfile Command


1.TA

CF

Co

mm

and

Lan

gu

age

rmgrpRemoves a group.

SYNOPSIS{rmgrp | rg} groupName [unix]

DESCRIPTIONThe rmgrp command removes one or more groups from TACF and,optionally, from UNIX.

The rmgrp command may not delete every occurrence of the groupID from the TACF database. For example, the rmgrp command doesnot update resource access control lists (ACLs). Use the authorize–command to remove the group ID from ACLs that contain it; or usethe sepurgdb utility to perform the cleanup operation.

AuthorizationThe rmgrp command takes effect only if at least one of thefollowing is true:


¶ The group to be deleted is within the scope of a group in whichyou have the GROUP-ADMIN attribute.

¶ You are the owner of the group to be deleted.

¶ You are assigned DELETE authority in the GROUP record ofthe AUDIT class.

ArgumentsgroupName

Specifies the name of the TACF group record to be deleted.To delete more than one group, enclose the list of groupnames in parentheses and separate the names with spaces orcommas.

unix Deletes a group from the local UNIX system in addition todeleting the group from the TACF database.

rmgrp Command

86 Version 3.7

EXAMPLESThe user Joe wants to delete the groups DEPT1 and DEPT2 fromthe TACF database.rmgrp (DEPT1 DEPT2)

SEE ALSOauthorize–, chgrp, editgrp, join, join–, newgrp, sepurgdb,showgrp

rmgrp Command


1.TA

CF

Co

mm

and

Lan

gu

age

rmresRemoves resources from TACF.

SYNOPSIS{rmres | rr} className resourceName

DESCRIPTIONThe rmres command removes resources from the TACF database.Records belonging to the following classes can be deleted using thermres command: ADMIN, CATEGORY, CONNECT, FILE, GHOST,GSUDO, GTERMINAL, HOLIDAY, HOST, HOSTNET, HOSTNP,PROCESS, PROGRAM, SECFILE, SECLABEL, SUDO,SURROGATE, TCP, TERMINAL, UACC, and any user-definedclass.

AuthorizationTo remove a TACF record from the TACF database, you must meetone of the following conditions:




¶ You are assigned the DELETE authority in the access control listof the resource class’s record in the ADMIN class.

ArgumentsclassName

Specifies the name of the class to which the resourcebelongs. To list the resource classes defined to TACF, usethe find command.

resourceNameSpecifies the name of the resource record you are deleting.When removing more than one resource, enclose the list ofresource names in parentheses and separate the names withspaces or commas. At least one resource name must bespecified. TACF processes each resource record

rmres Command

88 Version 3.7

independently. If an error occurs while processing a resource,TACF issues a message and continues processing with thenext resource in the list.

EXAMPLESThe user Admin1 wants to remove the record TERMS from theTERMINAL class in the TACF database.rmres TERMINAL TERMS

SEE ALSOchres, editres, newres, showres

rmres Command


1.TA

CF

Co

mm

and

Lan

gu

age

rmusrRemoves a user.

SYNOPSIS{rmusr | ru} userName [unix]

DESCRIPTIONThe rmusr command removes a user from TACF by removing theuser’s record from the database and removing all references to theuser’s record that exist in group records. The rmusr commandoptionally removes the user from UNIX as well.

The rmusr command may not delete all occurrences of the user IDfrom the TACF database. For example, the user could be the ownerof a group, the owner of other records, or in an access control list(ACL) for a resource. Use the chgrp, chusr, chres, and authorize–commands, as required, to change ownership and remove accessauthorities relating to the user record you want to delete; or use thesepurgdb utility to automatically clean up inconsistencies in theTACF database.

AuthorizationYou can execute the rmusr command if you meet at least one of thefollowing requirements:


¶ The user record to be deleted is within the scope of a group inwhich you have the GROUP-ADMIN attribute.

¶ You are assigned the DELETE authority in the access control listof the USER record in the ADMIN class.

¶ You are the owner of the user record.

ArgumentsuserName

Specifies the name of the user record. When removing morethan one user record, enclose the list of user names inparentheses and separate the names with spaces or commas.

rmusr Command

90 Version 3.7

unix Deletes the user from the UNIX environment, in addition todeleting the user from TACF. The user’s home directory,however, is not deleted.

EXAMPLESThe TACF administrator wants to delete the user TerryS from TACF.rmusr TerryS

SEE ALSOauthorize–, chgrp, chres, chusr, editusr, newusr, sepurgdb,showusr

rmusr Command


1.TA

CF

Co

mm

and

Lan

gu

age

rulerSets the properties that TACF displays for a particular class.

SYNOPSISruler className [props(all | propName)]

DESCRIPTIONThe ruler command determines which properties TACF displayswhen the showusr, showgrp, showres, and showfile commands areexecuted. By default, TACF displays all the properties of a classexcept electronic signatures. By using this command, you can chooseto display only properties that interest you. All users can use thiscommand.

The ruler command only applies to the hosts of the current sessionand displays the rulers of all the hosts of the current session. Theproperties of each host are displayed in a separate list. If you changehosts, the ruler command does not change the display of propertiesin the new hosts.

If you do not enter at least one property name when executing theruler command, TACF displays the names of the properties that arein the current ruler.

AuthorizationOnly the following users can issue this command:

¶ Users with the ADMIN, AUDITOR, or OPERATOR attribute.

¶ Users who have access read in class ADMIN for the classwhose ruler they are trying to set. For example, if you haveaccess read in class ADMIN for the record representing classTERMINAL, you can set the ruler for class TERMINAL.

ArgumentsclassName

Specifies the name of the class whose display properties arebeing set.

ruler Command

92 Version 3.7

props Specifies the properties to display for className. Thefollowing values are valid:

all Indicates that TACF should display all properties forthe specified class.

propNameSpecifies the name of the property to display. Whenspecifying more than one property name, separatethe names with commas or spaces.

EXAMPLES1. The administrator wants TACF to display only two properties for

each user: the owner and the user who is notified about changes.ruler USER props(NOTIFY OWNER)

2. The administrator wants to display the properties in the currentruler for class USER.ruler USER

3. The administrator wants TACF to revert to the default ruler todisplay all the properties in the class USER.ruler USER props(all)

SEE ALSOshowfile, showgrp, showres, showusr

ruler Command


1.TA

CF

Co

mm

and

Lan

gu

age

setoptionsSets the TACF options. Activates and deactivates password qualitychecking. Enables and disables security level checking.

SYNOPSIS{setoptions | so} {[accgrr | accgrr–] [accpacl | accpacl–] [class+(className) | class–(className)] [inactive(nDays) | inactive–] [list][maxlogins(nLogins) | maxlogins–][password([history(nStoredPasswords) | history–] [interval(nDays) |interval–] [min_life(nDays) | min_life–][rules([alpha(nCharacters)] [alphanum(nCharacters)][grace(nLogins)] [length(nCharacters)] [lowercase(nCharacters)][max_rep(nCharacters)] [namechk | namechk–][numeric(nCharacters)] [oldpwchk | oldpwchk–][special(nCharacters)] [uppercase(nCharacters)])] | [rules–])]}

DESCRIPTIONThe setoptions command dynamically sets system-wide TACFoptions related to resource protection. Specifically, setoptions is usedto enable or disable security checking on a class-by-class basis or forall classes system-wide. It is also used to set password policies andlist the current settings of the TACF options.

AuthorizationTo issue the setoptions command with most parameters, you musthave the ADMIN attribute. A user with only the AUDITOR orOPERATOR attribute can, however, execute the setoptionscommand with the list parameter.

Argumentsaccgrr Specifies that the authority of a user belonging to

more than one group is equal to the sum of all theauthorities of the groups to which the user belongs.However, if any of the access types is NONE, thenNONE takes precedence over the access types fromother groups.

accgrr– Specifies that TACF does not accumulate the grouprights of a user when checking access authorizations.

setoptions Command

94 Version 3.7

The access type of the first group checked isassigned to the user. However, if any of the accesstypes is NONE, then NONE takes precedence overthe access types from the other groups.

accpacl

Specifies the accessors and programs that arepermitted to run a particular resource along with theaccess type associated with each program.

If there is explicit access provided for a user throughan ACL, then that access is the allowed access. Ifexplicit access has not been specified through anACL, or access is not specified as NONE, thenaccess rules are a combination of PACL and ACLspecifications.

accpacl– Disables ACCPACL. When ACCPACL is not active,if there is explicit access provided for a user throughan ACL, then that access is the allowed access. Ifthere is no explicit access provided through an ACL,then the allowed access follows the PACL access.

class+ (className)Enables one or more TACF classes. A class must beenabled for TACF to protect resources of that class.A class should be activated only after you havedefined the necessary records to allow access to theresources that belong to the class. The classNamemust be written in all uppercase letters.

Set the class+ parameter to one of the followingvalues:

¶ SECLEVEL to enable security level checking.

¶ PASSWORD to activate password qualitychecking.

¶ Any other valid TACF class except GROUP,SECFILE, SEOS, UACC, and USER; these areprotected classes that cannot be changed.

setoptions Command


1.TA

CF

Co

mm

and

Lan

gu

age

class– (className)Disables one or more TACF classes. Resources thatbelong to a disabled class are not protected byTACF. The className must be written in alluppercase letters.

Set the class– parameter to one of the followingvalues:

¶ SECLEVEL to disable security level checking.

¶ PASSWORD to deactivate password qualitychecking.

¶ Any other valid TACF class except GROUP,SECFILE, SEOS, UACC, and USER; these areprotected classes that cannot be disabled.

inactive(nDays)Specifies the number of inactive days after which auser’s login is suspended. An inactive day is a day inwhich the user does not log in.

inactive– Disables the inactive login check.

list Displays the current TACF settings on the screen.Use setoptions list to list all the classes in thedatabase.

maxlogins(nLogins)Specifies the default maximum number of concurrentlogins allowed for a user. TACF does not allow moreconcurrent sessions than the specified number. Avalue of 0 (zero) means there is no maximum andthe user can concurrently log in from any number ofterminals. This value can be overridden by assigninga value in the user’s user record.

Note: If maxlogins is set to 1, you cannot runselang. You must bring down TACF, changethe maxlogins setting to greater than 1, andrestart TACF.

maxlogins– Disables the global maximum logins check. The

setoptions Command

96 Version 3.7

number of times a user can log in is unlimited,unless the user’s login is restricted in the user record.

password Sets the password options.

history(nStoredPasswords)Specifies the number of previouspasswords that are stored in thedatabase. When supplying a newpassword, the user cannot specifyany of the passwords stored in thehistory list. The value fornStoredPasswords must be an integerbetween 1 and 24. If you specifyzero, no passwords are saved.

history– Disables password history checking.

interval(nDays)Sets the number of days that mustpass after passwords are set orchanged before the system promptsusers for a new password. If theutility segrace is part of a user’slogin script, TACF informs the userthat the current password has expiredwhen the specified number of days isreached. The user can immediatelyrenew the password or continueusing the old password until thenumber of grace logins is reached.After the number of grace logins isreached, the user is denied access tothe system and must contact thesystem administrator to select a newpassword.

The value of nDays must be apositive integer or zero. An intervalof zero disables password interval

setoptions Command


1.TA

CF

Co

mm

and

Lan

gu

age

checking for users. Set the interval tozero if you do not want passwords toexpire.

interval– Cancels the password intervalsetting.

min_life(nDays)Sets the minimum number of daysbetween password changes. Thevalue for nDays must be a positiveinteger.

min_life– Disables checking the number ofdays between password changes.

rules Sets one or more password rules thatare to be used to check the quality ofnew passwords. The followingparameters are used to set thepassword rules:

alpha: Sets the minimum number ofalphabetic characters the newpassword must contain. The value fornCharacters must be an integer.

alphanum: Sets the minimumnumber of alphanumeric charactersthe new password must contain. Thevalue for nCharacters must be aninteger.

grace: Sets the maximum number ofgrace logins that are permitted beforethe user is suspended. The number ofgrace logins must be between 0 and255.

length: Sets the minimum passwordlength. The value for nCharacters is

setoptions Command

98 Version 3.7

the minimum total number ofcharacters that the new passwordmust contain.

lowercase: Sets the minimumnumber of lowercase characters thenew password must contain. Thevalue for nCharacters must be aninteger.

max_rep: Sets the maximum numberof repetitive characters the newpassword must contain. The value fornCharacters must be an integer.

name chk: Checks whether thepassword contains or is contained bythe user’s name. By default, TACFperforms this check.

name chk–: Turns off this check.

numeric: Sets the minimum numberof numeric characters the newpassword must contain. The value fornCharacters must be an integer.

oldpwchk: Checks whether the newpassword contains or is contained bythe password being replaced. Bydefault, TACF performs this check.

oldpwchk–: Turns off this check.

special: Sets the minimum numberof special characters the newpassword must contain. The value fornCharacters must be an integer.

uppercase: Sets the minimumnumber of uppercase characters thenew password must contain. Thevalue for nCharacters must be aninteger.

setoptions Command


1.TA

CF

Co

mm

and

Lan

gu

age

rules– Disables password quality checking.None of the rules specified by therules argument will be used forpassword quality checking.

EXAMPLES1. The user John wants to activate the OpsAct class, an

installation-defined class used to protect operator actions.setoptions class+(OpsAct)

2. The user Mike wants to set a password policy that forces users tosupply passwords of length at least 6 characters. Mike also wantsto activate password policy enforcement.setoptions class+(PASSWORD)setoptions password(rules(length(6)))

3. The user SecAdmin wants to enable security level checking.setoptions class+(SECLEVEL)

setoptions Command

100 Version 3.7

showfileDisplays the properties of files.

SYNOPSIS{showfile | sf} fileName [unix]

DESCRIPTIONThe showfile command displays all the properties of a file record inalphabetical order. See “TACF Properties” on page 299 for a list ofall the properties of the TACF classes.

TACF displays information only for those resources for which youhave sufficient authority.

To display the properties of files using a generic file name, use twoslashes at the beginning of the expression.

AuthorizationYou can execute a showfile command if at least one of the followingconditions is true:

¶ You have at least one of the following attributes: ADMIN,AUDITOR, OPERATOR.

¶ You have the GROUP-ADMIN, GROUP-AUDITOR, orGROUP-OPERATOR attribute in the group that owns the file orthat is a parent of the group that owns the file.

¶ You are the owner of the file.

¶ You are assigned read authority in the access control list (ACL)of the object representing the FILE class record in the ADMINclass.

ArgumentsfileName

Specifies the name of the file record whose properties are tobe listed. When listing the properties of more than one file,enclose the list of file names in parentheses and separate thenames with spaces or commas. You can specify a namepattern to list the properties of all files that match the

showfile Command


1.TA

CF

Co

mm

and

Lan

gu

age

specified pattern. To display the properties of all the filerecords for which you have the proper authority, use anasterisk (*). In order to display the properties of a single filewhose name contains a special character or space, type abackslash (\) before the special character or space.

TACF processes each file record independently. If an erroroccurs while processing a file, TACF issues a message andcontinues processing with the next file in the list.

unix Displays the UNIX file attributes as well as the TACFproperties.

EXAMPLES1. The user root wants to list the properties of the file record

/etc/passwd.showfile /etc/passwd

2. The TACF Administrator wants to display the properties of thefiles represented by the generic file name /home/joan/my*.showfile //home/joan/my*

SEE ALSOchfile, newfile, rmfile

showfile Command

102 Version 3.7

showgrpDisplays the properties of a group.

SYNOPSIS{showgrp | sg} groupName [unix]

DESCRIPTIONThe showgrp command displays the settings of all the TACFproperties of a group record. Optionally, the UNIX properties arealso shown.

AuthorizationYou can execute a showgrp command if at least one of thefollowing conditions is true:


¶ You have at least one of the following attributes in each groupto be listed, or each group is within the scope of a group inwhich you have the attribute: GROUP-ADMIN,GROUP-AUDITOR, or GROUP-OPERATOR.


¶ You are assigned read authority in the access control list (ACL)of the GROUP record in the ADMIN class.

ArgumentsgroupName

Specifies the name of the group whose properties you wantto list. To list the properties of more than one group, enclosethe list of group names in parentheses and separate thenames with spaces or commas. You can specify a mask thatidentifies several groups that have a common name pattern.To list the information contained in all the TACF grouprecords, use an asterisk (*). To display the properties of asingle group whose name contains a special character orspace, type a backslash (\) before the special character orspace.

showgrp Command


1.TA

CF

Co

mm

and

Lan

gu

age

unix Shows the group properties from the local UNIX system inaddition to the properties in the TACF database.

EXAMPLES1. The user root wants to display the properties of the security

group.showgrp security

2. The administrator wants to display the properties of all TACFgroups.showgrp *

SEE ALSOchgrp, editgrp, newgrp, rmgrp

showgrp Command

104 Version 3.7

showresDisplays the properties of resources.

SYNOPSIS{showres | sr} className resourceName

DESCRIPTIONThe showres command displays the properties of resourcesbelonging to classes in the TACF database in alphabetical order. See“TACF Properties” on page 299 for a list of all the properties of theTACF classes.

The following classes can be listed using the showres command:ADMIN, CATEGORY, CONNECT, FILE, GHOST, GSUDO,GTERMINAL, HOST, HOSTNET, HOSTNP, PROCESS,PROGRAM, SECFILE, SECLABEL, SUDO, SURROGATE, TCP,TERMINAL, UACC, and any user-defined class.

TACF displays information only for those resources for which youhave sufficient authority.

To display the properties of files using a generic file name, use twoslashes at the beginning of the expression.

AuthorizationYou can execute a showres command if at least one of the followingconditions is true:


¶ The resource is within the scope of a group in which you haveat least one of the following attributes: GROUP-ADMIN,GROUP-AUDITOR, GROUP-OPERATOR.

¶ You are the owner of the resource.

¶ You are assigned read authority in the access control list of theobject representing the resource class record in the ADMINclass.

showres Command


1.TA

CF

Co

mm

and

Lan

gu

age

ArgumentsclassName

Specifies the name of the class to which the resourcebelongs. To list the resource classes defined to TACF, usethe find command.

resourceNameSpecifies the name of the resource record whose propertiesare to be listed. When listing the properties of more than oneresource, enclose the list of resource names in parenthesesand separate the names with spaces or commas. You canspecify a name pattern to list the properties of all resourcesthat match the specified pattern. To display the properties ofall the resources defined to the specified class, use anasterisk (*). To display the properties of a single resourcewhose name contains a special character or space, type abackslash (\) before the special character or space.

TACF processes each resource independently. If an erroroccurs while processing a resource, TACF issues a messageand continues processing with the next resource in the list.

EXAMPLES1. The user Admin1 wants to list the properties of the records

whose names match the mask ath* in the TERMINAL class.showres TERMINAL ath*

2. The TACF administrator wants to display the properties of thefiles represented by the generic file name /home/joan/my*.showfile //home/joan/my*

SEE ALSOchres, editres, newres, rmres

showres Command

106 Version 3.7

showusrDisplays the properties of a user.

SYNOPSIS{showusr | su} userName [addprops(propName)] [next] [props(all |propName)] [useprops (propName)] [unix]

DESCRIPTIONThe showusr command lists the values of all the properties that arecontained in a TACF user record. If you enter the showusrcommand without specifying userName or mask, TACF lists theinformation from your own user record.

AuthorizationYou can always list the details of your own user record. To listdetails of another user’s record, one of the following conditions mustbe true:

¶ You are the owner of the user record.

¶ You have at least one of the following attributes: ADMIN,AUDITOR, OPERATOR, or PWMANAGER.

¶ The user record is within the scope of a group in which youhave at least one of the following attributes: GROUP-ADMIN,GROUP-AUDITOR, or GROUP-OPERATOR.

¶ You are assigned read authority in the access control list (ACL)of the USER record in the ADMIN class.

Argumentsaddprops ( propName)

Sets the properties (ruler) to be displayed. The list ofproperties is added to the current ruler. When specifyingmore than one property, enclose the property names inparentheses and separate the names with spaces or commas.

next Displays parts of the requested data. This option is usefulwhen the query data is larger than the set query size.The

showusr Command


1.TA

CF

Co

mm

and

Lan

gu

age

maximum query size is determined by the query_size tokenin the lang section of the seos.ini file. The query size defaultis set at 100.

props (all | propName)Sets the properties (ruler) to be displayed. The ruler remainsset for future queries.

useprops (propName)Sets the properties (ruler) to be displayed. The current ruleris ignored. The ruler is set for this query only. Whenspecifying more than one property, enclose the propertynames in parentheses and separate the names with spaces orcommas.

userNameSpecifies the name of the user record. When listing theproperties of more than one user record, enclose the usernames in parentheses and separate the names with spaces orcommas. To display the properties of a single user whosename contains a special character or space, type a backslash(\) before the special character or space. You can specify aname pattern to identify a group of users with similar recordnames. For example, to list all users whose names beginwith A, specify A*.

unix Lists the user’s UNIX properties in addition to the TACFproperties.

EXAMPLES1. The user root wants to list the properties of Robin’s user record.

showusr Robin

2. The user root wants to list the user properties of the users Robinand Leslie.showusr (Leslie, Robin)

SEE ALSOchusr, editusr, newusr, rmusr

showusr Command

108 Version 3.7

sourceEnables you to execute TACF commands that have been saved in afile.

SYNOPSISsource fileName

DESCRIPTIONThe source command enables you to execute one or more TACFcommands that have been placed in a file. TACF reads the specifiedfile, executes the commands, and returns a TACF prompt. Any userwho is defined in the TACF database can use the source command.

Note: This command is like the source command in csh and tcsh inUNIX.

AuthorizationAny user who is defined in the TACF database can use the sourcecommand.

ArgumentfileName

Specifies the name of the file that contains the TACFcommands.

EXAMPLESThe user Admin wants to execute the commands in the file calledinitf1.source initf1

source Command


1.TA

CF

Co

mm

and

Lan

gu

age

unaliasDeletes an alias from the TACF database.

SYNOPSISunalias aliasName

DESCRIPTIONThe unalias command deletes an alias from the TACF database.

AuthorizationAll users can use this command.

ArgumentaliasName

Specifies the name of the alias you want to delete from theTACF database.

SEE ALSOalias

unalias Command

110 Version 3.7

TACF Commands in the UNIXEnvironment

This chapter discusses the TACF commands available in the UNIXenvironment of the TACF command shell. In the UNIX environment,the TACF commands are used to add, delete, modify, and list theusers and groups in the local UNIX host and through the NISsystem, if implemented. You can also modify and list the UNIX filepermission and ownership settings.

This chapter includes a list of TACF commands by category, anintroduction to the UNIX command shell environment, and adetailed reference of all the TACF commands that are supported inthe UNIX command shell environment, including examples of howto perform common procedures. The commands are arrangedalphabetically.

Commands by CategoryThis section contains a complete list of TACF commands for theUNIX environment, arranged by the following categories:

¶ Commands for managing users

¶ Commands for managing groups

¶ Commands for managing files

¶ Miscellaneous commands

2


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

Some commands are listed in more than one category.

User Commands


chusr Changes the definition of an existing UNIX user.

editusr Adds a new user or changes the definition of anexisting user.

join Joins users to a group.

join– Removes users from a group.

newusr Adds a new user to UNIX.

rmusr Removes a user from UNIX.

showusr Lists the UNIX properties of a user.

Group Commands


chgrp Changes the definition of an existing UNIX group.

editgrp Changes the definition of an existing UNIX group.

join Joins users to a group.

join– Removes users from a group.

newgrp Adds a new group to UNIX.

rmgrp Removes a group from UNIX.

showgrp Lists the UNIX properties of a group.

File Commands


chfile, editfile Changes the file attributes of a file in the UNIX filesystem.

showfile Lists the UNIX file attributes of a file.

User Keys

112 Version 3.7



environment Sets the security environment to TACF or UNIX.

find Displays class information.

help Displays help text.

history Displays a list of all commands entered so far inthe current session.

Working in the UNIX EnvironmentThis section explains how to work in the UNIX security environmentof the TACF command shell.

Changing to the UNIX EnvironmentWhen the TACF command shell is set to the UNIX environment, theTACF commands operate on the security files of the local UNIXhost. This section shows you how to change to the UNIXenvironment.

Use the following steps to set the UNIX environment:

1. Invoke the TACF command shell by typing the followingcommand:selang

When the TACF command shell is invoked in the TACFenvironment, the following prompt is displayed:TACF>

2. Change to the UNIX environment by entering the followingcommand:environment unix

The following prompt is displayed:TACF(unix)>



2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

From this point on, all TACF commands operate on the UNIXsecurity files, instead of on the TACF database. The syntax of theTACF commands is discussed in the following pages.

3. To return to the TACF environment and redisplay the TACFprompt, type the following command:environment seos

Getting Help

HelpYou can get help on the UNIX environment at any time whileworking in the TACF command shell. You do not have to be in theUNIX environment to get help on the TACF UNIX commands.

Note: To display the help text for a command typed in thecommand line without deleting the text in the command line,press the Ctrl+2 key combination.

The following command gets help on the UNIX environment:help [unix]

Use help unix if you are inside the TACF (seos) environment. Frominside the UNIX environment, type ? or help or help topic, wheretopic is a TACF command in the UNIX environment.

If you specified a topic, the help text that describes the topic isdisplayed; otherwise, the Help Table of Contents is displayed. See“help” on page 127, on page for more information.

Setting the System DefaultsThis section shows you how to set up TACF for management of theUNIX security system.

Defining the Default User FileThe default file for updating UNIX users is /etc/passwd. The defaultcan be changed using the seos.ini file. Changing the seos.ini file isnormally required on the NIS server machine only if you areworking under NIS.

Changing to the UNIX Environment

114 Version 3.7

To instruct TACF to use a different file when updating UNIX users,specify the file along with its full path specification in theYpServerPasswd token in the passwd section of the seos.ini file.YpServerPasswd = passwdMapSourcePath

Defining a Shadow Password FileTo change the location of the shadow password file, if used, set theYpServerSecure token in the passwd section of the seos.ini file.Specify the full path of the file.YpServerSecure = shadowPasswdFilePath

Updating the passwd NIS MapSpecify the NIS directory and the make command by adding thefollowing lines to the passwd section of the seos.ini file:YpMakeDir = /var/ypYpMakeCmd = make passwd group

Defining a Default File for Updating GroupsThe default file used when updating UNIX groups is /etc/group. Thedefault can be changed using the seos.ini file. Changing the seos.inifile is normally required only if you are working under NIS.

To assign a different file for use when updating UNIX groups,specify the file along with its full path specification in theYpServerGroup token in the passwd section of the seos.ini file.YpServerGroup = groupMapSourcePath

Automatic Backup of the UNIX User and Group FilesBefore the first update of a UNIX user or a UNIX group in asession, TACF creates a backup copy of the files /etc/passwd or/etc/group. The backup files are called /etc/passwd.SeOS.bak and/etc/group.SeOS.bak, respectively. If an error is made whenupdating the UNIX system, the original information is recoverable.Backups are made only before the first change to the UNIX systemin a TACF command shell session.

Defining the Default User File


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

Command Line Syntax for UNIXThe reference pages in this chapter use the following textconventions to define the TACF command syntax in the UNIXenvironment.

[ ] Identifies optional arguments. Arguments notenclosed in brackets are required.

| Indicates mutually exclusive information. You canuse the argument to the left of the separator or theargument to the right of the separator. You cannotuse both arguments in a single iteration of thecommand.

{ } Delimits a set of mutually exclusive arguments whenone of the arguments is required. If the argumentsare optional, they are enclosed in brackets ([ ]).

Bold Commands, keywords, and other information thatyou must use literally appear in bold.

Italics Variables, values, and names that you must provideappear italics.

For example:

{chgrp | cg} groupName [groupid(integer)] [userlist(userNames)]

The command name itself is required: it tells TACF which commandto execute. You may use chgrp or cg to invoke the chgrp (changegroup) command, but not both. The groupName parameter is alsorequired. The groupid and userlist parameters are optional. Whenyou specify the groupid parameter, you must also specify an integerargument; when you specify the userlist parameter, you must alsospecify a userNames argument. You must replace groupName,integer, and userNames with actual values and names. Enclose theinteger and userNames arguments in parentheses (), as shown in theexample.

The brackets ([]), braces ({}), and vertical bar (|) are used only fordescribing command syntax and are not to be typed.

Command Line Syntax for UNIX

116 Version 3.7

The reference information for each command also includes some orall of the following sections:

¶ DESCRIPTION: Describes the command and providesinformation about the authorization levels required to run thecommand. The description lists the parameters and argumentsthat can be used.

¶ EXAMPLES: Contains examples on using the command.

¶ SEE ALSO: Refers you to related commands.

Command names are usually followed by one or more parametersthat supply additional information needed to execute the command.Some parameters accept more than one argument. When more thanone argument is specified, separate the arguments with spaces orcommas.

See “TACF Command Language” on page 1 for more informationabout the TACF command language.



2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

chfileor editfile

Change UNIX file attributes.

SYNOPSIS{{chfile | cf} fileName {editfile | ef} fileName} [owner(userName)][group(groupName)] [mode[fowner(string)] [fgroup(string)][fother(string)]

DESCRIPTIONThe chfile and editfile commands change the settings of one or moreUNIX files.

ArgumentsfileName Specifies the name of the file whose settings are to

be changed. Enter one or more UNIX file names.When changing more than one file, enclose the listof file names in parentheses and separate the nameswith spaces or commas.

group(groupName)Changes the group to which the file belongs. Specifya valid group name.

mode Updates the file’s access modes.

fowner(string)Specifies the access modes for the owner ofthe file. Use the letters r, w, and x in stringto assign read, write, and executepermissions, respectively. Use the letter s tomake a file setuid.

Specify a plus sign (+) at the beginning ofstring to add permissions to the existingpermissions. Specify a minus sign (–) at thebeginning of string to remove thepermissions. If no prefix is specified, theprevious permissions are reset to string.


118 Version 3.7

fgroup(string)Specifies the access modes for the file’sgroup. Use the letters r, w, and x in string toassign read, write, and execute permissions,respectively. Use the letter s to make a filesetgid.


fother(string)Specifies the access modes that apply toother accessors. Use the letters r, w, and x instring to assign read, write, and executepermissions, respectively.


owner(userName)Changes the owner of the file. Specify the user nameof a valid UNIX user.

SEE ALSOshowfile

chfile or editfile Commands


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

chgrp or editgrp or newgrpThe chgrp command changes the UNIX attributes of a group. Theeditgrp command can define a new group or change UNIXattributes of an existing group. The newgrp command defines a newgroup in UNIX.

SYNOPSIS{{chgrp | cg} groupName {editgrp | eg} groupName {newgrp | ng}groupName} [groupid(integer)] [userlist(userNames)]

DESCRIPTIONThe chgrp command changes a group’s attributes in the UNIXsystem. The editgrp command either adds a new group to UNIXlike the newgrp command or changes the definition of an existinggroup like the chgrp command, depending on whether the groupidentified by groupName already exists. The newgrp command addsnew groups to the UNIX system.

New groups are added to and existing groups are updated in the filespecified in the seos.ini file; by default, the groups are added to the/etc/group file. For more information, see “Defining a Default Filefor Updating Groups” on page 115.

Argumentsgroupid(integer)

Sets the group ID of the group. The integerargument is a positive integer representing thegroup’s unique numeric ID. TACF does not allow agroup ID of zero.

groupName Specifies the name of the group to be modified orcreated. Specify the name of an existing UNIXgroup. When altering more than one group, enclosethe list of group names in parentheses and separatethe names with spaces or commas.

userlist(userNames)Specifies a new member list. Each user name mustbe that of a user who is already defined to UNIX.

chfile or editfile Commands

120 Version 3.7

When more than one user is in the list, separate thenames with spaces or commas. The user listspecified here replaces any previous user list definedto the group.

SEE ALSOjoin, join–, rmgrp, showgrp

chusr or editusr or newusr Commands


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

chusr or editusr or newusrDefine a new user to UNIX or change the UNIX attributes of a user.

SYNOPSIS{{chusr | cu} userName {editusr | eu} userName {newusr | nu}userName} [enable] [gecos(string) [homedir(path)][password(string)] [pgroup(groupName)] [shellprog(path)][userid(number)]

DESCRIPTIONThe chusr command modifies the definition of one or more users inthe UNIX system.

The editusr command can define a new user like the newusrcommand or change the properties of an existing user like the chusrcommand, depending on whether userName already exists.

The newusr command defines one or more new users to the UNIXsystem.

The users are added to or modified in the file specified in theseos.ini file, by default, the /etc/passwd file. For more information,see “Defining the Default User File” on page 114.

Argumentsenable Enables the login of a user that has for any reason

been disabled. This is a chuser and edituserargument.

gecos(string) Specifies a string containing general comments aboutthe user, such as the user’s full name. Enclose thestring in single quotation marks.

homedir(path)Specifies the full path of the user’s home directory.TACF attempts to create the directory. The UNIXfile is updated, regardless of whether TACFsuccessfully creates the home directory.

chusr or editusr or newusr Commands

122 Version 3.7

password(string)Assigns a password to a user. If password checkingis enabled, the password is valid for one login only.When the user next logs in to the system, a newpassword must be set. The string cannot containspaces or commas. You cannot change your ownpassword, even if you have the ADMIN orPWMANAGER attribute.

pgroup(groupName)Specifies the user’s primary UNIX group name.

shellprog(path)Specifies the full path of the initial program or shellthat is executed after the user invokes the logincommand or the su command.

userid(number)Specifies the user’s unique numeric ID, used forunique discretionary access control. The ID must bea decimal number greater than 100; values below100 are not accepted.

userName Specifies the name of an existing UNIX user. Whenchanging more than one user, enclose the list ofnames in parentheses and separate the names withspaces or commas.

SEE ALSOjoin, join–, rmusr, showusr

chgrp or editgrp or newgrp Commands


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

environmentSets the security environment.

SYNOPSIS{environment | env} {seos | unix}

DESCRIPTIONThe environment command sets the security environment. TACFsupports the seos and UNIX security environments. When the TACFcommand shell is invoked, the seos environment is selected bydefault.

Argumentsseos Specifies the seos security environment. The TACF

commands affect the TACF database. Somecommands support simultaneous updates to theUNIX security settings. In the seos environment, theselang prompt is as follows:TACF

unix Specifies the UNIX security environment. The TACFcommands operate on the UNIX security system. Inthe UNIX environment, the selang prompt is asfollows:TACF(unix)

chgrp or editgrp or newgrp Commands

124 Version 3.7

findDisplays class information.

SYNOPSIS{find | search | f | s} {class(USER | GROUP)} [objName |objNamePattern]

{find | search | f | s} class(FILE) [objName]

DESCRIPTIONIn the UNIX environment, the find command displays all the objectsin either the USER or GROUP class, specified objects in the USERor GROUP class, or a single object in the FILE class.

Argumentsclass(USER | GROUP)

Specifies whether to display objects in the USERclass or GROUP class. TACF searches the databasefor all objects in the specified class. The classparameter is not case-sensitive.

class(FILE) Specifies that TACF should search for the objectidentified by objName only in the database for theFILE class. The class parameter is not case-sensitive.

objName Specifies the name of an object in the USER,GROUP, or FILE class that TACF is to display. Youmay enter multiple object names for the USER andGROUP classes; enclose the object names inparentheses and separate the names with commas orspaces. The objName parameter is case-sensitive.

objNamePatternSpecifies a name pattern that can be used to listmultiple objects in the USER or GROUP class. Usewildcards (* and ?) to specify an objNamePattern.The objNamePattern is case-sensitive.

environment Command


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

EXAMPLES1. The user wants to display the names of all the users defined in

the USER class.find user

2. The user wants to display the names of all the groups in theGROUP class whose names begin with Sec.find group Sec*

3. The user wants to test for the existence of a file or directory.find class(FILE) /tmp

find Command

126 Version 3.7

helpDisplays command syntax, access authority values available for theauthorize command, and special characters that can be used tomanipulate command lines.

SYNOPSIS{help | h | ?} [commandName | access | lineEdit]

DESCRIPTIONThe help command displays command syntax. Used withoutparameters, it displays a list of the selang commands, in alphabeticalorder, with a brief explanation of each.

To display the help text for a command typed at the commandprompt before you execute the command, press the Ctrl+2 keycombination.

ArgumentscommandName

Specifies the name of the command on which thehelp information is to be displayed.

access Displays a list of values for the access parameter ofthe authorize command and the defaccess parameterof the newfile, chfile, editfile, newres, chres, andeditres commands.

lineEdit Displays a list of special characters for selangcommand line manipulations.

find Command


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

historyLists the previously entered commands.

SYNOPSIShistory

DESCRIPTIONThe history command lists all the commands that were enteredduring the current TACF command shell session. The commands areordered chronologically, and each is preceded by a number based onthe order in which it was invoked.

The history command does not display a password even if one wasentered as part of a chusr, newusr, or editusr command. Thehistory command displays a series of asterisks (***) instead of theclear text password.

Use the up- and down-arrow keys to display commands from thehistory list in the command line. To see only the commands thatbegin with specific characters, type those characters in the commandline before using the up- and down-arrow key. When the Enter keyis pressed, the command currently displayed in the command line isexecuted.

The TACF command language supports the following shortcuts thatmake use of commands in the history list:

^^ [string] Invokes the previous command. If string is specified,it is appended to the original command.

^n [string] Invokes the command that is numbered n in thehistory list, where n is a positive integer. If string isspecified, it is appended to the original command.

^–n [string] Invokes the nth command from the end of the list,where n is a positive integer. If string is specified, itis appended to the original command.

^match [string]Invokes the most recently issued command thatbegins with the characters match, where match is a

help and history Commands

128 Version 3.7

text string. If string is specified, it is appended to theoriginal command. Separate the match and stringvalues with a space.



2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

joinJoins users to a group.

SYNOPSIS{join | j} userName group(groupName)

DESCRIPTIONThe join command adds users to a group. The specified users andgroup must already be defined to UNIX.

AuthorizationTo use the join command, at least one of the following must be true:

¶ You have the ADMIN attribute in your TACF user record.


¶ You are the owner of the group record in the TACF database.

¶ You are have JOIN or MODIFY access authority in the accesscontrol list of the GROUP record in the ADMIN class.

Argumentsgroup(groupName)

Specifies that the user is being joined to the groupgroupName. When specifying more than one group,enclose the group names in parentheses and separatethe names with spaces or commas.

userName Specifies the name of the UNIX user who is beingconnected to the group specified by the groupparameter. When specifying more than one user,enclose the user names in parentheses and separatethe names with spaces or commas.

EXAMPLESThe user Eli wants to join the user Bob to the group Staff.join Bob group(Staff)


130 Version 3.7

SEE ALSOchgrp, join–, rmgrp, showgrp

join Command


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

join–Removes users from a group.

SYNOPSIS{join– | j–} userName group(groupName)

DESCRIPTIONThe join– command removes users from a group.

AuthorizationTo use the join– command, one of the following conditions must betrue:



¶ You are the owner of the group record in the TACF database.

¶ You are have JOIN or MODIFY access authority in the accesscontrol list of the GROUP record in the ADMIN class.

If you have ownership of only the user’s profile, you do not havesufficient authority to remove the user from a group.

ArgumentsuserName Specifies the name of the user you want to remove

from the group. When removing more than one userfrom the group, enclose the list of user names inparentheses and separate the names with spaces orcommas.

group(groupName)Specifies the UNIX group from which to remove theuser.

EXAMPLESThe user Bill wants to remove the users sales25 and sales43 fromthe PAYROLL group.join– (sales25 sales43) group(PAYROLL)

join Command

132 Version 3.7

SEE ALSOchgrp, join, newgrp, rmgrp, showgrp

join- Command


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

rmgrpRemoves a group from UNIX.

SYNOPSIS{rmgrp | rg} groupName

DESCRIPTIONThe rmgrp command deletes one or more groups from the UNIXsystem. The groups are removed from the file you specified in theseos.ini file; by default, the groups are removed from the /etc/groupfile. For more information, see “Defining a Default File for UpdatingGroups” on page 115.

ArgumentgroupName Specifies the name of the TACF group record to be

deleted. To delete more than one group, enclose thegroup names in parentheses and separate the nameswith spaces or commas.

SEE ALSOchgrp, newgrp, showgrp

join- Command

134 Version 3.7

rmusrRemove users from UNIX.

SYNOPSIS{rmusr | ru} userName

DESCRIPTIONThe rmusr command removes one or more users from the UNIXsystem. The users are removed from the file specified in the seos.inifile. By default, the users are removed from the /etc/passwd file. Formore information, see “Defining the Default User File” on page 114.

ArgumentuserName Specifies the name of an existing UNIX user. When

removing more than one user, enclose the list of usernames in parentheses and separate the names withspaces or commas.

SEE ALSOchusr, newusr, showusr

rmgrp Command


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

showfileLists the UNIX settings of a file.

SYNOPSIS{showfile | sf} fileName

DESCRIPTIONThe showfile command lists the UNIX details of one or more UNIXfiles.

ArgumentfileName Specifies the name of the file whose details are to be

listed. Enter one or more UNIX file names. Whenspecifying more than one file, enclose the list of filenames in parentheses and separate the names withspaces or commas.

EXAMPLESYou want to list the details of the UNIX file /tmp/foo.environment unixshowfile /tmp/foo

SEE ALSOchfile

rmusr Command

136 Version 3.7

showgrpDisplays group properties.

SYNOPSIS{showgrp | sg} groupName

DESCRIPTIONThe showgrp command displays the details of one or more groupsin the UNIX system. The properties are read from the file specifiedin the seos.ini file; by default, the properties are read from the/etc/group file. For more information, see “Defining a Default Filefor Updating Groups” on page 115.

ArgumentgroupName Specifies the name of the group whose details are to

be displayed. The group name must be an existingUNIX group name. Specify one or more groupnames. When listing more than one group, enclosethe list of group names in parentheses and separatethe names with spaces or commas.

EXAMPLESList details of the UNIX group “research.”showgrp research

SEE ALSOchgrp, newgrp, rmgrp

showfile Command


2.TA

CF

Co

mm

and

sin

the

UN

IXE

nviro

nm

ent

showusrShow the settings of UNIX users.

SYNOPSIS{showusr | su} userName

DESCRIPTIONThe showusr command displays the properties of one or more usersdefined in the UNIX system. The properties are read from the filespecified in the seos.ini file; by default, the user information is readfrom the /etc/passwd file. For more information, see “Defining theDefault User File” on page 114.

ArgumentuserName Specifies the name of the user whose UNIX

properties are to be displayed. Specify an existingUNIX user name. When listing the properties ofmore than one user, enclose the list of user names inparentheses and separate the names with spaces orcommas.

EXAMPLESList the details of the UNIX user “leslie.”showusr leslie

SEE ALSOchusr, newusr, rmusrv

showgrp Command

138 Version 3.7

TACF Utilities

This chapter is a complete reference to the TACF utilities. Thechacontains the following sections:

¶ Lists of utilities by category

¶ Detailed reference for each utility, arranged alphabetically

TACF Utilities by CategoryThe tables in this section contain a complete list of the TACFutilities arranged by the following categories:

¶ User utilities-Used by ordinary users of the system.

¶ Administration utilities-Used by administrators of TACF tomanage and configure TACF.

¶ Installation utilities-Used during product installation, systemstartup, or the removal of TACF from the system.

¶ Support utilities-Used by technical support.

¶ Password utilities-Used to replace passwords.

¶ Daemons-Programs that can be used to provide additional TACFfunctions.

3


3.TA

CF

Utilities

User Utilities

Utility Name Description

segrace Displays various login and password settings for auser.

senone Executes a shell as if it were invoked by anon-TACF user.

sepass TACF replacement for the UNIX passwd andyppasswd commands.

sesu TACF replacement for the UNIX su command.

sesudo Executes commands that require superuser authorityon behalf of a regular user.

sewhoami TACF replacement for the UNIX whoami command.

Administration Utilities


issec Displays the status of the TACF security daemons.

seaudit Utility for viewing the TACF audit log files.

sebuildla Creates a lookaside database.

sechkey Changes the encryption key for various TACFprograms.

seclassadm Adds new classes to the TACF database.

secons Console for controlling the TACF daemons.

secrepsw Creates password files without shadowing.

sedbpchk Checks the integrity of the TACF database. Backsup the database if the database passes the check.

sedb2scr Creates a script that contains the TACF commandsthat are required to duplicate a TACF database.

seerrlog Lists records in the TACF error log.

sehostinf Displays host information.

selang TACF command shell.

semigrate Copies data from a TACF database into a binary fileor from the binary file into a new TACF database.

User Utilities

140 Version 3.7


semsgtool Maintains, decodes, and creates TACF message files.

senable Enables a user account that was disabled by theserevu utility.

sepurgdb Purges the TACF database.

sereport Provides reports of database information.

seretrust Retrusts untrusted programs.

seversion Displays the TACF version information of a TACFmodule.

Installation Utilities


S58SEOS The TACF interception module loader for NCRstations.

S68SEOS The TACF interception module loader for SunSolaris 2 stations.

secredb Creates a new TACF database.

seload Loads the TACF extension to the UNIX kernel andexecutes the TACF daemons.

SEOS_load The TACF interception module loader for allstations except Sun Solaris 2.

SEOS_syscall The TACF interception module.

sepropadm Administers TACF database properties.

seuidpgm Extracts the setuid programs in a UNIX file system.

UxImport Extracts the user, group, and host information in aUNIX system and, if installed, in NIS.

Support Utilities


dbdump Reports on the records in the TACF database that islocated in the current directory.

Administration Utilities


3.TA

CF

Utilities


dbutil Tool for maintaining the TACF database files.

rdbdump Reports on the records in the TACF database that iscurrently being used by the authorization daemon.

sedbpchk Checks the integrity of the TACF database, and if itpasses, backs up the database.

seini Displays information about the TACF database andinitialization files and sets the values of tokens in theinitialization files.

Password Utilities


secompas Compares UNIX and TACF passwords for all TACFusers.

sepass TACF replacement for the UNIX passwd andyppasswd commands.

Daemons


seagent The TACF agent daemon.

selogrcd Collector daemon for the TACF log routing system.

selogrd Transmitter daemon for the TACF log routingsystem.

seosd The TACF authorization daemon.

seoswd The TACF watchdog daemon.

serevu Revokes users after a series of unsuccessful loginattempts.

Installation Utilities

142 Version 3.7

dbdump or rdbdumpThe dbdump and rdbdump utilities display information from theTACF database. The dbdump utility operates on the database in thecurrent directory; the rdbdump utility operates on the databasecurrently being used by the authorization daemon.

SYNOPSIS{dbdump | rdbdump} switch [parameters]

The switch is an argument that consists of a letter or lettercombination that specifies the action to take. The parameters qualifythe action by specifying the objects on which to take the action.

DESCRIPTIONThe dbdump and rdbdump utilities report on the records in theTACF database. The dbdump utility operates on the databaselocated in the current directory; the rdbdump utility operates on thedatabase currently being used by the authorization daemon. Theutilities perform the following functions:

¶ Dump information for records of a specified class

¶ Dump information for a single record of a specified class

¶ Dump information for all records of a class except a specifiedrecord

¶ Generate lists of classes and property definitions

¶ Generate a list of groups a user is a member of

¶ Generate a list of records of a particular class

Notes¶ Specify only one switch with dbdump or rdbdump.

¶ This tool is to be used only by technical support personnel.

¶ The dbdump utility assumes TACF is not currently running.Invoke dbdump from the directory where the TACF databaseresides.

¶ To use the rdbdump utility, the seosd daemon must be running.

dbdump or rdbdump Utility


3.TA

CF

Utilities

AuthorizationTo execute the dbdump utility, you need read and write permissionon the database files, /usr/seos/seosdb/seos_*.

To execute the rdbdump utility, you must have the ADMIN,AUDITOR, or SERVER attribute.

Argumentsd class[property] dn class[property]

Displays the values of specified properties for all records inthe specified class. Separate multiple property names withspaces. To read the property list from a file, replace propertywith @fileName. Each property must appear on a separateline in the file. If property is not specified, the values of allproperties are listed. If the dn switch is used, properties withunknown values are not displayed.

o class record [property] on class record [property]Displays the values of specified properties for a single recordin the specified class. Separate multiple property names withspaces. To read the property list from a file, replace propertywith @fileName. Each property must appear on a separateline in the file. If property is not specified, the values of allproperties are listed. If the on switch is used, properties withunknown values are not displayed.

e class record [property] en class record [property]Displays the values of selected properties for all records ofthe specified class except a single specified record. Separatemultiple property names with spaces. To read the propertylist from a file, replace property with @fileName. Eachproperty must appear on a separate line in the file. Ifproperty is not specified, the values of all properties arelisted. If the en switch is used, properties with unknownvalues are not displayed.

c Lists the names of all classes defined in the database.

fc Lists all class information for all classes in the database.


144 Version 3.7

p classLists the names of the properties of the specified class.

fp classLists all property information on properties of the specifiedclass.

g user Lists the groups the specified user is a member of.

l class Lists all the records in the specified class.

FILESThe dbdump reports on the database in the current directory; therdbdump utility reports on the database currently being used by theauthorization daemon. The default location of the database files is/usr/seos/seosdb. The database files are:

seos_cdf.* seos_pdf.* seos_odf.* seos_pvf.* seos_ids.dat

The seos.ini file is not used. No other special files are used.

SEE ALSOsecredb, seini, selang



3.TA

CF

Utilities

dbutilTool for maintaining the TACF database files.

SYNOPSISdbutil switch [fileName]

The switch is an argument that consists of a dash (–) followed by aword or abbreviation that specifies the action to take. The fileNamequalifies the action by specifying the objects on which to take theaction.

DESCRIPTIONThe dbutil utility is used to manage and manipulate a TACFdatabase.

Notes¶ The fileName is the name of the TACF database file. TACF

database file names have the .dat extension.

¶ This tool is designed to be used by technical support personnel.

¶ The dbutil utility assumes that TACF is not currently running.

¶ Invoke dbutil from the directory where the TACF databaseresides.

Arguments–all fileName Performs all index checks on the specified database

file; same as specifying –index and –free.

–build fileNameBuilds indexes of a DBIO based on data records.

–check Performs all checks for all database files. This issimilar to using –all on each database file. Whenusing this switch, do not use the parameter fileName.

–dump fileNameDumps the specified database file as ASCII on thestandard output device.

dbutil Utility

146 Version 3.7

–dup sourceFileName destinationFileNameDuplicates the DBIO file based on the file header ofthe source file.

–fast Performs a fast check on all database files. The fastcheck is not an exhaustive check and may notidentify all problems. Use –check for a morecomplete check.

–free fileNameChecks for a free index.

–index fileNameChecks the consistency of the index.

–key fileName Sequentially scans an index file.

–load databaseFileName ASCII-fileNameLoads an ASCII file and converts it into a DBIOfile.

–scan fileNameScans the database file sequentially.

–scana fileNameScans the database file sequentially. Deleted recordsare also scanned.

–stat fileName Lists the header information of the database file.

–verify Verifies that certain predefined objects exist in thedatabase, for example, TACF, ADMIN, and UACCfor all classes.

FILESThe seos.ini file is not used. No other special files are used.

dbutil Utility


3.TA

CF

Utilities

issecDisplays the TACF security daemons’ status.

SYNOPSISissec switch

DESCRIPTIONThe issec utility is used to display TACF security daemons’ status. Ifno switches are specified, the following information is displayed:

¶ The TACF version and installation directory

¶ The status of the TACF kernel extension

¶ The status of three major TACF daemons: seosd, agent, andwatchdog

¶ The status of TACF daemons serevu, selogrd and selogrcd

¶ The status of the policy model database daemon and its name

¶ The status of the daemons that have been specified in the[daemons] section of seos.ini

Arguments–b Displays major daemons’ (seosd, agent, and

watchdog) status and process ID (PID).

–k Checks if TACF kernel extension is loaded.

–h Displays the help screen.

FILESNo special files are used.

issec Utility

148 Version 3.7

S58SEOSThe TACF interception module loader for NCR stations.

SYNOPSISS58SEOS

DESCRIPTIONS58SEOS loads the TACF kernel interception module on NCRstations. S58SEOS should be installed in the directory /etc/rc2.d,and should be run when the station boots.


SEE ALSOSEOS_load, SEOS_syscall

s58seos Utility


3.TA

CF

Utilities

S68SEOSThe TACF interception module loader for Sun Solaris 2 stations.

SYNOPSISS68SEOS

DESCRIPTIONS68SEOS loads the TACF kernel interception module on Sun Solaris2 stations. S68SEOS should be installed in the directory /etc/rc2.d,and should be run when the station boots.


SEE ALSOSEOS_load, SEOS_syscall

s68seos Utility

150 Version 3.7

seagentThe TACF agent daemon.

SYNOPSISseagent

DESCRIPTIONThe seagent daemon is responsible for accepting requests fromremote stations and applying them to the local TACF and UNIXdatabases. The seagent daemon also checks that the TACF watchdogdaemon (seoswd) is running and, if it is not, restarts it. The seagentdaemon is responsible for updating the UNIX user file /etc/passwd,the system’s shadow password file, and the UNIX group file/etc/group.

The agent waits for connections on the seoslang and seoslang2 TCPservices (whose default values are 8890 and 8891, respectively).When a connection request arrives, seagent forks a child process tohandle the communication on the connection, and continues waitingfor new connections.

The child processes of seagent get the requests from the client andapply them to the local database.

Notes¶ The only ports used by TACF are 8890 and 8891. It is

recommended that you do not change these ports.

¶ The agent uses the rpc mechanism and therefore the portmappermust be running on the local machine. For additionalinformation on the portmapper, check your systemdocumentation.

FILESThe following special files are used:

¶ /etc/passwd

¶ /etc/group

¶ The system’s password shadow file

seagent Utility


3.TA

CF

Utilities

The seos.ini file is not used.

SEE ALSOseosd, seoswd

seagent Utility

152 Version 3.7

seauditAudit file viewer.

SYNOPSISseaudit switches [options]

A switch is an argument that consists of a dash (–) followed by aletter or letter combination that specifies the action to take. Theoptions further qualify the action.

DESCRIPTIONThe seaudit utility displays the records in the TACF audit log file.Log records are submitted by the TACF authorization daemon whenan access to a resource requires auditing, as specified in theresource’s audit mode property or in the accessing user’s audit modeproperty.

Notes¶ At least one switch must be specified.

¶ Qualifiers are used to prevent unwanted data from beingdisplayed.

¶ It is possible to use string matching in the switches and options.See “String Matching” on page 441 for information about howTACF performs string matching. Some UNIX shellsautomatically expand mask arguments; therefore, when invokingseaudit from such a shell, type a backslash (\) before an asteriskor question mark to the prevent the shell from expanding theargument.

¶ The seaudit utility does not display a password even if one wasentered as part of a chusr, editusr, or newusr command;instead, it displays a series of asterisks (***) in place of theclear text password.

seaudit Utility


3.TA

CF

Utilities

Arguments

Switches

–a Lists all records except TCP records and those sent to theaudit log by the tracing facility.


–i host service

Lists the INET audit records of TCP requests received fromthe specified hosts for the specified services. Both host andservice are masks that identify the set of hosts and servicesthat are searched for.

To list TCP records with the network ID (port number) towhich a connection was made, add the –c flag:seaudit –a –c

–l user terminalDisplays the following:

LOGIN records for the specified user on the specifiedterminal. Both user and terminal are masks.

Records created by serevu when it enables and disablesusers.

Records created by the authorization daemon when aninvalid password is entered multiple times.

–r class resource userLists the audit file for the specified resource that belongs tothe specified class for the specified user. The class variableis a mask that identifies the class the accessed resourcebelongs to, resource is a mask that identifies the names ofthe resources that were accessed, and user is a mask thatidentifies the name of the users who accessed the resources.

–s Lists the startup and shutdown messages from the TACFdaemons.

-Stl -SatDisplays more detailed descriptions of watchdog messages.

seaudit Utility

154 Version 3.7

–t Displays the table of log codes.

–tr Displays trace records of all the users whose activities arebeing traced.

–trr resourceDisplays the trace records of the specified resource.

–tru uidDisplays the trace records of the user with the specified userID.

–u command class record userDisplays database update audit records. The commandvariable is a mask that identifies the set of TACF commandsto search for, class is a mask that identifies the classes tosearch for, record is a mask that identifies the records tosearch for, and user is a mask that identifies the users whoexecuted the commands.

–w Lists the watchdog audit records.

Options

–detailDisplays detailed information about each record.

–delim delimiterUse delimiter as a delimiter between fields. For example, thefollowing command makes fields appear in quotation marksseparated by a comma:seaudit –a –delim \”\,\”

–ed dateSpecifies the end date. Records logged after the specified dateare not listed. Replace date with a specific date in the formatdd–mmm–yyyy, with the string today to set the end date astoday, or with today–number to set the end date as the specifiednumber of days before today. For example, today–3 means thatthe end date is three days ago.

–et timeSpecifies the end time. Records logged after the specified timeare not listed. Replace time with a specific time in the 24-hourformat hh:mm, with the string now to set the end time as now,

seaudit Utility


3.TA

CF

Utilities

or with now–number to specify the end time as the number ofminutes before now. For example, now–60 means that the endtime is 60 minutes ago.

–f Specifies that failures should not be displayed.

–fn fileNameSpecifies the name of the audit log file to be searched.

–g Specifies that successful (granted) accesses should not bedisplayed.

–gn Specifies that successful (granted) accesses should not bedisplayed, except for notification records.

–logoutSpecifies that logout records should not be displayed.

–millenniumSpecifies that dates should be displayed using a 4-digit (ratherthan 2-digit) year.

–n Specifies that internet addresses should be displayed instead ofhost names in TCP/IP records.

–notifySpecifies that notification records should not be displayed.

–o hostSpecifies that only records originating from the specified hostshould be displayed. This option is only applicable whenbrowsing records from a consolidated audit file created by theselogrcd log-routing collection daemon.

–pwa Specifies that password attempt records should not be displayed.

–sd dateSpecifies the start date. Records logged prior to the specifieddate are not listed. Replace date with a specific date in theformat dd–mmm–yyyy, with the string today to set the start dateas today, or with today–number to set the start date as thespecified number of days before today. For example, today–3means that the start date is three days ago.

seaudit Utility

156 Version 3.7

–st timeSpecifies the start time. Records logged prior to the specifiedtime are not listed. Replace time with a specific time in the24-hour format hh:mm, with the string now to set the start timeas now, or with now–number to specify the start time as thenumber of minutes before now. For example, now–60 means thatthe end time is 60 minutes ago.

–v Specifies that port numbers should be displayed instead ofservice names.

–warn Specifies that warning records should not be displayed.

OutputEach record that seaudit displays contains data arranged in columns.The data in the first three columns has the same meaning for alltypes of records. From the fourth column to the end, the contentsand the meaning of the data is dependent on the type of record. Thefollowing tables provide additional information.

Output for Most Common RecordsThe output for the most common type of record is described in thefollowing table:

No. Contents Description

1 Date The date the (attempted) access occurred.

2 Time The time the (attempted) access occurred.

seaudit Utility


3.TA

CF

Utilities


3 Alphabetic ReturnCode

The TACF return code indicating whathappened. The valid values and theirmeanings are:

A- An attempt to log in failed becausean invalid password was enteredmultiple times.

D- TACF denied access to a resource,did not permit a login, or did notpermit an update to the TACFdatabase because the accessor didnot have sufficient authorization.

E- serevu enabled a disabled useraccount.

F- An attempt to update the TACFdatabase failed.

I- serevu disabled a user account.

M- TACF was started or shut down.

O- A user logged out.

P- TACF permitted access to aresource or permitted a login.

S- The TACF database wassuccessfully updated.

T- All the actions of the user are beingtraced.

U- A trusted program (setuid or setgid)was changed; therefore, it is nowuntrusted.

W- An accessor’s authority wasinsufficient to access the specifiedresource; however, TACF allowedthe access because warning mode isset in the resource.

seaudit Utility

158 Version 3.7


4 Type of Event orClass

The type of event being audited or the classon which the action was performed.

5 Accessor or Class If the previous column contains a classname, this column contains the name of theaccessor who executed the command. If theprevious column contains UPDATE, then thiscolumn contains the class in which theaction was performed.

6 Access Type orAccessor

If the previous column contains the accessorname, this column contains the access type,if relevant. If the previous column containsthe class name, this column contains thename of the accessor who executed thecommand.

7 Stage Code A number that indicates at which stageTACF decided what action to take and why.

8 Audit RecordCode

A number that represents the reason whyTACF wrote an audit record.

9 Terminal orResource

If column four contains LOGIN orLOGOUT, then this column contains thename of the terminal from which the loginor logout was performed. Otherwise, thiscolumn contains the name of the resourcebeing accessed or updated.

10 Terminal orProgram

If column four contains UPDATE, then thiscolumn contains the name of the terminalfrom which the update was made. Otherwise,this column contains the name of theprogram that accessed the resource.

11 Command If column four contains UPDATE, then thiscolumn contains a complete copy of thecommand entered by the accessor. If thecommand is a password update, thepassword itself is not displayed.

seaudit Utility


3.TA

CF

Utilities

Output for Trace RecordsThe output for trace records, starting from the fourth column, isdescribed in the following table:


4 Type of Event TRACE-Indicates that the record was createdbecause all the user’s or resource’s activitiesare being traced.

5 UNIX UID The UNIX user ID of the process.

6 Effective UID The effective user ID of the process.

7 TACF UID The user ID that TACF associates with theprocess.

8 Stage Code A number that indicates at which stage TACFdecided what action to take and why.

9 Resource orAction

Contains the name of the resource beingaccessed or updated, or the action beingperformed.

10 Trace File Details Additional details about the resource beingaccessed or the action being traced. Theformat of these fields is the same as the tracemessages described in “TACF TraceMessages” on page 379.

Sample OutputThe output generated by seaudit looks similar to that shown in thefollowing example:01 Sep 98 16:58 P PROGRAM John Exec 59 2 \/usr/bin/enq01 Sep 98 16:58 D TERMINAL Smith Read 55 3 xt301 Sep 98 20:21 P LOGIN Bill 55 2 athena01 Sep 98 21:04 P PROGRAM Dennis Exec 59 2 \/usr/bin/su01 Sep 98 21:04 P SURROGATE Dennis 58 2 \GROUP.system01 Sep 98 21:04 P SURROGATE Dennis 58 2 USER.root01 Sep 98 21:41 U PROGRAM seoswd 7 0 \/tmp/testsuid01 Sep 98 22:09 D HOST telnet athena01 Sep 98 22:10 O LOGOUT Bill 49 2 athena01 Sep 98 22:20 A LOGIN Bill 8 2 athena01 Sep 98 22:20 I LOGIN Bill 0 5

seaudit Utility

160 Version 3.7

01 Sep 98 22:25 E LOGIN Bill 0 501 Sep 98 22:30 M START seosd01 Sep 98 22:32 M SHUTDOWN John 452 seosd

Trace audit records look similar to those shown in the followingexample:15 Sep 98 22:27 P TRACE 244 244 244 0 FORK : P=17010U=244 G=201 Child=17013 pgm:/usr/bin/rlogin15 Sep 98 22:28 P TRACE 244 244 244 0 SUID > P=17020U=244 (R=244 E=0 S=0 ) to (R=244 E=244 S=244 ) () BYPASS

The output from the program is discussed in the followingparagraphs:01 Sep 98 16:58 P PROGRAM John Exec 59 2 \/usr/bin/enq

On 1 September 1998 at 16:58, TACF permitted (P) the user John toexecute the setuid program /usr/bin/enq. TACF checked the Execpermissions for the record /usr/bin/enq in the PROGRAM class.The TACF authorization algorithm granted the operation based oncode 59, Resource UACC (universal access authority) check; that is,there exists in the TACF database a record called /usr/bin/enq in thePROGRAM class with the default access property set to allowexecution by all users. The event was logged in the audit log filebecause of code 2, User audit mode; that is, the audit property ofthe user’s record is set to include successful accesses.01 Sep 98 16:58 D TERMINAL Smith Read 55 3 xt3

On 1 September 1998 at 16:58, TACF denied (D) a login requestfrom the user Smith for the terminal xt3. The requested access wasREAD, the normal access authority for records of the TERMINALclass. Access to the terminal was denied because of code 55,Resource ACL check for the user; that is, the user Smith is definedin the ACL of the TERMINAL class record xt3 with access NONE.The event was logged in the audit log file because of code 3,Resource audit mode; that is, the audit property of the xt3 record isset to include failed accesses.01 Sep 98 20:21 P LOGIN Bill 55 2 athena

seaudit Utility


3.TA

CF

Utilities

The user Bill was permitted (P) to log in from the terminal athena.The login was allowed because of code 55, Resource ACL check foruser; that is, the user Bill has READ authority in the ACL of theTERMINAL class record athena. The event was logged because ofthe user’s audit property.01 Sep 98 21:04 P PROGRAM Dennis Exec 59 2 \/usr/bin/su01 Sep 98 21:04 P SURROGATE Dennis 58 2 \GROUP.system01 Sep 98 21:04 P SURROGATE Dennis 58 2 USER.root

The user Dennis was permitted (P) to execute the /bin/su program tosubstitute the user root. The program later requested setgid to thegroup 0 (in this case, the group “system”) and setuid to root. Bothrequests were granted based on code 58; that is, the user Dennis is amember of a group that appears in the ACLs of these resources. Allthree events were logged because of the resources’ audit properties.01 Sep 98 21:41 U PROGRAM seoswd 7 0 \/tmp/testsuid

The TACF watchdog marked the program /tmp/testsuid as untrusted(U). The program was marked untrusted because of code 7, File Statinformation changed. Code 7 is a global catch for all modificationsto the file status information, including modifications to the time,size, owner (user and group) and mode entries. The program testsuidwas only created for test purposes and the information was changedusing the touch utility. The digit 0 is placed in a column that is usedonly if the reason is 7. In this case, this column displays the returnvalue of the errno variable. To find out the meaning of the error, seethe /usr/include/errno.h or /usr/include/sys/errno.h file on the localstation.01 Sep 98 22:09 D HOST telnet athena

The host athena was denied access to the telnet service.01 Sep 98 22:10 O LOGOUT Bill 49 2 athena

The user Bill logged out from the system. TACF knows about mostprocess terminations in the system. When all processes associatedwith Bill’s credentials have terminated, Bill is considered to belogged out. Logout records are identified by the LOGOUT class

seaudit Utility

162 Version 3.7

entry and the O in the result column. The code 49 indicates aLOGOUT audit record. The code 2 indicates the event was loggeddue to the user’s audit mode. TACF reports logouts only if logins arealso reported for the user.01 Sep 98 22:20 A LOGIN Bill 8 2 athena

The user Bill tried to access the system. The code 8 indicates thatthe login procedure failed because Bill failed to provide the correctpassword. The serevu daemon detected and logged the event.01 Sep 98 22:20 I LOGIN Bill 0 5

This audit record is submitted by the serevu daemon when itdisables a user’s login because of too many password attempts. Thedigit 5 identifies the entry as being submitted by serevu.01 Sep 98 22:25 E LOGIN Bill 0 5

This audit record was submitted by the serevu daemon when itreenabled the login of the user Bill that was previously revoked bythe daemon.01 Sep 98 22:30 M START seosd01 Sep 98 22:32 M SHUTDOWN John 452 seosd

These audit records indicate the startup and shutdown of the seosddaemon. seosd started at 22:30 and John brought seosd down at22:32. John was allowed to take seosd down because he has theADMIN attribute-reason code 452. Reason code M indicates startupor shutdown of the seosd daemon.

The following examples are traces on user records:15 Sep 98 22:27 P TRACE 244 244 244 0 FORK : P=17010 \U=244 G=201 Child=17013 pgm:/usr/bin/rlogin

TACF intercepted a fork request made by process 17010 associatedwith user ID 244 and group ID 201. The child process ID is 17013.The program running in the parent process (and initially also in thechild process) is /usr/bin/rlogin. The TACF stage code is 0.15 Sep 98 22:28 P TRACE 244 244 244 0 SUID > P=17020 \U=244 (R=244 E=0 S=0 ) to (R=244 E=244 S=244 ) () BYPASS

seaudit Utility


3.TA

CF

Utilities

TACF granted the setuid request without checking anySURROGATE access rule. In the message text, 17020 is the issuingprocess ID; 244 is the user ID associated with this process; r, e, ands are the real, effective and saved user IDs of process 17020; 244 isthe target effective, real, and saved user IDs with which the setuidrequest was issued. The checks were bypassed because the currentreal user ID is the same as the target user ID and therefore thesetgid request does not change the security scope of the user.

EXAMPLES1. The following command lists all audit records since 1 September

1998:seaudit –a –sd 01–Sep–1998

2. The following command lists the failed logins of the user rootfrom any terminal on 1 September 1998:seaudit –sd 01–Sep–1998 –ed 01–Sep–1998 –l root \* –g

3. The following command lists all accesses of user John to everyresource of class DBFIELD:seaudit –r DBFIELD \* John

4. The following command lists all audit records that were loggedbetween 17:00 (yesterday) and 08:00 (today):seaudit –a –st 17:00 –et 08:00

5. The following command lists all audit records that were loggedbetween 08:00 and 17:00:seaudit –a –st 08:00 –et 17:00

6. The following command lists all warning records for logins andresource accesses:seaudit –login \* \* –resource \* \* \* –grant –failure–logout –pwa

7. The following command lists all audit records from yesterday:seaudit –a –sd today–1 –ed today–1

8. The following command lists all audit records that trace theactivity of the user with user ID 244 attempting to access files:seaudit –tru 244 –trr FILE

seaudit Utility

164 Version 3.7

FILES

seos.ini FileThe seaudit utility uses the following tokens in the seos.ini file:

SectionTokens

logmgraudit_back

audit_group

audit_log

audit_size

error_back

error_log

error_size

messagefilename

See “The seos.ini File” on page 407 for more information.

Other FilesThe seaudit utility uses the following additional special files:

¶ The TACF audit log file specified in the seos.ini file, usually/usr/seos/log/seos.audit, unless an audit log file is explicitlyspecified on the command line. The audit log file cannot bedefined in the database and only TACF can write to the file.Users can only have READ access to the file.

¶ The TACF messages file, usually /usr/seos/data/seos.msg

¶ /etc/passwd

¶ /etc/group

¶ /etc/hosts

¶ /etc/services

seaudit Utility


3.TA

CF

Utilities

SEE ALSOselang, selogrd, selogrcd, seosd, seoswd, serevu

seaudit Utility in the seos.ini File

166 Version 3.7

sebuildlaCreates a lookaside database and updates existing databases.

SYNOPSISsebuildla switch option

The switch is an argument that consists of a dash (–) followed by aletter that specifies the action to take.

DESCRIPTIONThe sebuildla utility creates a lookaside database for use by theTACF daemon seosd. The database is used to translate UNIX userIDs to user names, group ISDs to group names, host IP addresses tohost names, and service ports to port names. The database containsonly the number to name translation.

Notes¶ You may enter more than one switch. Regardless of the order of

the switches specified, sebuildla always builds and updates thedatabases before listing their contents.

¶ Before using sebuildla to build the lookaside databases, fill inthe token lookaside_path in the seos.ini file with the full pathof the lookaside databases.

¶ Use the following command the first time you build thelookaside database to create all the lookaside components:sebuildla –a

Single databases can be updated later using the relevant switch.

¶ If TACF is installed on a NIS, NIS+, or DNS server, calls to thesebuildla utility should be placed in the related makefiles.

¶ By default, the lookaside database files are protected against alluser access other than access via the sebuilda program.

¶ The sebuildla utility scans the resolution mechanisms in thesystem such as /etc files and NIS in order to build the lookasidedatabases. If a host has a fully qualified name, sebuildla uses it.

sebuildla Utility


3.TA

CF

Utilities

¶ Variations in machine configuration may cause instances inwhich sebuildla does not list all the names of a localenvironment. In some environments, it is not possible to scanhost entries (for example, where DNS is used to resolve hostnames). In these cases, sebuildla can load all the requiredentries from a file. To do this, create a list file with each objectname on a separate line. The utility will read this file and ensurethat all the objects in it are added to the relevant lookasidedatabase, if they do not already exist in the database. Thesebuildla utility ignores duplicate objects.

Arguments

Switches

–a Creates all the lookaside databases.

–g Creates a groups lookaside database.

–G Lists the contents of the groups lookaside database.

–h Creates a hosts lookaside database.

–H Lists the contents of the hosts lookaside database.

–s Creates a services lookaside database file.

–S Lists the contents of the services lookaside database.

–u Creates a users lookaside database.

–U Lists the contents of the users lookaside database.

Options

–l Loads the lookaside database using only the list file. This optionexcludes the resolution mechanism of the system.

–f Fast loads the lookaside database hosts (only) using the –hswitch.

FILES

Database FilesThe following table identifies the files that sebuildla uses to buildeach lookaside database:

sebuildla Utility

168 Version 3.7

Objects in ... Are added to the ...

/usr/seos/ladb/userlist Users lookaside database

/usr/seos/ladb/grouplist Groups lookaside database

/user/seos/ladb/hostlist Hosts lookaside database

/usr/seos/ladb/servlist Services lookaside database

¶ Empty lines or lines that begin with an exclamation point (!),number sign (#), or a semicolon (;) are ignored.

¶ Other lines represent entries that sebuildla adds to theappropriate lookaside database, if the entry can be resolved bysebuildla. Entries must contain the user, group, host, or servicename starting in the first position of the line.

You can use the rdbdump utility to create the list files. Forexample, to create a list of the hosts defined in class HOST in thelocal TACF database, enter:# rdbdump l HOST > /usr/seos/ladb/hostlist

The –foption makes a single request from DNS for a list of all hostsin the default domain, instead of querying the DNS server for theFQDN of each host entry as it is obtained. The fast load option iseffectual only if DNS is installed. Only host names in the defaultdomain are made fully qualified, and fully qualified names are leftas such. Host names scanned from the system mechanism that arenot fully qualified and are not found in the default doman are leftunqualified, and host names loaded from the hostlist file that are notfully qualified are discarded.

seos.ini FileThe sebuildla utility uses the lookaside_path token in the seos.inifile.

Other FilesThe sebuildla utility uses the following additional files:

¶ /etc/group

¶ /etc/hosts

sebuildla Database Files


3.TA

CF

Utilities

¶ /etc/passwd

¶ /etc/services

The sebuildla utility also uses the following files, which are locatedin the directory specified in the token lookaside_path:

¶ groupdb.la

¶ grouplist

¶ hostdb.la

¶ hostlist

¶ servdb.la

¶ servlist

¶ userdb.la

¶ userlist

SEE ALSOseosd

sebuildla Other Files

170 Version 3.7

sechkeyChanges the encryption key for various TACF programs, or lists theprograms that use a particular key. To change a program’s key, youneed write permission on the program’s binary file.

SYNOPSISsechkey {oldkey | –d} {newkey | –d | –n} [programs]

DESCRIPTIONThe sechkey utility can be used to change the encryption key thatprotects your communications with selected TACF programs. It canalso be used to change the encryption key that protects any newprograms you create that communicate with a TACF daemon. Thesechkey utility works on the following utilities and programs:

¶ The TACF seagent, selang, seosd, and sepass utilities, whichare in /usr/seos/bin. The sechkey utility also changes theencryption key in the file /usr/seos/lib/libcrypt.

Do not change the key for any of these programs unless youchange it for all of them.

¶ New programs that you create using the TACF API and thatcommunicate with a TACF daemon. By default, the newprogram’s communications are encrypted with the TivoliSystems-supplied default key. The most efficient practice is togive your programs the same key as the Tivoli-suppliedprograms.

If rather than changing the key, you want to see a list of theprograms that use the key, invoke the following form of the sechkeycommand:sechkey key –n

Argumentsoldkey | –d The current encryption key, the key that you want to

change from.

To specify the original Tivoli Systems-supplied key,use –d instead of oldkey.

sechkey Utility


3.TA

CF

Utilities

newkey | –d | –nThe new encryption key that you want to change to.Encryption keys are 55 characters long. A longernewkey will be truncated, a shorter one padded.

To change to the original Tivoli Systems-suppliedkey, use –d instead of newkey.

To list the programs that are using oldkey, ratherthan change to a different key, use –n instead ofnewkey.

programs The full path name of each program for which youwant to change the encryption key. If you omit theprograms parameter, the new key replaces the oldkey wherever the old key is in use in the seagent,selang, seosd, and sepass programs, as well as the/usr/seos/lib/libcrypt file and any programs that youhave created that communicate with a TACFdaemon.

If you specify more than one program, separate thenames with spaces.

FILESThe seos.ini file is not used. The utility can update the binaries in/usr/seos/bin and the encryption file in /usr/seos/lib/libcrypt.

sechkey Utility

172 Version 3.7

seclassadmAdministers TACF classes.

SYNOPSISseclassadm command [options]

DESCRIPTIONThe seclassadm utility adds new classes to the TACF database orremoves classes from the database.

The command is an argument that consists of a dash (–) followed bythe action to take. The options further qualify the action.

Notes¶ This utility is intended to be used by third-party developers.

¶ Do not use this utility while the TACF daemons are running.

¶ The seclassadm utility must be invoked from the directory inwhich the TACF database resides.

¶ You may specify more than one option.

¶ To add user-defined classes to a new database, run seclassadmafter you have created the new database with secredb. Repeatthis process every time you create a new TACF database.

Arguments

Commands

–add classAdds a new resource class, specified by class, to an existingTACF database. TACF reserves class names that are inuppercase characters. When adding a class, use at least onelowercase character. Class names can be up to 15 characterslong.

After creating a new class, you must enable the class byusing the setoptions command under selang. See “selang”on page 198, on “selang” on page 198 and “setoptions” on

page 94, on “setoptions” on page 94 for more information.

seclassadm Utility


3.TA

CF

Utilities

–del classDeletes the specified class from the TACF database.

Options

–a types Sets the types of access that are allowed for the class.The types string must not contain spaces ornonalphabetical characters; types can be specified in anyorder. The supported access types are:

M - chmod

O - chown

C - control

E - create

D - delete

X - exec

F - filescan

R - read

V - rename

S - security

U - update

T - utime

W - write

–d access Sets the class’s default access-the access that is assignedto a user when the authorize command is executedwithout specifying an access authority. This is theimplicit access used by the authorize command and isnot to be confused with the default access assigned to aresource. The possible accesses are those shown in theprevious list.

Specify the character or characters, in any order, thatrepresent the supported access types. The string must notcontain any spaces or nonalphabetical characters.

seclassadm Commands

174 Version 3.7

–f Forces TACF to accept a new class name even thoughthe name contains all uppercase letters.

–g Indicates that the new class is a resource that groupsmembers of an existing class. The relationship betweenthe existing class and the new class is like therelationship between the TERMINAL and GTERMINALclasses in the TACF database. The naming convention isthat the new group class has the same name as theexisting class, but the name must begin with theuppercase letter G.

EXAMPLES1. To add a resource class by the name dbfield, enter:

seclassadm –add dbfield

2. To add resource class report with only READ access, enter:seclassadm –add report –d R –a R

3. To add a resource class by the name batch_jobs with READ,WRITE, and MODIFY permissions and READ access as thedefault when not specified, enter:seclassadm –add batch_jobs –d R –a RWM

4. To add a new resource grouping record in the class CLASS, withaccess execute and implicit access execute, enter:seclassadm –add GCLASS –d X –a X –g –f

FILESThe seclassadm utility uses the TACF database files if these files arelocated in the current directory.


SEE ALSOsecredb, sedb2scr, sepropadm, setoptions

seclassadm Options


3.TA

CF

Utilities

secompasCompares passwords in the TACF database with the passwords inthe UNIX password file.

SYNOPSISsecompas [[ –h ] | [ –db ] [ –ok ] [ –ux ]]

DESCRIPTIONThe secompas utility compares the user passwords in the TACFdatabase with the passwords in the UNIX password file. One line isdisplayed for each user that contains the user name and a messageindicating whether the passwords match or that the user is notdefined in TACF or UNIX. After comparing all the users, secompasdisplays the total number of users it compared and the number ofusers whose passwords do not match.

Notes¶ The utility only adds to the counter of unmatched passwords

when the password exists in both environments and is not thesame.

¶ If a user is not defined in an environment or the password ismissing from an environment, secompas does not add to thecounter of unmatched passwords.

AuthorizationOnly users with the ADMIN attribute can use this utility.

Arguments–h Displays the help screen.

–db Prevents the display of the “Not in database” message.

–ok Prevents the display of the “OK” message.

–ux Prevents the display of the “Undefined in UNIX” message.

secompas Utility

176 Version 3.7

OutputThe utility produces several types of messages that are sent to thestandard output. The following list specifies the messages and theirmeanings:

OK: The TACF password matches the UNIX password.

*** PASSWORDS DO NOT MATCH ***: The TACF passworddoes not match the UNIX password of the user.

No password in TACF database: Either the user is not defined inthe TACF database or the user is defined in the TACF database butdoes not have a password in it.

Undefined in UNIX: The user is defined in the TACF database butnot in UNIX.

No password in UNIX password file: The user is defined in UNIXbut does not have a password.

*** NO MATCH - UNIX DISABLED ***: The user account hasbeen disabled in the UNIX environment; secompas identifies adisabled user account by the asterisk (*) in front of the password inthe /etc/passwd file.

EXAMPLESThe following command might produce the sample output shown.# secompas

Checking root : No password in TACF database.Checking tst_001 : Undefined in UNIX.Checking tst_002 : No password in UNIX password fileChecking tst_003 : *** PASSWORDS DO NOT MATCH. ***Checking tst_004 : *** NO MATCH - UNIX DISABLED ***Checking tst_005 : OK

Total of 6 users found in database.2 unmatched password(s) found. (1 UNIX DISABLED).

FILESThe /etc/passwd, the shadow password files, and NIS/NIS+password maps are used.

secompas Utility


3.TA

CF

Utilities


secons Utility

178 Version 3.7

seconsTACF control console.

SYNOPSISsecons command [parameters]

The command consists of a dash (–) followed by one or more lettersand, for selected commands, a plus sign (+) or minus sign (–). Thecommand specifies the action to take; the parameters qualify theaction by specifying additional information.

DESCRIPTIONThe secons utility provides a control console to the TACF daemonsand performs operations such as:

¶ Controls tracing of the TACF authorization daemon (seosd)

¶ Enables and disables login

¶ Gets login status

¶ Displays run-time statistics

¶ Shuts down the TACF server daemons

Authorization¶ The secons utility is available to both system administrators and

regular users. The options displayed and enabled for users whodo not have the ADMIN attribute are a subset of the totaloptions available: –d+, –d–, –ds, and –m.

¶ Only users marked as ADMIN or OPERATOR can shut downthe TACF daemons.

Arguments

Trace Control Commands

–t+ Enables tracing-causes the TACF daemon seosd to dumpmessages that specify its operations and actions to the tracefile.

secons Utility


3.TA

CF

Utilities

–t– Disables tracing-stops the TACF daemon seosd fromdumping messages to the trace file.

–tt Toggles tracing status between enabled and disabled.

–ts Displays the current tracing status.

–tc Clears the trace file-removes all records from the trace file.This option can be used regardless of whether seosd isrunning.

–tv –file filenameBrowses the specified file instead of the/usr/seos/log/seosd.trace file. This option can be usedwhether seosd is running or not.

–tv sizeInKBEnables online trace view-starts a browse session on thetrace file and operates in a manner similar to the tail –fsystem utility. Optionally, you can specify a size so that onlythe last kilobytes as specified by sizeInKB are shown. Thedefault value is 2 KB. Specifying 0 shows the entire tracefile. To stop this operation, press the Ctrl+c keycombination. This option can be used regardless of whetherseosd is running.

Login Control Commands

–d+ Enables concurrent logins for the user who executes thecommand.

–d– Disables concurrent logins for the user who executes thecommand. Using this command disables any concurrent logins ofthe user name to the local computer. It is possible to have thiscommand in the .login or .cshrc file of a user to disableconcurrent logins.

–ds Displays the concurrent logins setting for the user who executesthe command.

–l+ Enables system-wide login. By default, TACF enables login, butin cases where the system is to be taken down for maintenance,it is possible to disable login for a period of time. This optionenables login after maintenance.

–l– Disables system-wide login.

secons Trace Control Commands

180 Version 3.7

–ls Displays the current system-wide login status.

–u+ userEnables concurrent logins for the specified user.

–u– userDisables concurrent logins for the specified user.

–us userDisplays the concurrent logins setting for the specified user.


–i Displays formatted run-time statistics.

–m Send message to console-adds text to the trace file that wasproduced by the TACF authorization daemon.

-rl Updates tokens from the seos.ini file inside of seosd, withoutshutting down the daemon.

–s [stationNames]Shuts down the TACF daemons on the local or remote hosts.You can specify a group of hosts by entering the name of aGHOST record. If you do not specify a host, the daemon will beshut down on the local host only. If you use the -s[stationNames] option from a remote host, the utility requestspassword verification. You also need admin privileges on bothremote hosts and local host. Finally, you need write permissionto the local terminal on the remote host database.

EXAMPLES1. To shut down the TACF daemon, enter:

secons –s

2. To shut down the TACF daemon on remote hosts, HOST1, andHOST2, enter:secons -s HOST1 HOST2

3. To place the string “Start Event” in the TACF trace file, enter:secons –m 'Start Event'

4. To display the run-time statistics, enter:secons –i

secons Login Control Commands


3.TA

CF

Utilities

The output generated on the screen resembles the following:Run-Time Statistics:--------------------INet Statistics:Requests Denied : 0Requests Granted : 17Errors Found : 0Queues Size:Audit Log: 0Error Log: 0Cached Tables Info:ACEE Handles : 11Protected Clients : 0Trusted Programs : 77Untrusted Programs: 0TACF Database info: (record Count & First Free Id)Classes : 18 ( CID 0x0012 )Properties : 223 ( PID 0x00df )Objects : 152 ( OID 0x000000a8 )PropVals : 972 ( N/A )

The following sample output is explained in detail:INet Statistics:Requests Denied : 0Requests Granted : 17Errors Found : 0

The previous lines provide statistics on the network accessauthorizations performed by TACF. These lines summarize thenumber of denials, grants, and errors during the authorization ofnetwork requests.Queues Size:Audit Log: 0Error Log: 0

Because TACF creates logging with file locking, it is possiblethat certain events are held in memory and later written to logfiles. If these values exceed 10, then an error could be interferingwith the TACF logging facility.Cached Tables Info:ACEE Handles : 11Protected Clients : 0Trusted Programs : 77Untrusted Programs: 0

secons Miscellaneous Commands

182 Version 3.7

An ACEE (accessor environment element) is a table that containslogged-in processes. Protected Clients is the number of cachedclients. Usually, this value is 0. Trusted Programs is the numberof entries in the PROGRAM class that are cached in memory.Normally, all programs should be cached as trusted. UntrustedPrograms is the number of programs that were found to beuntrusted.TACF Database Info: (Record Count & First Free Id)Classes : 18 ( CID 0x0012 )Properties : 223 ( PID 0x00df )Objects : 152 ( OID 0x000000a8 )PropVals : 972 ( N/A )

The previous lines provide general information regarding the sizeof the TACF database and the number of records in each part ofthe database.

FILES

seos.ini FileThe secons utility uses the following tokens in the seos.ini file:

¶ trace_file

¶ trace_file_type

¶ trace_to


Other FilesNo other special files are used.

secons Miscellaneous Commands


3.TA

CF

Utilities

secredbCreates a TACF database.

SYNOPSISsecredb [[ –h ] | [ –c [ –v | –d ]]

DESCRIPTIONThe secredb utility generates a new empty TACF database. Theprogram should be used only at installation time. The database iscreated in the current directory. The program automatically adds auser with the ADMIN attribute; this user is called root.

Notes¶ Use this program only to create a new TACF database.

¶ To add user-defined classes to the new database, use seclassadmafter you create the new database with secredb.

Arguments–c Creates a new database.

–d Prints database layout documentation. This output containsfull descriptions of structures and property formats used inthe database.


–v Disables the verbal progress indication messages. The defaultis to print the messages.


SEE ALSOseclassadm, sepropadm

secredb Utility

184 Version 3.7

secrepswCreates a password file.

SYNOPSISsecrepsw

DESCRIPTIONThe secrepsw utility generates a password record without shadowingfor every user in the /etc/passwd file. This is necessary foradministrating users defined by policy model databases operatingover a UNIX environment.


secrepsw Utility


3.TA

CF

Utilities

sedbpchkChecks the integrity of the TACF database, and if the databasepasses the checks, creates a backup copy of the database.

SYNOPSISsedbpchk

DESCRIPTIONThis script copies the run-time database to a temporary location,performs various database integrity checks on the temporarydatabase, and if the database passes the checks, copies the temporarydatabase into a backup location.

In case the database does not pass the integrity tests, the utility triesto analyze if there were any updates applied to the database whilethe copy was being made. If there were updates, the conclusion thatthe database is corrupted may not be accurate.

If there were no updates while the database was being copied, theconclusion that the database is corrupted is probably true. In thatcase a mail message is sent to the system administrator who can usethe backup directory to override the corrupted run-time database.

This script is not foolproof. It might conclude that a database iscorrupted when it is not. The conclusion that a database is OK isalways accurate.

Before using the sedbpchk utility, it is recommended that you editthe script to check that the values of the fields seen in the followingtable match the needs of your site.

Database Field Definition

MAIL_TO The name of the user who is sent thenotification that the database is corrupt.

RETRIES The number of times the utility checks thedatabase when it suspects that the databaseis corrupted before sending the notification.

sedbpchk Utility

186 Version 3.7

Database Field Definition

SEOSDIR The location of the TACF installationdirectory.

SE_BINDIR The location of the TACF binary filesdirectory.

SE_DB_DIR The location of the TACF run-time databasedirectory.

SE_BCKDIR The location of the temporary databasedirectory.

SE_TMPDIR The location of the temporary databasedirectory.


SEE ALSOdbutil

sedbpchk Utility


3.TA

CF

Utilities

sedb2scrCreates a script containing the TACF commands required toduplicate a TACF database.

SYNOPSISsedb2scr switch

The switch is an argument that consists of a dash (–) followed by aletter that specifies which database to dump.

DESCRIPTIONThe sedb2scr utility generates a script consisting of the TACFcommands required to duplicate an existing TACF database. Thecommands are written to standard output. The sedb2scr utility canbe used to replicate a TACF database on other stations.

To write the generated commands to a file, use redirection. A newTACF database can then be created from the file by instructingselang to read the commands from the file.

Note: Rather than piping the output from sedb2scr to selang, youshould examine the script before it executes.

Notes¶ The sedb2scr utility extracts user-defined objects. However, to

load a script with user-defined objects into a new TACFdatabase, you must first create the user-defined classes that theseobjects belong to. To do this, use the utility seclassadm. See“seclassadm” on page 173, on page “seclassadm” on page 173for more information about the seclassadm utility.

¶ When sedb2scr is invoked with the –l command, sedb2scrassumes the TACF daemons are not running. If the TACFdaemons are running, sedb2scr assumes you are operating on adifferent database from the one being used by the TACFdaemons.

¶ It is not possible to copy database files from one architecture toanother when using UNIX commands such as cp or tar if the

sedb2scr Utility

188 Version 3.7

files do not use the same byte order. For example, copying adatabase from a Sparc-based machine to an Intel-based machineis not possible because each uses a different byte order.

AuthorizationTo use the –r command, you must have the ADMIN or SERVERattribute and the TACF daemons must be running.

Arguments-cclassName(s)

Dumps the database for the specified class or classes. Priorto using this option, you must use either the -l or the -rswitch in the same command line.

–l Dumps the database found in the current directory.

–r Dumps the database currently being used by seosd, theTACF daemon.

FILESThe TACF database files are used. The seos.ini file is not used.

SEE ALSOseclassadm, selang, seerrlog

sedb2scr Utility


3.TA

CF

Utilities

seerrlogDisplays the records in the TACF error log.

SYNOPSISseerrlog command [parameters]

The command is an argument that consists of a dash (–) followed bya letter that specifies the action to take. The parameters qualify theaction by specifying additional information.

DESCRIPTIONThe seerrlog utility lists the records contained in the TACF error logfile.

AuthorizationTo use this utility, you must have permission to read the error logfile or be a member of the group that can read the error log file-thegroup in the token error_group.

Arguments–s date

The start date for the list. Records written on and after thespecified date are listed. The format of date isdd–mmm–yyyy.

–e dateThe end date for the list. Records written up to andincluding the specified date are listed. The format of date isdd–mmm–yyyy.

–d Does not print the detailed information of failures.


–f fileNameSpecifies the error log file from which the list is to begenerated.

seerrlog Utility

190 Version 3.7

EXAMPLES1. To list all error records written since 1 June 1998, specify:

seerrlog –s 01–Jun–1998

2. To list all error records written between 1 June 1998 and 30 June1998, specify:seerrlog –s 01–Jun–1998 –e 30–Jun–1998

FILES

seos.ini FileThe seerrlog utility uses the following tokens in the seos.ini file:

logmgrerror_log

error_group


Other FilesThe seerrlog utility uses the TACF error log file, usually located in/usr/seos/log/seos.error. This file cannot be defined in the TACFdatabase and only TACF can write to the file.

SEE ALSOseaudit

seerrlog Utility


3.TA

CF

Utilities

segraceDisplays various login settings for a user.

SYNOPSISsegrace options [userName]

The options are arguments that consist of a dash (–) followed by aletter, and sometimes a word, that specifies the action to take.

DESCRIPTIONThe segrace utility displays the number of grace logins left for auser, the number of days remaining until the user’s existingpassword expires, or the date and time the user last logged on andfrom which terminal.

Notes¶ Before segrace can work, the system administrator must activate

TACF password checking by entering the command:TACF> setoptions class+(PASSWORD)

From now on, every time a user’s password is changed, the newpassword is checked against the password quality rules set in thedatabase.

¶ When invoked without any arguments and no grace logins arefound for a user, segrace does not display anything.

¶ It is recommended that you include the segrace command line inthe .login or .cshrc file of a user.

¶ Passwords must be changed with the utility sepass to permitsegrace to count grace logins.

¶ If users have no grace logins left, segrace invokes the sepassutility, which requests that the users replace their passwords. See“sepass” on page 251, on page “sepass” on page 251 for moreinformation about the sepass utility.

segrace Utility

192 Version 3.7

Your site may decide which command to execute instead of thesepass utility by specifying another utility in thesepass_command token in the segrace section of the seos.inifile.

AuthorizationYou must have the ADMIN attribute to display information about aspecified user.

Arguments–d days

Displays the number of days that remain until the user’scurrent password expires. The number is displayed only if itis less than or equal to the number of days specified by thedays parameter. If the days parameter is omitted, a default ofseven days is used. This option works only if the user’spassword has been changed using sepass or with a selangcommand such as chusr or editusr.


–l Displays the date and time the user last logged in, and fromwhich terminal.

–p Prompts for a new password when a user’s password hasexpired.

userNameWhen userName is specified, segrace displays the requiredlogin information for the specified user.

If userName is not specified and the requestor has theADMIN attribute, segrace displays the login details for thecurrent user.

segrace Utility


3.TA

CF

Utilities

sehostinfDisplays host information.

SYNOPSISsehostinf [ –h | [[ –q ] –g group | –u user | –n [host]]

DESCRIPTIONThe sehostinf utility displays host-related information. This utility isdesigned to be used by TACF.

Arguments–g group

Checks if the specified group exists.


–n [host]Displays the official (canonical) name of the host. Thecanonical name for a host may differ depending on themachine from which sehostinf is entered. If host is notspecified, sehostinf displays the name of the local host; ifhost is specified, sehostinf displays the name of thespecified host.

–q Checks for the information in “quiet” mode; performs thecheck without displaying the results. You cannot use thisargument with –h.

–uuserChecks if the specified user exists.

sehostinf Utility

194 Version 3.7

seiniDisplays information about the TACF database and initialization filesand sets the values of tokens in the initialization files.

SYNOPSISseini command [parameters]

The command is an argument that consists of a dash (–) followed bya letter that specifies the action to take. The parameters qualify theaction by specifying the objects on which to take the action.

DESCRIPTIONThe seini utility can do the following:

¶ Display or set the path of the TACF database.

¶ Display the path of an initialization (.ini) file.

¶ Display the contents of a token from an initialization file.

¶ Set the value of a specific token in a specific section of aninitialization file.

¶ Delete a specific token from a specific section of aninitialization file.

If no command is specified, seini displays the paths of the TACFdatabase and the seos.ini file.

The seini utility can update the seos.ini file only when seosd is notrunning, or when a rule in the database specifically permits it.

Arguments–d [host]

Displays the path of the TACF database. If you do notspecify a host, this argument displays the path of the localhost.

–f[host] section.token [iniFile]Displays the value of the specified token in the specifiedsection of the specified initialization file on a specified host.If the specified section or token cannot be found, an empty

seini Utility


3.TA

CF

Utilities

line is displayed. The host, section and token names must beseparated by a period (.). If the iniFile is not specified,TACF searches the seos.ini file for the section and token.You can display information about the local machine byspecifying only the section and token names.


–i[host]Displays the path of the initialization file seos.ini. If you donot specified a host, this argument displays the path on thelocal host.

–r[host] section.token [iniFile]Deletes the specified token from the specified section of thespecified initialization file on a specified host. If you do notspecified the iniFile, TACF deletes the token from theseos.ini file. To delete information on the local machne,specify the section and token names only.

–s[host] section.token newValue [iniFile]Sets the value of the specified token in the specified sectionof the specified initialization file on the specified host. If thespecified section or token does not exist, TACF creates it. Ifthe iniFile is not specified, TACF sets the value in theseos.ini file. You can set the value of this token on the localmachine by specifying the section and token names only.

OutputThe output depends on the command that was supplied. Thefollowing table provides sample outputs for different commands.

Command Line Expected Output

seini -i /usr/seos/

seini -f seosd.trace_file /usr/seos//log/seosd.trace

seini -f dummy.keyword No section named dummy in the seos.ini file.

seini -s seosd.trace_to_file The token seosd.trace_to now set to file (wasfile,stop).

seini Utility

196 Version 3.7

FILESThe seini utility can display all the tokens in the seos.ini file and thepath of the file.

The seini utility can display all the tokens in any of the .ini files.The name of the initialization file must always end in the suffix .ini.You can work on an .ini file from any remote host if you have writeand administrative privileges.

seini Output


3.TA

CF

Utilities

selangTACF command shell.

SYNOPSISselang option [parameters]

The option is an argument that consists of a dash (–) followed by aletter that specifies the action to take. The parameters qualify theaction by specifying the objects on which to take the action.

DESCRIPTIONThe selang utility invokes a command shell that provides access tothe TACF database and the UNIX environment. You update theTACF database dynamically by issuing TACF commands fromwithin the command shell. “TACF Command Language” on page 1describes TACF commands.

Notes¶ The result of the command execution is sent to the standard

output unless the –o option is used.

¶ Type one selang command per line. To continue a command onthe following line, type a backslash (\) at the end of the line.

¶ Many of the command line entry features available in tcsh andother smart shells are supported.

¶ The Usage section, which follows the Arguments section,contains information about the shortcuts and special charactersyou can use.

Arguments–c command

Executes command and exits. If command contains anyspaces, enclose the entire string in single quotation marks.For example:selang –c ‘showusr rosa’

selang Utility

198 Version 3.7

–d dbdirectoryUpdates the TACF database in the specified directory. Thisoption is valid only when seosd is not running.

–f fileNameReads the commands from the specified file rather than fromthe standard input of the terminal. As the commands in theinput file are executed, the number of the line currentlybeing executed is displayed on the screen. The selangprompt is not displayed on the screen. After selang executesthe commands in fileName, it exits. The file should consistof commands in normal selang syntax, separated bysemicolons or line breaks.


–l Updates the local TACF database. This option is valid onlywhen seosd is not running.

–o fileNameWrites the output in the specified file. Each time selang isinvoked, it creates a new, empty file. If you specify thename of an existing file, selang writes over the informationcurrently in the file.

–r fileNameReads the commands from the specified file. After thecommands in fileName are executed, selang prompts the userfor input. If fileName is not specified, selang uses the/.selangrc in the user’s home directory.

–s Does not display the copyright message.

Usage

Screen PromptAfter you enter the selang environment, you see a special selangprompt on your screen. The exact form of the prompt depends onyour working environment. In the seos environment, it looks similarto this:TACF>

selang Utility


3.TA

CF

Utilities

In the UNIX environment, it looks like this:TACF(unix)>

Special Characters and KeysThe following special characters are supported:

# or * At the beginning of a line, indicates that the line is acomment line. The line is not executed. Commentlines are useful when you input the TACF commandsfrom a file.

! At the beginning of the line, indicates that the rest ofthe line is a shell command. The command is sent tothe operating system shell program for execution;TACF does not execute the line.

up-arrow or down-arrow key or ^Retrieves a command from the history list, asdocumented in the History section that follows thislist of special characters.

\ As the last character of a line, indicates thecommand continues on the following line.

; Terminates a command and introduces a newcommand on the same line.

| pipe Pipes the command output to the specified pipe.

Tab Serves for word completion, as discussed in theWord completion paragraph later in this section.

Ctrl+d With the cursor positioned at the end of the line,displays a list of words that match the wordcompletion string in the command line.

With the cursor positioned anywhere other than atthe end of the line, deletes the character to the rightof the cursor.

Esc-Esc Displays the help text for the command in thecommand line. All the text in the command line ispreserved, so that you can continue typing thecommand from where you left off.

selang Usage

200 Version 3.7

HistoryExecuted commands are stored in a history list. The commands areordered chronologically, and each is preceded by a number based onthe order in which it was invoked.

Use the up- and down-arrow keys to display commands from thehistory list in the command line. To see only the commands thatbegin with specific characters, type those characters in the commandline before using the up- and down-arrows keys. When you press theEnter key, the command currently displayed in the command line isexecuted.

The TACF command shell supports the following shortcuts that usethe commands stored in the history list:

^^ [string]The previous command. If you specify string, it is appendedto the original command.

^n [string]The command that is numbered n in the history list, where nis a positive integer. If you specify string, it is appended tothe original command.

^–n [string]The nth command from the end of the list, where n is apositive integer. If string is specified, it is appended to theoriginal command.

^match [string]The most recently issued command that begins with thecharacters match, where match is a text string. If string isspecified, it is appended to the original command. Separatethe match and string values with a space.

Command Line EditingThe text in the command line can be edited. Use the arrow keys tomove around within the line. You can insert characters by typingthem directly into place. You can delete characters with the standardBackspace and Delete keys, or by pressing the Ctrl+d keycombination.

selang History


3.TA

CF

Utilities

UNIX ExitsA UNIX exit is a program that you specify (a shell script or anexecutable) that runs automatically before or after a user or group isadded or updated.

Shortcuts in TypingYou can use various additional techniques to save keystrokes in theTACF command shell:

¶ Command recognition: The TACF command shell recognizeswhich command you want to execute as soon as you typeenough characters to distinguish it from all the other availablecommands. For example, the only command beginning with theletters ho is the hosts command. As soon as you type ho, thecommand shell recognizes which command is intended. On theother hand, several commands begin with the string new. Youmust add enough characters to distinguish between newusr,newgrp, newfile, and newres.

¶ Abbreviations: Each command is associated with a one to fourletter abbreviation. For example, because several commandsbegin with the string new, you can also use the abbreviation nufor the command newusr. These abbreviations are documentedas part of the command syntax for each command in “TACFCommand Language” on page 1. Commands may be entered ineither uppercase or lowercase. Record and class names, however,are case-sensitive.

¶ Word completion: Press the Tab key in the middle of a word tocomplete the word. Word completion is context-sensitive. Ifthere is more than one word that matches the supplied string, theshortest word or word fragment that matches the string is used.For example, if you type the letter n, selang supplies ew, givingthe word new.

If this is not the required word, type one or more characters andpress the Tab key again to complete the word. Press the Ctrl+dkey combination to see all the possible options. This is useful ifyou are not sure which command to use. Using the example in

selang UNIX Exits

202 Version 3.7

the previous paragraph, if you add the letter u to the word newand press the Tab key, selang supplies sr, giving you thecommand newusr.

Words that are not part of the TACF commands are stored inmemory for use by the word completion feature later on in thesame session. For example, if you type newusr Mercedes andlater type showusr Me followed by the Tab key, the Me isexpanded to Mercedes, as follows:showusr Mercedes

This assumes that no other name was previously typed thatbegins with Me.

FILES

seos.ini FileThe selang utility uses the following tokens in the seos.ini file:

SectionTokens

passwdDefaultHome, DefaultShell, YpServerPasswd,YpServerSecure, YpServerGroup, YpMakeDir,YpPassCmd, YpGrpCmd, UntouchableUid,UntouchableGid

lang exit_timeout, help_path, timeout, pre_group_exit,pre_user_exit, post_group_exit, post_user_exit,query_size, use_unix_file_owner

Other FilesThe selang utility uses the following files:

¶ lang.ini

The lang.ini file contains configuration information used byselang. The utility uses the lang.ini files in one or both of thefollowing locations:

v The directory where the seos.ini file is located.

v The user’s home directory.

selang UNIX Exits


3.TA

CF

Utilities

If a token is defined in only one of the lang.ini files, thevalue where the token is defined is used. If a token is defineddifferently in the two lang.ini files, the value in the user’shome directory overrides the one in the seos.ini file.

The values for the tokens DefaultShell and DefaultHome inthe seos.ini file of the server, override the values set in thetokens DefaultShell and HomeDirPrefix in the lang.ini file.

By default, the sample lang.ini files are located in/usr/seos/samples/lang.init. See “The lang.ini File” onpage 433 for a description of the tokens of the lang.ini file.

¶ .selangrc

The .selangrc file, in your home directory, is the default file forthe –r option. It is a file of selang commands that are to beexecuted automatically each time you invoke theselangcommand. You write the file if you want to use it.

¶ A pair of help files and a pair of help index files, which shouldnot be edited:

v lang.hlp

v lang.idx

v langunix.hlp

v langunix.idx

selang Other Files

204 Version 3.7

seloadLoads the TACF extension to the UNIX kernel and the TACFdaemons.

SYNOPSISseload [host] [daemon]

DESCRIPTIONYou can use the seload utility to load TACF daemons locally andremotely. When you do not specify a host, seload starts the daemonslocally. The seload utility discovers whether the TACF extension tothe UNIX kernel resides in the system. If you have not alreadyloaded the TACF extension seload loads the TACF extension, andstarts the daemon on the specified host. After checking the status ofthe TACF extension to the UNIX kernel, seload checks whether theTACF daemon, seosd, is running. If seosd is not running, seloadstarts the daemon on the specified host.

You can select and load one of the following daemons on the remotehost: seosd, selogrd, selogrcd, or servu. This process depends onthe tokens in the daemons section of the seos.ini file.

Notes¶ Use the seload utility if TACF is placed in the boot sequence of

the server station.

¶ The seload utility requires that the executable se_loadtest belocated in the directory that contains the TACF binaries. Thisprogram determines if the TACF extension to the UNIX kernelis loaded.

¶ The TACF install places sample initialization files for everyoperating system supported by TACF in the/usr/seos/samples/system.init directory. Use these files if youwant TACF started as part of system initialization.

¶ For remote work, the seload utility requires that:

v The executable rseloadd be located in /usr/seos/1bin. Thisprogram runs on the remote host and activates seload.

seload Utility


3.TA

CF

Utilities

v The file /etc/services contains seosload service. This file isadded during TACF installation.

v The file /etc/inetd.conf contains the rseloadd program. Thisprogram is added during TACF installation.

FILES

seos.ini FileThe seload utility uses the following tokens in the seos.ini file:

SectionTokens

daemonstoken=text

seos SEOSPATH

The token in the daemons section is used only if it is filled in; thereis no default value for the token. If the token is filled in, seloadsubstitutes the value in the token for the standard values of thespecified utility or program. For example, if the token has the valueselogrd=yes, then seload automatically starts the selogrd daemonafter it starts the seosd daemon.


Other FilesThe seload utility uses the /usr/seos/bin/se_loadtest file.

seload Utility

206 Version 3.7

selogrcdCollector daemon for the TACF log routing system.

SYNOPSISselogrcd [–h] [–d] [–l lock-file-name]

DESCRIPTIONThe TACF log routing daemons selogrd and selogrcd providesystem administrators with convenient, selective access to the auditlog records.

The selogrcd utility is the collection daemon. This daemon collectsthe selected audit log records sent by various satellite systems andstores them in the audit collection file. The default value of this fileis /usr/seos/log/seos.collect.audit.

Notes¶ The collector daemon can be forced to start a new audit file by

sending it a USR1 signal. After you have the selogrcd processID, send it a USR1 signal using a kill command such as:# kill –USR1 processID

When selogrcd receives a USR1 signal, it renames the existingaudit file to /usr/seos/log/seos.collect.bak and creates a newaudit file.

¶ You can use a cron job to start a new audit file periodically. Asample script that performs this task is provided in the directory/usr/seos/samples/selogrcd.

Arguments–d Specifies the debug mode. In this mode, selogrcd does not

become a daemon. It sends debug information to theterminal.


–l lock-file-namePrevents multiple instances of selogrcd from running

selogrcd Utility


3.TA

CF

Utilities

concurrently. The lock-file-name is the name of the lock fileto use. By default, selogrcd uses /tmp/selogrcd (or inSunOS 4.x, /var/spool/locks/selogrcd). Use this option onlyif your /tmp system does not support file locking or if youwant to execute more than one instance of selogrcd on thesystem.

FILES

seos.ini FileThe selogrcd collector daemon uses the following tokens in theseos.ini file:

selogrd Tokens Meaning

CollectFile The name of the file in which selogrcd storesthe collected audit records. The default value is/usr/seos/log/seos.collect.audit.

CollectFileBackup The name that selogrcd uses when it renamesthe file of audit records and makes it the backupfile. The default value is/usr/seos/log/seos.collect.bak.

ServicePort The name or port number that the log routingfacility must use.

If present, selogrd and selogrcd use thespecified port. If there is no value in the token,selogrd and selogrcd dynamically allocate aUDP port using the RPC mechanism portmapper.The service name must be a UDP port becausethe log routing daemon uses UDP forcommunication.

If the token value is a number, daemons bind tothe specified port number or service name.

If the token value is a string, /etc/services orNIS services maps are used to resolve the portnumber.

selogrcd Utility

208 Version 3.7

logmgr Tokens Meaning

audit_group The name of the group that is permitted to readthe audit files. If audit_group is none, onlyroot is allowed read access.

Other FilesThe collector daemon uses the following additional special files:

¶ /usr/seos/etc/selogrcd.ext

¶ /usr/seos/log/seos.collect.audit

¶ /usr/seos/log/seos.collect.bak

¶ /usr/seos/log/seos.audit

SEE ALSOseaudit, selogrd

selogrcd Utility


3.TA

CF

Utilities

selogrdEmitter daemon for the TACF log routing system.

SYNOPSISselogrd command [parameters]

The command is an argument that consists of a dash (–) followed bya letter or word that specifies the action to take. The parametersqualify the action by specifying the objects on which to take theaction.

DESCRIPTIONThe TACF log routing daemons selogrd and selogrcd providesystem administrators with selective access to the audit log records.The selogrd utility is the emitter daemon. This daemon distributesselected local audit log records to the various destination hosts,reformats audit log records into e-mail messages, ASCII files, or userwindows; and sends notification messages based on audited events.

Notes¶ The TACF daemon must be up and running before the log

routing daemons can collect any meaningful information onTACF events. If the TACF daemon is not running, only old auditrecords are routed.

¶ The log routing daemons use a configuration file to determinewhere each audit log record is sent, the format in which the logrecord is written, and which records are routed. The/usr/seos/log/logroute.cfg file is the default. See the nextsection, The Log Route Configuration File for informationabout the format of the configuration file.

¶ The names of the configuration file and other globalenvironment variables used by selogrd and selogrcd arespecified in the TACF initialization file, seos.ini.

¶ The selogrd utility provides API access for programmersworking under TACF. The Logroute API allows programmers toincorporate their own options into the TACF audit log system tosupport in-house alerts not provided by the current log-routing

selogrd Utility

210 Version 3.7

facility. The Logroute API also enables programmers to use thelog routing daemons to provide functions to their own programs.For more information on all the TACF APIs, see the TivoliSecureWay Security Manager Programmer’s Guide for TACF.

¶ The selogrd daemon periodically restarts and reads the routeconfiguration file. The selogrd daemon can be forced to restartat a specified time. To do so, the following HUP signal must besent:kill –HUP processID

Use the ps UNIX command to find the selogrd process ID. Seeyour UNIX documentation for more information.

Arguments–audit audit-file-name

The utility uses the file name provided instead of thefile listed in seos.ini for the input audit file.

–config config-file-nameThe utility uses the file name provided instead of thefile listed in seos.ini for the configuration file.

–d Specifies the debug mode.

–data data-file-nameThe utility uses the file name provided instead of thefile listed in seos.ini to store routing progressinformation.


–l lock-file-nameEnables multiple instances of selogrd to runconcurrently. The lock-file-name is the name of thelock file to be used. By default, selogrd uses/tmp/selogrd (or in SunOS 4.x,/var/spool/locks/selogrd). Use this option only ifyour /tmp system does not support file locking or ifyou want to execute more than one instance ofselogrd on the system. Each lockfile must have adistinct name.

selogrd Utility


3.TA

CF

Utilities

The Log Route Configuration FileThe format of the configuration file is shown below, followed by adetailed explanation.section-name-1routing-method destination[{include|exclude} match-field(match-pattern) ...]....section-name-2routing-method destination[{include|exclude} match-field(match-pattern) ...].......

Specifying Audit RecordsThe configuration file is a list of which audit records to route, andwhich not to route, to various destinations. To specify audit records,you describe the contents of one or more particular fields. You canuse the standard UNIX pattern matching (the wildcards * and ?,etc.).

For example, to specify records that deal with users whoseusernames begin with the letters dbms, you would write thefollowing:User (dbms*)

That example would match users with names like dbms1,dbms_mgr, and so forth.

To specify the same users, but only the records that deal with theirlogin attempts, you would typeUser (dbms*) Class (LOGIN)

When a line specifies records in terms of more than one field, itspecifies only the records that match all those fields.

At the beginning of the same line that specifies the records, you tellwhether you want the records included or excluded. For example, toinclude those records in the routing,include User(dbms*) Class(LOGIN).

selogrd Utility

212 Version 3.7

This is the sort of line that appears in the overall format above[{include|exclude} match-field(match-pattern) ... .]

Here, the ellipsis (...) means that the first match-field(match-pattern)pair can be followed by further pairs.

As match-field(match-pattern) you can use any of the following:

Access(access-type)for the type of access required; access-type is any one of thefollowing: ACL, Chdir, Chgrp, Chmod, Chown, Connect,Control, Create, Erase, Exec, Kill, Modify, Owngrp,Password, Read, Rename, Replace, Update, Utimes,Write.

Class(LOGIN)for login records.

Class(LOGOUT)for logout records.

Class(PWCHANGE)for password administration.

Class(HOST)for TCP/IP records.

Class(UPDATE tacf-class)for database administration; tacf-class is any of the accessoror resource classes (such as USER, GROUP, FILE,HOSTNP...) or a pattern for the classname to match. Thusfor all database administration, you could specifyUPDATE *.

Class(tacf-class)for access to protected resources. For example, Class (FILE)refers to records reporting file access attempts. Note that youcan use an asterisk to combine Class (tacf-class) andClass(UPDATE tacf-class) as Class (*tacf-class). Forexample, specifying Class (*FILE) is like specifying both

selogrd Utility


3.TA

CF

Utilities

Class(FILE) and Class (UPDATE FILE). It refers both toattempts to access files and to attempts to update TACFrecords in the FILE class.

Code(return-code)for the TACF return code indicating what happened;return-code can take the following values.

A An attempt to log in failed because an invalidpassword was entered multiple times.

D TACF denied access to a resource, did not permit alogin, or did not permit an update to the TACFdatabase because the accessor did not have sufficientauthorization.

E serevu enabled a disabled user account.

F An attempt to update the TACF database failed.

I serevu disabled a user account.

M TACF was started or shut down.

O A user logged out.

P TACF permitted access to a resource or permitted alogin.

S The TACF database was successfully updated.

T An audit record was written because all the actionsof the user are being traced.

U A trusted program (setuid or setgid) was changed;therefore, it is now untrusted.

W An accessor’s authority was insufficient to access thespecified resource; however, TACF allowed theaccess because warning mode is set in the resource.

Host(host-name)for the host involved in a TCP/IP connection.

Object(resource-name)for the resource that the user is attempting to access.

selogrd Utility

214 Version 3.7

Reason(reason-number)for the reason triggering the audit record.

Service(service-name)for the name of the service requested from the remote host,such as telnet or ftp for example.

Source Host(hostname)for the name of the host that contributed the record to theconsolidated audit.

Stage(stage-number)for the stage at which access was granted or denied.

Terminal (terminal-name)for the terminal that is attempting access or administration.

UID(uid-number)for the uid of the user who is attempting access oradministration.

User(username)for users attempting access or administration; username is aname or pattern.

Refining with Further LinesIn order to refine your specifications, you can filter by differingcriteria at the same time. Simply add one include/exclude line afteranother. For example,include User(dbms*) Class(*LOGIN*).exclude Terminal(console_*).

The example specifies all login attempts by users whose namesbegin with dbms and who are at terminals that do not have namesbeginning with console_.

Specifying the DestinationYou use a line above your sequence of include/exclude lines tospecify the destination for the audit records you are including. Forexample:mail weekwatchinclude User(dbms*) Class(*LOGIN*).exclude Terminal(console_*).

selogrd Utility


3.TA

CF

Utilities

The example specifies that the e-mail address weekwatch willreceive a report on all login attempts by users whose names beginwith dbms and who are at terminals that do not have namesbeginning with console_. This is the sort of line that appears in theoverall formatrouting-method destination

You can use any of the following:

mail addressto e-mail the audit record; address is the destination address.If it is not in the form user@host, it is checked against localuser lists and the NIS mail alias map.

CAUTION:If address is a username and surrogate requests to thatuser’s account are audited, then the audit records willaccumulate endlessly.

screen user-nameto display the audit record on the screen of the specifieduser, if that user is logged in at the current host whenselogrd forwards the audit record. If the user is not loggedin, the display is cancelled, not postponed.

file textfilenameto write the audit record in the specified ASCII file;textfilename must be an absolute pathname and selogrd musthave access to the file.

host hostnameto send the audit record to the audit log collector on thespecified host. If that host is not available, selogrd will tryagain later.

notify mail or notify defaultto e-mail the audit record to the address that the audit recorditself specifies.

notify screento display the audit record on the screen of the user that the

selogrd Specifying the Destination

216 Version 3.7

audit record itself specifies. If the user is not logged in, thedisplay is cancelled, not postponed.

tec hostnameTo send the audit record to the specified Tivoli/TEC server.

Proper Sequence for LinesIt is important to arrange your include/exclude lines in propersequence, properly delimited.

¶ Each sequence of lines (or single line) that you want to treat asa single complex filter must be preceded by a title line, and itmust be ended by a terminating line that consists of a single dot;for exampledbms login from non-consolemail weekwatchinclude User(dbms*) Class(*LOGIN*).exclude Terminal(console_*)..

The full sequence, including the title line and terminating line, iscalled a section of the file.

¶ If both include and exclude lines match the same audit record inthe same section, the last match overrides all others.

¶ If no lines at all match a particular audit record, then the firstline of the section is the deciding line for that record. (If the firstline is an include line, then the failure to match excludes therecord. If the first line is an exclude line, then the failure tomatch means that the record is included for routing.)

¶ If the section includes no include/exclude lines, then all auditrecords are included for routing.

How Sections CoexistWhereas the lines of a section work together to produce a singledecision as to whether or not a record is to be sent, different sectionsin the configuration file work entirely independently. Whether anaudit record is sent by one section has no influence on whether thesame audit record is sent by another section.

selogrd Specifying the Destination


3.TA

CF

Utilities

You can send the same selection of audit records to more than onedestination, and the same destination can receive more than oneselection of audit records.

In your configuration file, the total of all the include/exclude lines,from all the sections together, must not exceed 64 lines.

Including CommentsTo add a comment line to the configuration file, begin the line witha semicolon (;).

ExampleHere is a sample configuration file, followed by an explanation.; Product : TACF; Module: selogrd; Purpose: route table for audit log routing daemon;;---------------------------------------------------Rule#1mail jones@admhostinclude Class(*LOGIN*) Code (D)..Rule#2mail smithinclude Class(*SURROGATE*) Object (user.ROOT*)..Rule#3host venusexclude Class(UPDATE SU*)..Rule#4host venusinclude Class(*PROGRAM*) Object(/usr/bin/ps)..

The first five lines are comment lines.

The next four lines are the first section, named Rule#1.Rule#1mail jones@admhostinclude Class(*LOGIN*) Code(D).

selogrd Proper Sequence for Lines

218 Version 3.7

They tell selogrd to mail a log record to the addressjones@admhost whenever a login request is denied. (Code Dreports denial).)

The next section is named Rule#2.Rule#2mail smithinclude Class(*SURROGATE*) Object(USER.root*)..

It tells selogrd to mail a log record to the address smith wheneversomeone attempts to use the su command to enter the root account.(The objects in the SURROGATE class are targets for the sucommand.)

The next section is named Rule#3.Rule#3host venusexclude Class(UPDATE SU*)..

It tells selogrd to send a log record to the collector on host venuswhenever someone attempts database administration, unless the classname begins with the letters SU. (The matching classes areSURROGATE and SUDO.)

The last section is named Rule#4.Rule#4host venusinclude Class(*PROGRAM*) Object(/usr/bin/ps)..

It tells selogrd to send a log record to the collector on host venuswhenever someone attempts to use the ps command.

A Simpler ExampleThe following configuration file sends all audit records to thecollector on the station named loghost.; Product: TACF; Module: selogrd; Purpose: route table for audit log routing daemon;

selogrd How Sections Coexist


3.TA

CF

Utilities

;---------------------------------------------------Rule#1host loghost.

Return CodesEach type of record in the configuration file can be associated withone or more TACF return codes. The record types and the returncodes they are associated with are described in the following table:

Records of this type...

Representing this classor event ...

Are associated with thefollowing return codes...

Login LOGIN D, P, W

LOGINDISABLE I

LOGINENABLE E

Logout LOGOUT O

TCP/IP HOST D, P

Resource classes Class name D, P, W

Watchdog PROGRAM U

SECFILE U

Passwordadministration

PWCHANGE D, F, S

Down SHUTDOWN D, S

Start START S

TACF databaseadministration

UPDATE D, F, S

Trace on user TRACE F, D, P

SNMP TrapsFor systems using the Internet network management protocol SNMP(Simple Network Management Protocol), selogrd can be configuredto create SNMP traps using TACF audit records.

To implement the SNMP traps, first locate the SNMP shared objectsprovided in the TACF libraries, then configure selogrd correctly

selogrd How Sections Coexist

220 Version 3.7

using these shared objects. The shared objects-snmp.so andlibsnmp.so-can usually be found in the directory /usr/seos/lib.

To configure selogrd to use the shared objects, perform thefollowing steps:

1. Create a file called /usr/seos/etc/selogrd.ext.

2. Define where the SNMP shared objects are by adding a singleline to the file /usr/seos/etc/selgrd.ext with the appropriate pathfor the snmp.so. For example:snmp /usr/seos/lib/snmp.so

3.

Configure the selogrd.cfg to specify what type of action shouldtrigger SNMP traps, and which location is to be notified whenSNMP traps are triggered. The configuration is similar to that forother auditing notification, with the delivery system specified assnmp.

For the following example, you want to have SNMP trapsactivated at system start and system shutdown, and you want tohave notice of these SNMP traps sent to AuditPC. This isaccomplished by adding the following section to the selogrd.cfgconfiguration file:snmpRulesnmp AuditPCinclude Class (START).include Class (SHUTDOWN)..

Similarly, the SNMP traps can be activated by other actions or typesof access, or sent to other locations.

ConfigurationThe selogrd and selogrcd daemons must constantly run in thebackground. Update your /etc/inittab file so that these daemons willalways run. For example, to start the selogrd and selogrcd daemonswhen the system is rebooted, add the following two lines:selogrd:2:respawn:/usr/seos/bin/selogrd >dev/console 2>&1selogrcd:2:respawn:/usr/seos/bin/selogrcd >dev/console 2>&1

selogrd SNMP Traps


3.TA

CF

Utilities

Since the log-routing facility uses RPC to route audit records,placing a log audit collector behind a firewall does not allow simpleblocking of UDP ports because there is no way to know which portthe portmapper will assign to the server daemon. To solve thisproblem, you can use the token ServicePort to assign a predefinedport to the server daemon.

If the firewall allows port 111 from outside the network (portmapperport), only the seos.ini file in the server should be changed. If thefirewall does not allow communication to portmapper in theprotected network, both clients and server must agree on a specificport.

This can be done by setting the same value in the token ServicePortin the seos.ini files in both clients and the server. The value assignedcan be a number, which means that the daemons bind to thespecified port, or a service name. If a service name is used, bothclients and the server must have the same service resolution. Forexample, if using the service name seoslogr, then in the /etc/servicesfile of the clients and the server add:seoslogr 2022/udp # Audit log-routing

If the clients or the server are using NIS to resolve services, youmust update the NIS services map.

FILES

seos.ini FileThe selogrd emitter daemon uses the following tokens in the seos.inifile:


Interval The sleep interval, in seconds, between polls ofthe audit log file. The default value is 5.

ChangeLogFactor This factor is multiplied by the sleep interval todetermine the time lapse before testing the logfile for changes. The default value is 3.

MaxSeqNoSleep The maximum number of log records scannedwithout sleeping. The default value is 50.

selogrd SNMP Traps

222 Version 3.7


SavePeriod The amount of time, in minutes, between eachsave of a target’s routing information, includingdata indicating the number of audit records sent.The information is contained in the lastsuccessfully sent audit record. The default valueis 10.

Mailer The name of the utility used by the system tosend mail. The default program is /bin/mail.

DataFile The name of the file used by the audit logdaemons to store information on the variousrecord destinations and the last recordforwarded to each destination. The default fileis /usr/seos/log/logroute.dat.

RouteFile The name of a file containing routing rules. Thefile is used unless overridden by the selogrdutility’s –configoption. The default value is/usr/seos/log/selogrd.cfg.

logmgr Tokens Meaning

audit_log The name of the TACF audit log file.

audit_group The name of the group that is permitted to readthe audit files. If set to none, only root isallowed READ access.

Other FilesThe selogrd utility uses the following additional special files:

¶ /etc/passwd

¶ /etc/services

¶ /tmp/selogrd

¶ /tmp/selogrcd

¶ /usr/seos/etc/selogrd.ext For more information, see the TivoliSecureWay Security Manager Programmer’s Guide for TACF.

¶ /usr/seos/log/seos.audit

selogrd Utility in the seos.ini File


3.TA

CF

Utilities

¶ /usr/seos/log/logroute.cfg

¶ /usr/seos/log/logroute.dat

¶ For SNMP users:

v snmp.so and libsnmp.so (usually found in the directory/usr/seos/lib)

v /usr/seos/etc/selgrd.ext

SEE ALSOseaudit, selogrcd

selogrd Other Files

224 Version 3.7

semigrateCopies data from a TACF database into a flat file or from a flat fileinto a TACF database.

SYNOPSISsemigrate [ –w fileName | –r [ –s ] fileName ]

DESCRIPTIONThe semigrate utility copies data from user records in an existingTACF database to a flat file. The utility can also copy the data fromthe flat file into a new TACF database. The database from which thedata is imported must be TACF, Version 1.21 or later.

Note: When copying from a flat file into a new TACF database, it isimportant to use the same version of semigrate you usedwhen creating the flat file. If you have more than one versionof TACF, it is strongly recommended that you use the mostrecent version of the utility.

The data that is imported includes:

OLD_PASSWDThe old passwords (password history) of the user.

PASSWORD_L_CThe date and time the user password was lastchanged.

LAST_ACC_TERMThe terminal from which the user last logged in.

UPDATE_TIMEThe date and time the user record was last updated.

Notes¶ semigrate always reads from or writes to the database in the

current directory unless using the –s option.

¶ Always create a backup of the database before using thesemigrate utility.

semigrate Utility


3.TA

CF

Utilities

¶ For better security, delete the old database, the script used tobuild the new database, and the flat file created by semigrateafter copying the data from the old database into the newdatabase.

¶ The flat file is written in binary format.

Arguments–r Reads the TACF database in the current directory and copies

certain data into the flat file specified in the command line.

–s Reads the information from the TACF database using theTACF server rather than reading the database directly. Thisoption is only valid when reading from the TACF databaseusing the –r switch.

–w Reads the flat file specified in the command line and copiesthe data into the TACF database in the current directory.

fileNameThe file in which semigrate writes the data or from whichsemigrate reads the data.

EXAMPLESThe following steps describe how to copy data from an existingTACF database into a new TACF database. The old database isassumed to be in the directory /tmp/old_db. The new database isassumed to be in the directory /usr/seos/seosdb.

1. Become the superuser by logging in as root or su to root.

2. If the TACF daemons are running, shut them down with thefollowing command:# secons –s

3. Create a backup of the old database by copying it to a differentlocation or to a backup medium.

4. Create a script that will duplicate the old database by running theutility sedb2scr on the old database:# cd /tmp/old_db# /usr/seos/bin/sedb2scr –l > lang_script

semigrate Utility

226 Version 3.7

5. Execute the script generated in the previous step and create thenew database:# cd /usr/seos/seosdb# /usr/seos/bin/selang –l< /tmp/old_db/lang_script

6. Execute the semigrate utility to create a flat file containing datafrom the old database:# cd /tmp/old_db# /usr/seos/bin/semigrate –r flat_file

7. Load the data from the flat file into the new TACF database:# cd /usr/seos/seosdb# /usr/seos/bin/semigrate –w /tmp/old_db/flat_file

FILESThe seos.ini file is not used.

The TACF database files in the current directory are used.

SEE ALSOsecons, sedb2scr

semigrate Utility


3.TA

CF

Utilities

semsgtoolMaintains the TACF message file.

SYNOPSISsemsgtool command [parameters]

The command is an argument that consists of a dash (–) followed bya word or abbreviation that specifies the action to take. Theparameters qualify the action by specifying the objects on which totake the action.

DESCRIPTIONThe semsgtool utility can perform the following functions:

¶ Show a single message from the TACF message file.

¶ List an entire section of messages.

¶ Dump the entire file into ASCII files, one ASCII file for eachsection.

¶ Build a new message file.

Notes¶ You can specify only one command each time you execute

semsgtool.

¶ The TACF message file is composed of sections and messagenumbers. Each section holds messages for different TACFmodules or submodules.

¶ This utility replaces the SeOS seerr utility, which existed inearly versions of Memco’s software.

Arguments–build | –b asciiSourceFile outputMessageFile

Creates a new TACF message file from an ASCII source file.

–dump | –d messageFileDumps the message file into several files, one file for eachsection of the message file. This creates ASCII source filesthat later can be used to create new TACF message files.

semsgtool Utility

228 Version 3.7

–list | –l [messageFile] sectionNumberLists all the messages in a given section in the filemessageFile. If the messageFile parameter is not supplied,semsgtool uses the message file specified in the file nametoken in the seos.ini file. The section number can be ahexadecimal number or a decimal number; the hexadecimalnumber must be preceded with 0x.

–show | –s [messageFile] messageCodeGiven a specific messageCode, semsgtool shows themessage associated with it. If the messageFile parameter isnot supplied, semsgtool uses the message file specified inthe file name token in the seos.ini file. The messageCodecan be a hexadecimal number or two parameters specifyingsection code and message code. The section or message codein turn can also be decimal or hexadecimal numbers.Hexadecimal numbers must be preceded by 0x.

This option provides the same functionality as the SeOSseerr utility, which existed in early versions of Memco’sSeOS.

EXAMPLES1. To list the message associated with the error code 0x0205, type:

# semsgtool –s 0x0205

2. To create a modified TACF message file, do the following:

a. Create a temporary directory# mkdir /tmp/msg_build

b. Change to the new directory# cd /tmp/msg_build

c. Dump the messages to ASCII files# semsgtool –dump /usr/seos/data/seos.msg

Now you should have a file for each section in the messagesfile.

d. Using csh, create a single file from all the sections:

semsgtool Utility


3.TA

CF

Utilities

# foreach f ( 0x0* )foreach? echo '$SECTION ' $f >> ascii_fileforeach? cat $f >> ascii_fileforeach? end

e. Rebuild the TACF message file:# semsgtool –b ascii_file seos.msg

f. Install the new message file:# cp seos.msg /usr/seos/data/seos.msg

FILESThe semsgtool utility uses the file name token of the messagesection in the seos.ini file. The default value is/usr/seos/data/seos.msg.

semsgtool Utility

230 Version 3.7

senableEnables a user account disabled by the serevu utility.

SYNOPSISsenable [–h] [–host hostName] userName [–n]

DESCRIPTIONThe senable utility enables the login of a user that has for anyreason been disabled, at any location at which the user was disabled.For example, a user may have been disabled by the serevu daemon,or because the user’s suspend date has come, or because the user’sexpire date has come.

The senable utility checks whether the user specified by userNameappears in the /usr/seos/log/serevu_disable.users file (or the file youhave entered in the token save_disable_path in the serevu sectionof the seos.ini file). If the user appears in the file, senable enablesthe user account in all the locations in which the user account wasdisabled. If the userName does not appear in serevu, senable checksother sources where the user may have been disabled, then enablesthe user. Then senable calls sepass, which prompts for a new userpassword. If you run senable with the –n option, sepass will not beinvoked, and the last used password is restored.

AuthorizationOnly users with the ADMIN or PWMANAGER attribute can executesenable.

Argument–h Displays help.

–host Select a host where the account will be changed fromdisabled to enabled.

hostNameThe name of the host where the account will be changedfrom disabled to enabled.

senable Utility


3.TA

CF

Utilities

userNameThe name of the account being changed from disabled toenabled.

–n Run the command noninteractively.

FILESThe senable utility uses the sav_disable_path token in the seos.inifile.

SEE ALSOserevu

senable Utility

232 Version 3.7

senoneExecutes a command as a non-TACF user process.

SYNOPSISsenone [ –h | command ]

DESCRIPTIONThe senone utility is designed to be used by highly authorized users;senone executes a command issued by a highly authorized user as anonauthorized user process.

When senone is invoked, it deletes the process credentials from theauthorization daemon. The senone utility executes a shell with thecredentials of a user who is not defined to TACF. From this pointon, any program invoked from within the shell is executed with thecredentials of the non-TACF user.

Notes¶ If senone is executed without specifying a command, the user’s

shell, as defined in /etc/passwd, is executed.

¶ senone is intended for use by administrators testing untrustedprograms. It is recommended that users logged in as root shouldnot run untrusted programs. Even when running untrustedprograms with the utility senone, there is always the possibilitythat the unexpected may occur.

¶ senone does not change the invoker’s user ID; therefore, theuser’s UNIX privileges are not changed.

¶ The TACF authorization daemon seosd must be running to usesenone.


commandThe command to be executed by senone.

senone Utility


3.TA

CF

Utilities

FILESThe /etc/passwd file is used. The seos.ini file is not used.

SEE ALSOsesu, sewhoami

senone Utility

234 Version 3.7

SEOS_loadThe TACF interception module loader for all stations except SunSolaris 2 and NCR stations.

SYNOPSISSEOS_load

DESCRIPTIONSEOS_load loads the TACF kernel interception module(SEOS_syscall) into the kernel. The interception module must beloaded before any TACF utility is run. SEOS_load should not beused on Sun Solaris 2 or NCR stations.

FILESThe seos.ini file is not used. No special files are used.

SEE ALSOS58SEOS, S68SEOS, SEOS_syscall

SEOS_load Utility


3.TA

CF

Utilities

SEOS_syscallThe TACF interception module.

SYNOPSISSEOS_syscall

DESCRIPTIONSEOS_syscall is the image of the kernel interception mode. It isloaded into the kernel by SEOS_load, S58SEOS, or S68SEOS.


SEE ALSOS58SEOS, S68SEOS, SEOS_load

SEOS_syscall Utility

236 Version 3.7

seosdThe TACF authorization daemon.

SYNOPSISseosd [argument]

DESCRIPTIONThe executable file seosd is the main TACF daemon. A daemon is aprocess that has disconnected from both its controlling tty and itsparent process. The TACF daemon makes the run-time decisionsrequired to grant or deny access to a resource.

Only root can invoke seosd, and only a user with the ADMIN orOPERATOR attribute can shut it down.

The TACF daemon opens, reads, and updates the TACF database. Noother process can access the TACF database while the TACF daemonis running. The TACF daemon also blocks any write, delete, orrename access to critical files such as the TACF audit and trace filesand, optionally, the TACF binary files.

Note: You do not need to specify the seosd daemon. Seload alwaysensures that seosd daemon is running.

FILES

seos.ini FileThe behavior of many TACF daemon functions is controlled by thevalues set in the seosd section of the seos.ini file. This sectiondescribes the values of these tokens.

dbdir Specifies the path of the TACF database directory.The default value is /usr/seos/seosdb.

GroupidResolutionDetermines how TACF translates group ID numbersto group names. The valid values are system, cache,and ladb.

seosd Utility


3.TA

CF

Utilities

If the value is system, TACF uses a system call totranslate group ID numbers. This value can be usedfor standalone, NIS/NIS+ client, DNS client, andDNS server stations.

If the value is cache, group ID numbers and namesare cached in seosd. This is the fastest and easiestway to do translations but the cache cannot beupdated during runtime.

If the value is ladb, TACF uses a lookaside databaseto translate group ID numbers. The sebuildla utilitymust be run to re-create the lookaside database eachtime an update to the relevant transaction table takesplace.

For NIS and NIS+ servers, you can use either cacheor ladb.

For all stations, the value ladb is preferred.However, in TACF version 2, the default values arethat seosd continues to use the tokensunder_NIS_server and use_lookaside to control thetranslation process.

HostResolutionDetermines how TACF translates IP addresses tohost names. The valid values are system, cache, andladb.

If the value is system, TACF uses a system call totranslate IP addresses. This value can be used forstandalone, NIS/NIS+ client, and DNS clientstations.

If the value is cache, host names and their IPaddresses are cached in seosd. This is the fastest andeasiest way to do translations but the cache cannotbe updated during runtime.

If the value is ladb, TACF uses a lookaside databaseto translate IP addresses. The sebuildla utility must

seosd Utility in the seos.ini File

238 Version 3.7

be run to re-create the lookaside database each timean update to the relevant transaction table takesplace.

For NIS, NIS+, and DNS servers, you can use eithercache or ladb; the value ladb is preferred.

However, in TACF Version 2, the default values arethat seosd continues to use the tokensunder_NIS_server and use_lookaside to control thetranslation process.

kill_ignore Specifies whether seosd is to ignore the killcommand. One of the following values must bespecified:

yes-The kill command is ignored. This is the defaultvalue.

no-The kill command terminates seosd.

login_timeout Specifies the time in seconds that a login processmust complete its user and password verification.After the time has expired, an audit record is writtento the audit file.

lookaside_pathSpecifies the full path of the lookaside database. Thistoken applies only when the tokensunder_NIS_server and use_lookaside are set to yes.For more information, see the under_NIS_servertoken. There is no default value for this token.

nfs_devices Specifies the name of the file that contains the NFSmajor device numbers. Enter the full path of the file.The default value is /usr/seos/etc/nfsdevs.init.

protect_bin Specifies whether seosd protects the TACF binaryfiles. Specify one of the following values:

yes-seosd protects the TACF binary files. Do not usea yes value while the _default access for your FILErecords is none, because then, unless all



3.TA

CF

Utilities

/usr/seos/bin files have FILE records, inaccessibilityof files could make TACF unusable.

no-seosd does not protect the TACF binary files.This is the default value.

resolve_timeout

Specifies the maximum number of seconds seosdwill try to resolve an IP address to host name, userID to user name, group ID to group name, or serviceport number to service name. If the specified timeexpires without a resolution, seosd assumes that noresolution exists for the specified IP address, userID, group ID, or port number. This value only takeseffect when seosd is using system resolution or whenthe under_NIS_server token is set to no.

If the specified time expires without a resolution,seosd assumes that no resolution exists for thespecified IP, ID, or port.

If value is set to 0 (zero), there will be no timeout.The default value is 5 seconds.

ServiceResolutionDetermines how TACF translates TCP port numbersto service names. The valid values are system,cache, and ladb.

If the value is system, TACF uses a system call totranslate TCP port numbers. This value can be usedfor standalone, NIS/NIS+ client, DNS client, andDNS server stations.

If the value is cache, service names and their TCPport numbers are cached in seosd. This is the fastestand easiest way to do translations but the cachecannot be updated during runtime.

If the value is ladb, TACF uses a lookaside databaseto translate TCP port numbers. The sebuildla utility


240 Version 3.7

must be run to recreate the lookaside database eachtime an update to the relevant transaction table takesplace.


For all stations, the value ladb is preferred.However, in TACF version 2, the default values arethat seosd continues to use the tokensunder_NIS_server and use_lookaside to control thetranslation process.

trace_file Specifies the full path of the trace file. The default is/usr/seos/log/seosd.trace.

trace_file_typeDetermines whether the trace file is written in binaryor text format. If the trace file should be written inbinary format, the value of this token must bebinary. If the trace file should be written in textformat, the value of this token must be text.

The daemon seosd checks the value of this tokenand compares it to the contents of the trace file. Ifthe token value does not match the format of thetrace file, seosd saves the trace file under its nameand adds the extension .backup.

trace_filter Specifies the name of the file that contains the filterdata that is used to filter the trace messages. Enterthe full path of the file. The default value is/usr/seos/etc/trcfilter.init.

trace_space_saverSpecifies the amount of free space in kilobytes to beleft in the file system. When the amount of freespace is less than this number, TACF disables thetrace. The default value is 1024.

trace_to Specifies the trace option. One of the followingvalues must be specified:



3.TA

CF

Utilities

file-The trace messages are sent to the file specifiedby the trace_file token.

file,stop-TACF generates trace messages during theperiod of daemon initialization. Once the daemon isinitialized, no more trace messages are generated.This is the default value.

none-No trace messages are issued. This is thenormal setting once TACF has been installed andfully implemented.

use_lookaside This token applies only when the under_NIS_servertoken is set to yes. For more information, see theunder_NIS_server token. Valid values are:

yes-seosd uses a lookaside database that holds all theinformation required for the translations. Since thelookaside database can be refreshed at any time,there is no need to restart the TACF daemon. Usethe sebuildla utility to build and refresh thelookaside database. The location of the lookasidedatabase is set by the lookaside_path token. Formore information, see the lookaside_path token.

no-seosd caches all user, group, host, and serviceinformation during startup so that all translations aredone in memory. This requires that seosd berestarted periodically to refresh the cache. The TACFdaemon should be restarted daily to refresh thecache. This is the default value.

under_NIS_serverTACF usually asks UNIX to do user ID to username, group ID to group name, IP address to hostname, and port to service translations by calling thestandard library routines. If the machine is an NIS orDNS client, UNIX may ask the concerned servers.

Note: On a station that is an NIS, NIS+, or DNSserver, specifying no may hang the computer.


242 Version 3.7

When yes is specified, seosd makes the translation inone of two ways:

¶ All the required information is cached inmemory during startup.

¶ By use of a lookaside database. For moreinformation, see “use_lookaside.”

UseridResolutionDetermines how TACF translates user ID numbers touser names. The valid values are system, cache, andladb.

If the value is system, TACF uses a system call totranslate user ID numbers. This value can be usedfor standalone, NIS/NIS+ client, DNS client, andDNS server stations.

If the value is cache, user names and their user IDnumbers are cached in seosd. This is the fastest andeasiest way to do translations but the cache cannotbe updated during runtime.

If the value is ladb, TACF uses a lookaside databaseto translate user ID numbers. The sebuildla utilitymust be run to re-create the lookaside database eachtime an update to the relevant transaction table takesplace.


For all stations, the value ladb is preferred.However, in TACF, the default values are that seosdcontinues to use the tokens under_NIS_server anduse_lookaside to control the translation process.

Other FilesThe TACF daemon also uses initialization and configuration filesother than the seos.ini file:

¶ trcfilter.init



3.TA

CF

Utilities

This optional file contains entries that specify filter masks forfiltering the TACF trace messages. Each line of the file containsa regular expression. When a message is sent to the trace file,seosd checks whether the message matches one of the entries inthe trcfilter.init file. The trace message is written to the file onlyif it does not match any of the expressions specified in thetrcfilter.init file.

The following trcfilter.init file causes all messages that beginwith “INFO” or “WATCHDOG” to be discarded. They are notwritten to the trace file.WATCHDOG*INFO*

¶ Audit.cfg

This optional file offers an additional way to filter, or block auditmessages from seosd. You can supply a filter file that is read byseosd during start-up. This filter file defines audit records thatshould not be generated. This filter also helps to limit the size of theseos.auditfile by keeping only the records needed. You may setfiltering rules for class name, object name, user name, or groupname, program name, access rights, and authorization result. Auditfilter rules are written in /usr/seos/etc/audit.cfg file . In thefollowing example, if root successfully reads a file, seosd does notsend a message to the audit file. If root cannot read the file, seosdsends a message to the audit file, FILE;*;root;*;R;P. When amessage is sent to the audit file, seosdchecks whether the messagematches one of the entries in the file. An entry in the audit.cfg fileis in the following format: Class; Object; User; Program; Access;Result The fields in the entry are defined as follows:

¶ Class-Write the class name in uppercase.

¶ Object-Write the name of the resource using a pattern (*).

¶ User-Write the user name using a pattern (*).

¶ Program-Write the program being used using a pattern (*).

¶ Access-The access rights must be from the table below.

¶ Result-The authorization result must be P (permit) or D (denied).

seosd Other Files

244 Version 3.7

The following table shows the possible access rights.

Access Meaning

R read

W write

X execute

Modify modify

Cre create

Del delete

Chown chown-change owner

Chgrp chgrp-change group

Chmod chmod-change mode

Utime touch-change time

Sec sec, acl - change acls’

Join join user to group

Rename my-change file name

Kill kill

Chdir chdir - change directory

Performance ConsiderationsWhenever it is necessary for TACF to perform user ID to user name,group ID to group name, IP address to host name, and port toservice translations, it may impact TACF performance. The wayTACF performs these translations depends on the value of certaintokens in the seos.ini file; in particular, the under_NIS_server,use_lookaside, GroupidResolution, HostResolution,ServiceResolution, UseridResolution, and resolve_timeout tokens.

When native operating system mechanisms are performing theresolution, the impact on system performance is relatively small.When translating an IP address to a host name, an externalmechanism such as DNS is necessary to perform the translation.This may result in significant degradation in system performance.The degradation occurs because while the authorization daemon

seosd Other Files


3.TA

CF

Utilities

seosd is waiting to receive the host name, all other processes thathave been intercepted by TACF must also wait until seosd completesits processing.

Notes¶ The seosd executable becomes a daemon only if one of the

following conditions is true:

v The trace messages are not sent to the screen; the trace_totoken in the seos.ini file is set to file, stop, or none.

v No argument was specified on the command line wheninvoking the utility.

If none of these conditions is true, seosd remains a regularprocess.

¶ When seosd is invoked absent an argument, it makes seosd intoa daemon. When seosd is invoked with an argument of -d, itmakes seosd into a daemon, but forces tracing to the trace_file.Finally, when seosd is invoked with an argument other than -d,itdoes not make seosd into a daemon.

¶ If the TACF daemon is invoked while another copy of seosd isrunning, the invocation process is terminated.

¶ The following processes are started during seosd startup:

v seagent, the TACF agent daemon

v seoswd, the TACF watchdog daemon

The TACF daemon is completely initialized only after thesedaemons are also running. After initialization, these threedaemons maintain a type of handshaking protocol to ensure theyare all alive and responding. If one of these daemons is found tobe absent, it is automatically restarted by one of the other twodaemons. When seosd is started by the watchdog or the agent,the command line argument is set to the name of the daemonthat started it.

seosd Other Files

246 Version 3.7

¶ When the value of the under_NIS_server token is no, seosdallows UNIX to translate user IDs, group IDs, IP addresses, andport numbers by taking data from the following sources:

Standalone seosd uses the following files for translations:

/etc/passwd for user ID to user name

/etc/group for group ID to group name

/etc/hosts for IP address to host name

/etc/services for service ports to service names

NIS client The source of the information varies, dependingon the operating system and its version number.Usually the information is taken from /etc filesand the NIS server. However, in some systems,the /etc files are not the source and the order inwhich translation is made is changed duringsystem configuration. For example, in the Solaris2.x system, the file /etc/nsswitch.confdetermines the translation order.

DNS client Translation for users, groups, and services isdone using /etc files. Host names are translatedby calls to the DNS server, and on some systemsthe /etc/hosts file is also read.

NIS and DNS clientsThe IP address to host name translation is doneby DNS. For user, group, and servicetranslations, the translations are done in the sameway as NIS client translations.

¶ When the value of the under_NIS_server token is yes, seosddoes its own translations. If seosd caches data for itstranslations, the sources of its data are:

NIS serverThe server machine usually behaves as both server andclient and the NIS server daemon is consulted for anytype of translation. The files that contain the sources ofthe NIS resolution maps are usually located in /var/yp,

seosd Performance Considerations


3.TA

CF

Utilities

but the location may vary, depending on the siteconfiguration and the type and version of the operatingsystem.

DNS serverThe source of the information used for translation isdependent on the configuration of the site. DNS does nothave an option to scan its resolution database; therefore,TACF cannot use caching and must use a lookasidedatabase. The lookaside database must be configured sothat the utility sebuildla uses a host list file. See“sebuildla” on page 167 on “sebuildla” on page 167formore information.

all othersSame as DNS server.

The seosd utility can also use the tokens GroupidResolution,HostResolution, ServiceResolution, UseridResolution, andresolve_timeout to control the translation process. See “Theseos.ini File” on page 407 for more information about thesetokens.

SEE ALSOIt is possible to expand the functionality of the seosd daemon bywriting programs at your site that use the APIs provided with TACF.

seosd Performance Considerations

248 Version 3.7

seoswdThe TACF watchdog daemon.

SYNOPSISseoswd

DESCRIPTIONThe TACF watchdog daemon is started automatically by the TACFagent daemon seagent. The watchdog daemon monitors the fileinformation and digital signatures of the programs that are defined inthe TACF database as trusted programs. The monitoring is performedin the background with a minimal load on the system.

The watchdog daemon performs the following functions:

¶ It monitors the programs that are defined in the PROGRAMclass of the TACF database. If seoswd detects that a programhas been modified, it notifies the seosd, the TACF authorizationdaemon. The TACF daemon marks the program as untrusted.The TACF daemon does not allow an untrusted program to beexecuted. The change in the program’s status to untrusted is alsomarked in the TACF database, and an audit record is created.

¶ It monitors files that are defined as secured files. These files aredefined in the SECFILE class in the TACF database.

¶ It monitors the TACF authorization daemon seosd to ensure it isrunning. If seoswd detects a problem with seosd, itautomatically restarts seosd.

The watchdog daemon uses the system log syslogd to notify thesecurity administrators when it detects that the TACFauthorization daemon has stopped responding. All system logmessages are submitted as AUTH facility. For more informationon the system log facility, refer to the system man pages underthe syslogd and syslog.conf sections.

¶ The watchdog daemon reports several events to the TACFauthorization daemon and creates audit records for programs andsecured files that have been found to be altered.

seoswd Utility


3.TA

CF

Utilities

Notes¶ The watchdog daemon is started automatically by seagent,

which in turn is started automatically by seosd.

¶ See “TACF Command Language” on page 1 to learn more aboutdefining trusted programs to TACF.

FILESThe seoswd watchdog daemon uses the seos.ini file. No otherspecial files are used.

The seoswd watchdog daemon uses the following tokens in theseos.ini file:

SectionToken

seoswdPgmTestInterval

PgmRest

RefreshParams

SecFileTestInterval

SecFileRest

SeosTimer

UseSnefru

seos SEOSPATH

SEE ALSOseagent, seaudit, seerrlog, selang, seosd, seretrust

seoswd Utility

250 Version 3.7

sepassSets a new password or replaces an existing password.

SYNOPSISsepass [–d] [–l] [userName]

DESCRIPTIONThe sepass utility changes user passwords. You may use sepass tochange your own password, or if you have required authorizationattributes, you may change the passwords of other users.

When changing your own password, sepass prompts you for yourold password. When changing the password of another user, sepassprompts you for your own password or the password of the userwhose password you are changing. In both cases, sepass thenprompts for the new password.

¶ If TACF password checking is enabled, sepass checks whetherthe new password complies with the password rules that are setin the TACF database. If the new password passes the qualitycheck, the user is again prompted for the new password.

¶ If TACF password checking is disabled, the user is immediatelyprompted again for the new password.

When the new password is entered for the second time, the twocopies of the new password are compared. If the copies are notidentical, the user is prompted again for the new password.

If the two new passwords are identical, the password is updated inthe following ways:

¶ The local host password files-/etc/passwd and any security filessuch as the password shadow file-and the local TACF databaseare updated, if the user is defined in them.

¶ If the token nis_env in the passwd section of the seos.ini filehas a value (either nis or nisplus), the NIS or NIS+ server isupdated. When a password is set on a master NIS server, theNIS password map is automatically reconstructed.

sepass Utility


3.TA

CF

Utilities

Notes¶ TACF must be installed and running on your system before you

can use sepass.

¶ If you do not supply the userName parameter, your own username is assumed.

¶ Passwords are stored and transferred over the network in anencrypted format.

¶ When a user changes another user’s password, sepass checkswhether the user who entered the sepass command is authorizedto change the specified user’s password. If the user indeed hassuch authority, the new password is set without first checkingthe quality of the new password. This is referred to as an adminchange of the password. In addition, the number of grace loginsfor the user whose password was changed is set to one. Thus,the user whose password was changed is permitted to log inonly once. The user must set a new password during thatsession.

The new password set by the user is subject to password qualitychecking and, when the new password is set, the user’s gracelogins setting is set in accordance with the rules defined in theTACF database. See “segrace” on page 192, on page “segrace”on page 192 for more information on the number of grace

logins remaining for a user. The sepass utility does not use theUNIX admin change option, that is, the UNIX automaticpassword expiration feature.

¶ If users have no grace logins left, segrace invokes the sepassutility, which requests that the users replace their passwords. See“segrace” on page 192, on page “segrace” on page 192 for moreinformation.

AuthorizationTo change the passwords of other users, you must have at least oneof the following attributes:

¶ A user with the ADMIN or PWMANAGER attribute can changethe password of any user.

sepass Utility

252 Version 3.7

¶ A user with the GROUP-ADMIN or GROUP-PWMANAGERattribute can change the password of any user within the scopeof the group; that is, the user with proper authority can changeuser profiles that are owned by the group.

¶ A user with MODIFY or PASSWORD authority in the TACF listof the USER record in the ADMIN class can change thepassword of any user.

¶ The owner of a user record can change the password of the userwho is defined by the record.

Arguments–d Instructs sepass to display all the information it has

regarding the password update such as on which stations theupdate succeeded and, if setoptions class+(PASSWORD)was not activated, that the password’s quality was notchecked. This switch is useful when debugging.

–h Prints the help screen.

–l Instructs sepass to replace the password only on the localstation, that is, in the local password file (usually/etc/passwd), security files, and the local TACF database.

In the NIS/NIS+ environments, users are not usually definedin the /etc/passwd file of the client; therefore, the passwordon the client station is not updated.

In NIS/NIS+ server stations, the password is updated locallyand propagated by NIS/NIS+.

–x Instructs sepass to replace the password as if changed by theuser (userName). This switch updates the time and date ofthe last change in the TACF database. Grace logins areterminated. If userName is omitted, your own password isset.

userNameThe name of the user whose password is being set. IfuserName is omitted, your own password is set.

sepass Utility


3.TA

CF

Utilities

NIS/NIS+In NIS and NIS+ environments, a user with the ADMIN attributecan only change the password of another user on the local stationbecause the administrator may not have the ADMIN attribute on theremote host.

In NIS and NIS+ environments, users are not usually defined in the/etc/passwd file of the client; therefore, the –l switch has no effect.

In NIS and NIS+ environments, users are usually defined in the/etc/passwd file of the server. The sepass utility updates the/etc/passwd file, the NIS maps, and NIS/NIS+ propagates the newpassword to its clients.

Return ValueOn success, the utility returns 0.

If password replacement does not entirely succeed, sepass returns anon-zero return code indicating where the password was replaced. Ifthe old password is wrong, a message is printed to the tty monitorand the TACF audit trail.

Setting Password Quality RulesBy default, TACF does not check a new password against thepassword quality rules. To activate password quality checking,invoke selang and enter the following command:setoptions class+(PASSWORD)

After activating password quality checking, every time a user’spassword is changed, the new password is checked against thepassword quality rules set in the database.

To view the current set of password rules, invoke selang and enterthe following command:setoptions list

The set of password quality rules contains the following parameters:

intervalMaximum life of password in days.

sepass NIS/NIS+

254 Version 3.7

min_lifeThe minimum number of days between password changes.

historyNumber of old passwords to store for each user.

length Minimum password length (number of characters).

alpha Minimum number of alphabetic characters, such as a, b, A,B.

alphanumMinimum number of alphanumeric characters, such as a, B,1.

numericMinimum number of numeric characters, such as 1, 2, 3.

lowercaseMinimum number of lowercase characters, such as a, b, c.

uppercaseMinimum number of uppercase characters, such as A, B, C.

specialMinimum number of special characters, such as $, %, ^.

max_repMaximum number of repetitive characters, such as aaa,bbbb.

grace Number of logins allowed after a password has expired.

oldpwchkThe new password is not contained in nor contains thepassword being changed.

namechkThe new password is not contained in nor contains the user’sname.

Examples for setoptionsTo set the system-wide password history value to 12, invoke selangand enter the following command:setoptions password(history(12))

sepass Setting Password Quality Rules


3.TA

CF

Utilities

To set the system-wide password interval to 30 days, invoke selangand enter the following command:setoptions password(interval(30))

To set any other password rule, invoke selang and enter thefollowing command:setoptions password(rules(length(..) numeric(..)..))

Note that more than one rule can be set in a setoptions command.

To deactivate password syntax checking and leave interval andhistory checking enabled, invoke selang and enter the followingcommand:setoptions password(rules–)

Defining a Password DictionaryThe password file is a target for cracking utilities. Cracking utilitiesuse dictionaries and encrypt the words in the dictionaries to findmatches in the password file. In order to avoid such an attack, youare encouraged to supply a custom dictionary that contains a list ofwords that are not to be used as passwords. To use the dictionarychecking mechanism, do the following:

1. Set the UseDict token in the passwd section of the seos.ini fileto yes.

2. Set the Dictionary token in the passwd section of the seos.inifile to the name of the file to be used as the dictionary. Usually,the dictionary file is called /usr/dict/words. To find the exactlocation of this file in your system, check the man page for theUNIX spell utility.

From now on, a new password cannot be a word that appears in thedictionary.

EXAMPLESThe sepass utility has to work in a variety of environments. Here aresome guidelines on how to use sepass in various situations.

1. To change your own password on the local host, enter thefollowing command:

sepass Examples for setoptions

256 Version 3.7

sepass –l

Note: In an NIS/NIS+ client, this switch does not change thepassword. In an NIS/NIS+ server, the password is changedand then propogated.

2. To change the password of any user other than yourself only onthe local host, enter the following command:sepass –l username

The user username must exist in the /etc/passwd file, theappropriate UNIX security files, and the TACF database.

In an NIS/NIS+ client, this switch does not change the password.In an NIS/NIS+ server, the password is changed and thenpropagated.

FILES

seos.ini FileThe sepass utility uses the following tokens in the seos.ini file.

SectionToken

passwdnis_env

NisPlus_server

DefaultPasswdCmd

sepass UseDict

Dictionary

Other FilesThe sepass utility uses the following additional special files:

¶ /etc/passwd

¶ On AIX platforms:

v /etc/security/limits

v /etc/security/passwd

sepass Defining a Password Dictionary


3.TA

CF

Utilities

v /etc/security/user

¶ /etc/shadow on Solaris and NCR platforms

¶ TCB files on HP-UX 10.xconfigured to use TCB

¶ /etc/secure.adjunct on SunOS platforms

sepass Utility in the seos.ini File

258 Version 3.7

sepropadmAdministers TACF database properties.

SYNOPSISsepropadm file

DESCRIPTIONThe sepropadm utility adds, updates, and deletes new properties tothe TACF database.TACF technical support personnel use this utility.The utility must be invoked from the directory in which the TACFdatabase resides, while the TACF daemons are not running. Theutility sepropadm is capable of adding only one property at a time.To enable use of these properties in selang commands, update thepaths of the user-defined property files in the property section of thelang.ini file. See “properties” on page 436 for more information.

Notes¶ Do not execute the sepropadm utility while the TACF daemons

are running.

¶ Do not use the sepropadm utility with a description file thatwas not certified by TACF support personnel.

Argumentfile A description file supplied by TACF support personnel. The

description file takes the following format:

Lines that begin with a semicolon (;) are comments and arenot processed.

There must be one line that begins with the hash symbol (#).This line must precede the description lines.

The description line must conform to the following format:CLASS=%s PROPERTY=%s TYPE=%d SIZE=%d FLAGS=%x

The description line to update a new property must conform to thefollowing format:CLASS=%s OBJECT=%s PROPERTY=%s VALUE=%s

sepropadm Utility


3.TA

CF

Utilities

The description line to delete a new property must conform to thefollowing format:CLASS=%s PROPERTY=%S

EXAMPLESThe following is a sample description file:#TACF database add property patch utility;Format is:CLASS=PROGRAM PROPERTY=SNEFRU TYPE=29 SIZE=32 FLAGS=0

FILESThe TACF database files are used. No other special files are used.

SEE ALSOdbdump, dbutil, rdbdump, seclassadm, secredb

sepropadm Utility

260 Version 3.7

sepurgdbPurges the TACF database of references to undefined records.

SYNOPSISsepurgdb filePath

DESCRIPTIONThe sepurgdb utility searches the entire TACF database forreferences to undefined records and then deletes those referencesfrom the database, thereby reducing the size of the database.

WARNINGSBack up the TACF database before you use sepurgdb.

Do not use this program while the TACF daemons arerunning.

Notes¶ When a record is deleted, references to it in lists such as ACLs

or lists of group membership are usually left as is to reduceprocessing time. This does not cause any problems, becauseTACF assigns a previously unused, unique ID to each newrecord. The only reason for using this utility is to free up somedisk space.

¶ To run the sepurgdb utility, you must be root.

¶ The sepurgdb utility must be invoked from the directory thatcontains the TACF database files.

¶ The TACF database management system uses preallocated diskspace. It is therefore normal after purging the database for thesize of the database file to remain little changed. When the sizeof the database is later increased, the file size may remain littlechanged, again because of the preallocation.

ArgumentfilePath

The filePath specifies the file name to use for the log files.The sepurgdb utility creates the following two log files:

sepurgdb Utility


3.TA

CF

Utilities

¶ filePath.err contains a log of errors encountered

¶ filePath.log contains a log of actions taken

You can merge the two logs and output them to the standardoutput by specifying a minus sign (–) for filePath.

sepurgdb Utility

262 Version 3.7

sereportProvides reports of database and policy model information that canbe viewed with a web browser.

SYNOPSISsereport [-f | -file pathname] -r | -report number [-h help] [-hosthostname]

DESCRIPTIONThe sereport utility provides you with a variety of reports. You canview the sereport output with a web browser. The sereport utilityoperates on the current database used by the authorization daemon.The following table lists the reports that sereport can generate. Youcan customize the reports by editing the token values in theappropriate section of the sereport configuration file. The table alsoidentifies which section of the configuration file corresponds to eachreport and the tokens that are valid for that report or section.

ReportNumber

Title andDescription

Configuration FileSection

Token

Report 1 AdministrativePrivileges Displayspecifiedadministrativeprivileges of users.

admin_report Object_patternUser_ModeHostnameReport_place

Report 2 Login LimitationDisplay loginlimitations of users.

disablelogins_report Object_patternUser_ModeHostnameReport_place Properties

Report 3 Dormant AccountsDisplay inactiveaccounts by date(days).

dormant_report Object_patternHostnameReport_placeDormant_account

Report 4 Last login Displaylast login date ofuser.

login_report Object_patternUser_ModeHostnameReport_place

sereport Utility


3.TA

CF

Utilities

ReportNumber



Token

Report 5 Password ChangeDisplay list of userswhose passwordsmust be changedwithin a specifiednumber of days.

passwd_report Object_patternUser_ModeHostnameDays_to_changeReport_place

Report 6 Warning ModeDisplay resourceswith objects inwarning mode.

warning_report Class_NameObject_patternHostnameReport_place

Report 7 Untrusted ProgramsDisplay programs inuntrusted mode.

untrust_report Object_patternHostnameReport_place

Report 8 Users’ PrivilegeAccess Rights Showaccess privileges ofusers to specifiedresources.

accessor_report Class_NameObject_patternHostnameAccessorReport_place

Report 9 Compareusers/groups indatabases Displayusers and groups thatare defined in somebut not all databases.

grp_usr_compare Object_patternHostnameReport_place

Report 10 Compare ProtectedResources Displaywhether resources aredefined in thespecified databases.

res_compare Class_nameObject_patternHostnameReport_place

Report 11 Compare AccessRights Display thedifferences inresource restrictionsbetween a policymodel and asubscriber database.

acc_compare Class_NameObject_patternHostnameReport_place

sereport Utility

264 Version 3.7

ReportNumber



Token

Report 12 Compare Users’Information Displaydetailed differences inuser definitionsbetween a policymodel and asubscriber database.

usr_compare Object_patternHostnameReport_place Properties

Report 13 Compare Pmdb andSubscriber Displaydetailed differencesbetween a policymodel and asubscriber database.

pmdb_compare Class_NameObject_patternHostnameReport_place

The following table describes each of the tokens. The configurationfile contains additional information on the tokens.

Tokens Meaning

Accessor The pattern (mask) for accessor selection.Use * to select all accessors.

Class_Name A list of classes.

Days_to_Change The number of days left until the user isrequired to change passwords.

Dormant_account The period the account is to be considereddormant.

Hostname A list of hosts from which the date isretrieved.

Objects_pattern The pattern (mask) for object selection Use *to select all objects.

Properties Attributes associated with the objects.

Report_place The full path location where the report willbe printed.

User_Mode A list of user modes, separated by commas.

Title Used to select the color of the report title.

sereport Utility


3.TA

CF

Utilities

Tokens Meaning

class_title Used to select color of the report class_title.

background Used to select the color of the title report’sbackground.

logo Creates the logo. The background and logomust be written in full path. The *.jpg filesare by default in (prodname path)/data/reports.

Notes¶ To query the sereport utility, you need read privileges in all

queried TACF databases.

¶ The TACF install creates the configuration file/usr/seos/etc/sereport.cfg by default.

¶ You need Netscape or some other web browser to benefit fromsereport.

¶ To compare a policy model with a subscriber, you must enter thepolicy model name first in reports 11,12, and 13. You can alsouse these reports to compare two databases.

¶ To use sereport, you must complete the following steps:

1. Set the relevant tokens in the relevant section of theconfiguration file, as described in the Token Descriptiontable.

2. Run the utility by entering the following command:/usr/seos/bin/sereport -f

<full path> You have the option of writing [-host list ofhosts]

3. Go to Netscape or another web browser.

4. Open the file you designated in thereport_place

sereport Utility

266 Version 3.7

token in the sereport cfg file. You can retrieve the reportfrom this file.

Arguments-r number

Chooses the report number to display.

-f pathnameThe full path of the configuration file. If you do not use the-f option, sereport uses the file /usr/seos/etc/sereport.cfg asa default.

–h Show help.

[-host hostnames]The names of the hosts on which you want to report. Thistoken is optional, and if you do not select it, the sereportutility takes the host from the configuration file.

sereport Utility


3.TA

CF

Utilities

seretrustGenerates the TACF commands that are required to retrust programsand secured files.

SYNOPSISseretrust [command] [path]

seretrust [–h] | [–l ] [–s | –p] [base_path]

The command is an argument that consists of a dash (–) followed bya letter that specifies the action to take.

DESCRIPTIONPrograms with setuid and setgid bits are stored in the TACFdatabase with their full descriptions, including their i-node values. Ifthe system is restored from backups, the programs occupy differenti-nodes. TACF detects the mismatch between the i-nodes and marksall the trusted programs as untrusted. The seretrust utility locates thetrusted programs that are defined in the TACF database and updatestheir i-node values, so that when you invoke TACF, the trustedprograms remain trusted.

Notes¶ If no switches are specified, both trusted programs and files are

processed.

¶ The program generates a script that contains the commands thatare required to retrust every trusted program and secured file inthe TACF database.

¶ The output is directed to the standard output device. To directthe output to a file, use the redirection commands.

¶ If the –l parameter is omitted, seretrust fetches the list ofprograms and files to be retrusted from the TACF daemon.


seretrust Utility

268 Version 3.7

–l Extracts information about the programs and files from theTACF database in the current directory.

–p Processes records in the PROGRAM class only.

–s Processes records in the SECFILE class only.

path The base path to be processed. The specified directory andall subdirectories are processed. If no path is specified, theroot path (/) is used.

EXAMPLESTo create a script file that can be used to retrust both program andsecurity files, issue the following commands:

1. Log in as a TACF database administrator.

2. Issue the seretrust command:seretrust > Retrust_script_name

Both trusted programs and secured files are processed because noswitches are specified and the root path is used because no basepath is specified.

3. The seretrust utility displays the following information on thescreen after the command shown in Step 2 is issued:Retrusting PROGRAMs & SPECFILEs, Base path = /Total of 0 entries retrusted. (Class=SECFILE)Total of 16 entities retrusted. (class=PROGRAM)

The following is the contents of the script that would be createdafter you issue the seretrust command as shown in Step 3:cr PROGRAM /usr/bin/chgrpmem trustcr PROGRAM /usr/bin/chie trustcr PROGRAM /usr/bin/crontab trustcr PROGRAM /usr/bin/cu trustcr PROGRAM /usr/bin/ecs trustcr PROGRAM /usr/bin/newgrp trustcr PROGRAM /usr/bin/rmquedev trustcr PROGRAM /usr/bin/rsh trustcr PROGRAM /usr/bin/sysck trustcr PROGRAM /usr/bin/uuname trustcr PROGRAM /usr/lib/methods/showled trustcr PROGRAM /usr/lib/mh/post trustcr PROGRAM /usr/lib/mh/slocal trust

seretrust Utility


3.TA

CF

Utilities

cr PROGRAM /usr/lpp/X11/bin/xlock trustcr PROGRAM /usr/lpp/X11/bin/xterm trustcr PROGRAM /usr/sbin/chvirprt trust

1. To retrust the programs and files, issue the following command:selang –f Retrust_script_name

seretrust Utility

270 Version 3.7

serevuRevokes users after a series of failed attempts to log in.

SYNOPSISserevu [ daemon | nodaemon ] [options]

DESCRIPTIONThe serevu utility disables the login of users who have had aspecified number of failed logins during a specified period of time.Depending on your specifications, it may disable, report, or ignorethe user. By default it disables the user in the UNIX environment ofthe local station. If no such user exists locally, serevu checks theNIS information to find the user. It checks if the user accounts to bedisabled are defined in the local host or in NIS.

If the users are local, serevu adds an asterisk before the users’passwords to disable them. To enable disabled user accounts, serevudeletes the asterisk.

If the users are from NIS or cannot be found in the /etc/passwd file,serevu disables them by adding the users to the local /etc/passwdfile with the invalid password *NO_PASSWORD*. The serevuutility enables NIS and undefined users by deleting them from thelocal /etc/passwd file.

After users are enabled by serevu, they must select new passwords.

TACF database administrators can use the senable utility to enableaccounts that were disabled by serevu by using the senable utility.

Even if root should be disabled according to the criteria of theutility, serevu does not disable the user root but does send warningmessages to the system log and trace.

By editing the configuration file of serevu, a user with the ADMINattribute can customize the action serevu takes for a specific user orfor groups of users.

serevu Utility


3.TA

CF

Utilities

A user may execute a kill command to serevu. When this happens,the utility intercepts the kill command and saves a list of all thedisabled user accounts in the file that is specified in thesave_disable_path token in the serevu section in the seos.ini file.Only then does serevu terminate.

Messages from serevu are sent to the following locations:

LocationTypes of Messages

system logStart messages and their parameters. Each time user accountsare enabled or disabled. Warnings of undefined users.

These types of events are called LOG_NOTICE.

Warnings of multiple root login attempts. This type of eventis called LOG_WARNING.

TACF trace fileEach time user accounts are enabled or disabled. Warningsof undefined users.

TACF audit fileEvery failed login. Each time user accounts are enabled ordisabled.

Starting the Serevu Commandserevu is normally run by root. Other users can run serevu invarious ways:

¶ If root has ADMIN status, they can authorize another user toinvoke serevu by defining a sesudo job. The seos.ini file doesnot need to be changed.

¶ If root does not have the ADMIN property, you can still set upanother user to run serevu. The following steps illustrate thisprocess:

1. Give the user Admin status.

2. Give the user Write permission to the terminals.

serevu Utility

272 Version 3.7

3. Give the user Read, Write, and Create permissions to the/usr/seos/etc/serevu.cfg files.

4. Add the line /usr/seos/bin/serevu to the/usr/seos/etc/loginpgms.init file.

The user can now start serevu from a command line in either oftwo ways:

1. By defining a sesudo job invoking serevu in the UNIXenvironment.

2. By using the su command to become root, and theninvoking serevu.

¶ As root, you can also start serevu at bootup without anyonehaving to enter the serevu command. In this case, there is noneed to define a sesudo job.

Notes¶ For Solaris 2.6 and higher, you must use the TACF Pluggable

Authentication Module (PAM) in order for serevu to detectfailed logins. See the pam_seos man page for more informationon TACF PAM support.

¶ To disable users on NIS clients running TACF, the NIS servermust also be running TACF, and the NIS client must haveauthorized TERMINAL access through TACF on the NIS server.However, the user who is being locked out does not have tohave a USER record on the NIS server or client.

¶ If serevu is reinstating a user and finds that the user has alreadybeen reinstated by some other means, the utility leaves the user’sentry alone.

¶ The utility does not disable undefined users. However, serevusends a warning to the system log and trace.

¶ The user root must have write access to the file /etc/passwd forserevu to work properly.

Starting the serevu Command


3.TA

CF

Utilities

Argumentsdaemon

The utility is made into a daemon. This is the default value.

nodaemonThe utility remains a regular process.

Options

–d [dd | FOREVER]Specifies the disable time. Use the suffix m for minutes,h for hours, d for days, or w for weeks. For seconds, useno suffix. The disable time is the period of time, inseconds, for which the user’s login is disabled. IfFOREVER is specified, the user account is disabled foran indefinite period of time.

–f nn Specifies the number of failed logins. The accounts ofusers who reach this number of failed logins over thespecified time period are disabled. For Solaris stations,this value must always be five (5).


–s ss Specifies the period of time, in seconds, the utility scansfor failed logins. If the scan period is 300 seconds (thedefault value in the seos.ini file), serevu searches forfailed logins that occurred during the prior 300 seconds.

–t tt Specifies the elapsed time in seconds between successiveserevu checks.

FILES

seos.ini FileThe tokens that serevu uses are in the serevu section of the seos.inifile. These tokens and their default values are:

admin_user The name of the user who will be considered to beperforming the work of serevu. Specify a user withthe ADMIN property. This user has write permissionto the terminals, and Read, Write, and Create

Starting the serevu Command

274 Version 3.7

permission to the /usr/seos/etc/serevu.cfg files. Youmay want to specify a user who cannot log in.

config_file Location of the serevu configuration file. The defaultvalue is /usr/seos/etc/serevu.cfg.

def_fail_countNumber of failed logins for each time period. Thedefault value is 5.

def_disable_timeThe period of time a user account is disabled. Thedefault value is 6 minutes.

def_sleep_timeThe time between serevu checks. The default valueis 2 minutes.

def_diff_time The length of time serevu accumulates failed logins.The default value is 5 minutes.

save_disable_pathLocation of the disabled user accounts list whenserevu goes down. The default value is/usr/seos/log/serevu_disable.users.

The amount of time a user account is disabled cannot be less thanthe amount of time between serevu scans. The amount of time auser account is disabled should be a multiple of the time betweenserevu scans.

For Solaris, serevu uses the shadow file to disable and enable users.The name of the shadow file is located in the token YpServerSecurein the passwd section of the seos.ini file. It is recommended that thevalue of the token def_fail_count should always be five, which isthe default value.

Other FilesIn case serevu fails, serevu saves the names of the user accounts ithas disabled in a special file. The default value in mostenvironments is /usr/seos/log/serevu_disable.users.

serevu Utility in the seos.ini File


3.TA

CF

Utilities

serevu scans the following files to determine when a failed loginoccurs:

AIX /etc/security/failedlogin

HP-UX/etc/btmp

Solaris/var/adm/loginlog

The serevu.cfg file is used to customize the activity of serevu. Youcan select the following:

¶ Where messages regarding disabled user accounts should be sent

¶ In which environments user accounts will be disabled

¶ Which users or groups of users will be singled out for specificprocessing

This file is usually in the /usr/seos/etc directory and is in thefollowing format:userName,action,time

The components of the line are:

userNameA name or mask that identifies the names of the specifiedusers. You can specify a user’s complete name or use thestandard TACF wildcards. See “String Matching” onpage 441 to see how TACF performs string matching.

action May be one of the values in the following:

AUDITFor each user account that is disabled, send amessage to the audit log file.

DSECUOnly disable the user in the TACF database of thelocal station.


276 Version 3.7

DUNIXOnly disable the user in the UNIX environment ofthe local station. This is the default action of serevu.

NONEDo not disable this user and do not record failedlogins.

SYSLOGFor each user account that is disabled, only send amessage to the system log.

TRACEFor each user account that is disabled, only send amessage to the system trace.

time A value containing a number specifying the amount of timein seconds, minutes, hours, days, or weeks that the useraccount is to be disabled. time may also contain the valueFOREVER if the user is not to be automatically enabledafter a certain period of time. This variable can only be usedwith the actions DSECU and DUNIX.

If time represents:

secondsThe number stands alone.

minutesThe number must be followed by m.

hours The number must be followed by h.

days The number must be followed by d.

weeks The number must be followed by w.

EXAMPLESTo disable users whose names begin with acct in the UNIXenvironment of the local station for 30 minutes and to send messagesonly to the TACF trace file, enter:acct*,DUNIX,30macct*,TRACETo prevent user accounts whose names begin with mgmt from being disabled, enter -

mgmt*,NONE



3.TA

CF

Utilities

SEE ALSOseaudit, senable


278 Version 3.7

sesuTACF version of the UNIX su command.

SYNOPSISsesu [[ –h ] | [ – [targetUser]] [ –c command]] [name]

DESCRIPTIONThe sesu utility provides a transparent su command that does notrequire the user to provide the password of the substituted user. Theauthorization process is based on the TACF access rules as definedin class SURROGATE and, optionally, on the password of the userwho executes the command.

Notes¶ This command should not be used during the implementation

period until all users are defined to the TACF database. Thisprevents you from opening up the entire system to users who arenot defined to TACF.

¶ If the TACF authorization server is not found, the programexecutes the system’s standard su command.

¶ The default target user is root.

¶ If /etc/shells exist, sesu does not allow su to root unless theshell is specified in that file.

AuthorizationTo protect against inadvertent use of this program, it is marked inthe file system so that no one can run it. The security administratormust mark the program as executable and setuid to root before theauthorization program can be used.

Arguments– [targetUser]

Sets the environment to the environment of the target user.This option can be specified with the –c option. If specifiedwith –c, – must be followed by targetUser. If specifiedalone, it sets the user ID to root and the environment to theroot environment.

sesu Utility


3.TA

CF

Utilities

–c commandThe utility only executes the command specified. This optionmay be specified with the – option.


name The ID associated with the session is changed to the IDspecified by the parameter name.

EXAMPLES1. The following command changes the user ID to root. The

environment remains the environment of the user who executedthe command.sesu

2. The following command changes the user ID to root. The utilitychanges the environment to root’s environment.sesu –

3. The following command surrogates to the user John:sesu John

4. The following command surrogates to the user Carol andexecutes the specified command, ls –la, from the specifieddirectory and path.sesu – Carol –c "ls –la /home/carol"

FILES

seos.ini FileThe sesu utility uses the following tokens in the sesu section of theseos.ini file:

¶ FilterEnv

¶ UseInvokerPassword

¶ Path

¶ AlwaysTargetShell

¶ SystemSu


sesu Utility

280 Version 3.7

Other FilesThe sesu utility uses the following other special files:

¶ /etc/passwd

¶ /etc/group

¶ /etc/shells

sesu Utility


3.TA

CF

Utilities

sesudoExecutes commands that require superuser authority on behalf of aregular user.

SYNOPSISsesudo [[ –h ] | [command [parameters]]

DESCRIPTIONThe sesudo command borrows the permissions of another user(known as the target user) to perform one or more commands. Thisenables regular users to perform actions that require superuserauthority, such as the mount command. The rules governing theuser’s authority to perform the command are defined in the SUDOclass.

Notes¶ You must define the access rules for the user in the SUDO class.

The definition may specify commands that the user can use andcommands that the user is prohibited from using.

¶ The output depends on the command that is being executed.Error messages are sent to the standard error device (stderr),usually defined as the terminal screen.

¶ To execute the sudo command, the user should specify thefollowing command at the UNIX shell prompt:sesudo profile_name

¶ You can choose whether the command is displayed before it isexecuted. The default value is that commands are not displayed.To display commands, change the value in the echo_commandtoken in the sesudo section of the seos.ini file.


command [parameters]Specifies the command that is to be performed onbehalf of the user. The command name must be the

sesudo Utility

282 Version 3.7

name of a record in the SUDO class. Multipleparameters can be specified, provided they areseparated by spaces.

Prerequisites: Define SUDO CommandsSeveral steps must be performed before it is possible to use thesesudo command. The first step needs to be done only once. Othersteps need to be done every time a new user is given the authority toexecute the sesudo command, or every time a new profile is definedin the SUDO class.

1. Define the sesudo program as a trusted setuid program ownedby root. This step only needs to be done once per TACFinstallation. The format of the command is:newres PROGRAM /usr/seos/bin/sesudo defaccess(NONE)

2. Give a user the authority to execute the sesudo program. Do thisonce for every user who is entitled to this authority. The formatof the command is:authorize PROGRAM /usr/seos/bin/sesudo/uid(user_name)

3. Permit the user to surrogate to the target user using the sesudoprogram. Do this for every user who should have this authority,and do it for every target user ID that you want to makeavailable to the user. The format of the command is:authorize SURROGATE USER.root uid(user_name) \via(pgm(/usr/seos/bin/sesudo))

4. Define new records in the SUDO class for every command to beexecuted by users. For each command script, you can definepermitted and forbidden parameters, permitted users, andpassword protection. If no parameters are specified as permittedor prohibited, then all parameters are permitted. The format ofthe command is:newres SUDO profile_name \data(’cmd[;[prohibited-params][;permitted-params]]’)

A command can have prohibited and permitted parameters foreach operand. The prohibited parameters and the permittedparameters for each operand are separated by the pipe symbol (|).The format is:

sesudo Utility


3.TA

CF

Utilities

newres SUDO profile_name \data(’cmd;pro1|pro2|...|proN;per1|per2|...|perN’)

sesudo checks each parameter entered by the user in thefollowing manner:

a. Test if parameter number N matches permitted parameter N.(If permitted parameter N does not exist, the last permittedparameter is used.)

b. Test if parameter number N matches prohibited parameter N.(If prohibited parameter N does not exist, the last prohibitedparameter is used.)

Only if all the parameters match permitted parameters, and nonematch prohibited parameters, does sesudo execute the command.

5. Permit the user to access the profile that has been defined in theSUDO class. Do this for every profile a user should be able toaccess. The format of the command is:authorize SUDO profile_name uid(user_name)

If defacess is none, specify each user who is granted permissionwith the authorize command. If defaccess is not set otherwise,use the authorize command to specify each user to whom accessis forbidden.

6. The sesudo command can display the command before executingit. Display depends on the value in the echo_command token inthe [sesudo] section of the seos.ini file. The default value callsfor no display, but the value can be changed.

7. The output of the sesudo command depends on the commandbeing performed. Error messages are sent to the standard errordevice (stderr), usually defined as the terminal’s screen.

SUDO Record: Parameters and VariablesThe special parameters used in connection with the SUDO record areexplained in the following list:

profile_name The name the security administrator gives to thesuperuser command.

Defining SUDO Commands

284 Version 3.7

cmd The superuser command that a normal user canexecute.

prohibited parametersThe parameters that you prohibit the regular userfrom invoking. These parameters may containpatterns or variables.

permitted parametersThe parameters that you specifically allow theregular user to invoke. These parameters may containpatterns or variables.

Prohibited and permitted parameters may also contain variables asdescribed in the following list:

$A Alphabetic value

$G Existing TACF group name

$H Home path pattern of the user

$N Numeric value

$O Executor’s user name

$U Existing TACF user name

$f Existing file name

$g Existing UNIX group name

$h Existing host name

$r Existing UNIX file name with UNIX read permission

$u Existing UNIX user name

$w Existing UNIX file name with UNIX write permission

$x Existing UNIX file name with UNIX exec permission

Return ValueEach time the sesudo command runs, it returns one of the followingvalues:

–2 Target user not found, or command interrupted

Defining SUDO Commands


3.TA

CF

Utilities

–1 Password error

0 Execution successful

10 Problem with usage of parameters

20 Target user error

30 Authorization error

EXAMPLES1. If you do not allow any parameters, define the profile in the

following way:newres SUDO profile_name data(’cmd;*’)

2. If you want to allow the user to invoke the name parameter, dothe following:newres SUDO profile_name data(’cmd;;NAME’)

In the previous example, the only parameter the user can enter isNAME.

3. If you want to prevent the user from using –9 and –HUP but youpermit the user to use all other parameters, do the following:newres SUDO profile_name data(’cmd;–9 –HUP;*’)

4. If there are two prohibited parameters, the first is the UNIX username and the second is the UNIX group name, and there are twopermitted parameters, the first can be numeric and the secondcan be alphabetic, enter the following:newres SUDO profile_name \data(’cmd;$u | $g ;$N | $A’)

The user cannot enter the UNIX user name, but can enter anumeric parameter for the first operand; and the user cannotenter the UNIX group name but can enter an alphabeticparameter for the second operand.

5. If there are several prohibited parameters for several operands inthe command, enter the following:newres SUDO profile_name \data(‘cmd;pro1 pro2 | pro3 pro4 | pro5 pro6’)

Return Value

286 Version 3.7

pro1 and pro2 are the prohibited parameters of the first operandof the command; pro3 and pro4 are the prohibited parameters ofthe second operand of the command; and pro5 and pro6 are theprohibited parameters of the third operand of the command.

Return Value


3.TA

CF

Utilities

seuidpgmExtracts trusted programs.

SYNOPSISseuidpgm command [parameters] startDir [–x excludeDir ...]

The command is an argument that consists of a dash (–) followed bya letter that specifies the action to take. The parameters qualify theaction by specifying the objects on which to take the action.

DESCRIPTIONThe seuidpgm utility extracts all the programs that have theSet-User-ID bit or the Set-Group-ID bit set on. The seuidpgm utilitytraverses a file system and creates the TACF commands for addingthese programs to the PROGRAM class.

The seuidpgm utility creates the commands in the TACF commandlanguage and writes them to the standard output. Use a pipeline tothe selang utility, or redirect the output to a file. It is recommendedthat you redirect the output to a file because then you can edit theoutput to remove unwanted programs or add additional programs.Take advantage of this procedure to search for undesirable setuidprograms in the system.

The seuidpgm program descends through the paths specified at thecommand line to all subdirectories of the starting path. Multiple startpaths are allowed.

Any number of options can be specified. When specifying more thanone option, separate the options with spaces.

If a program is a setuid program and has write access, the seuidpgmutility treats the program like all other setuid programs but alsosends a warning to standard-error.

Notes¶ If you wish to scan your file system from some directories only

(and not from the root directory) and you wish to use the –l

seuidpgm Utility

288 Version 3.7

option, use multiple starting paths at the command line;otherwise the –l option may be inefficient.

¶ It is recommended that you run the UxImport utility to defineusers and groups before running the seuidpgm utility. However,if you have not run UxImport, you can use seuidpgm withoptions –g and –u to define groups and users.

Arguments–d Automatically creates entries for the setuid and setgid

programs in class PROGRAM with defaccess executeinstead of analyzing the file permissions in UNIX todetermine the permitted file access. In some cases, onesetuid or setgid program executes another setuid or setgidprogram. If this option is not used, the program trying toexecute the setuid or setgid program will not be able toexecute it. Using this option is recommended.

–f Creates rules for both the FILE and PROGRAM classes.

–g Creates GROUP records for setgid programs. If you havealready run the utility UxImport, do not use this option; ifyou have not run UxImport, use this option.

–l Disables adding Hard-Links programs-disables adding thesame program to the database when the program exists intwo different names in the file system and is Hard-Linked tothe same i-node number. Using this option is recommended.

–n Does not traverse NFS at all. Using this option isrecommended.

–o Writes the file names to the standard output but does notcreate selang commands.

–p Enables setuid programs from NFS directories only whenthe mount table allows setuid from that mounted file system.

–q Runs the utility in quiet mode-error messages are not sent tostandard error.

seuidpgm Utility


3.TA

CF

Utilities

–s Creates SECFILE records instead of PROGRAM records.Using this option causes setuid programs to be onlymonitored.

–u Creates USER records for setuid programs. If you havealready run the utility UxImport, do not use this option; ifyou have not run UxImport, use this option.

–x excludeDirExcludes a directory from the tree. The specified directory isnot searched for setuid and setgid programs. This optionmust be the last option specified in the command line. Youmust enter the full path of the directory to be excluded. Toexclude more than one directory, repeat the –x option foreach directory.

startDirSpecifies the name of the directory at which seuidpgmshould start looking for setuid and setgid programs. Theseuidpgm program descends through the paths specified toall subdirectories of the starting path. You may specify morethan one startDir.

EXAMPLES1. The following command prints TACF commands to add all

programs with Set-User-ID or Set-Group-ID bit turned on, withdefaccess execute, checking for duplicate names or the samei-node, in quiet mode, and without passing through NFS. Theprogram scans from directory /usr and its subdirectories,directory /var and its subdirectories, and directory /etc and itssubdirectories. Output is directed to the file seprogs.seos in yourhome directory.seuidpgm –dlqn /usr /var /etc > x/seprogs.seos

The output should look something like this:## *************************************************## seuidpgm List Sun Feb 9 14:24:16 1997## Start Path= /usr## ************************************************

seuidpgm Utility

290 Version 3.7

nr PROGRAM /usr/lpp/bos/inst_root/lpp/inu_LOCK defaccess(EXEC)nr PROGRAM /usr/lpp/X11/bin/xlock defaccess(EXEC)nr PROGRAM /usr/bin/setsenv defaccess(EXEC)nr PROGRAM /usr/bin/shell defaccess(EXEC)nr PROGRAM /usr/bin/su defaccess(EXEC)nr PROGRAM /usr/bin/sysck defaccess(EXEC)nr PROGRAM /usr/bin/tcbck defaccess(EXEC)nr PROGRAM /usr/bin/usrck defaccess(EXEC)nr PROGRAM /usr/bin/vmstat defaccess(EXEC)

2. The following command scans the root directory and all itssubdirectories except the /home directory:seuidpgm –qln / –x /home

FILESThe seuidpgm utility does not use the seos.ini file. It uses thefollowing files:

¶ /etc/passwd

¶ /etc/group

¶ The system mount-table file

SEE ALSOselang, seosd, seoswd, UxImport

seuidpgm Utility


3.TA

CF

Utilities

seversionDisplays the version information of a TACF program module.

SYNOPSISseversion { –h | command [module]}

The command is an argument that consists of a dash (–) followed bya letter that specifies the action to take.

DESCRIPTIONThe seversion utility displays information regarding the version of aTACF module. The following data can be displayed:

¶ The global and minor version numbers

¶ The date and time the module was compiled

¶ The station the module was compiled on

¶ The file’s SNEFRU digital signature

Arguments–a Displays the requested information in the format of a table.

–c Displays the requested information in the extended tableformat. This displays all the information of the original tableformat, but also includes type information for the module.Also, for executables, information regarding linked librariesis displayed.

–g Displays only the global version number. Titles are omitted.


–m Displays only the minor version number. Titles are omitted.

–s Displays only the SNEFRU number. Titles are omitted.(SNEFRU is the digital signature of objects in thePROGRAM and SECFILE classes.)

–t Displays only the module type. Titles are omitted.

seversion Utility

292 Version 3.7

moduleThe name of the module whose version information youwant to display.

EXAMPLESTo display the version information for the sesudo utility, use thefollowing command:seversion /usr/seos/bin/sesudo

The following information is displayed:TACF SeVersion v2.50c (2.51) - Display Module’s VersionCopyright (c) 1995-1998 Tivoli Systems Inc.Portions of Tivoli-Access-Control-FacilityCopyright (c) by MEMCO Software Ltd.

Running Under: SUN Solaris

File Name : usr/seos/bin/sesudoVersion : 2.50c (2.52)Created : Aug 25 1999 16:42:48OS Info : Solaris 26SNEFRU : 6CFFAC05FBEB59C2MD5 : AC6777CF339A197EB4DBD69CD0872276

seversion Utility


3.TA

CF

Utilities

sewhoamiDisplays the user’s user ID and other security credentials.

SYNOPSISsewhoami options

DESCRIPTIONThe sewhoami utility displays the user name as it is known to theTACF authorization daemon. The sewhoami utility is similar to thewhoami utility provided by the UNIX system, but it producesdifferent and often more useful information. If the user executes ansu command, the whoami utility displays the user name according tothe user ID acquired after executing the su command. If the userexecutes an su command and then executes sewhoami, the TACFutility displays the original login ID of the user. The sewhoamiutility also displays authorization information.

Arguments–a Displays the user’s credentials, that is, the contents of the

user’s accessor environment element (ACEE).

–d –debugDisplays the ACEE handle associated with the user and thehandle’s name in the TACF database.

SEE ALSOsesu, su

sewhoami Utility

294 Version 3.7

UxImportExtracts UNIX users, groups, and hosts from the UNIX operatingsystem.

SYNOPSISUxImport command [options]

The command is an argument that consists of a dash (–) followed bya letter that specifies the action to take. The options qualify theaction by providing additional information.

DESCRIPTIONThe UxImport utility extracts information from the UNIX operatingsystem about the defined users, groups, and hosts and TCP services.Information is extracted from NIS, if NIS is installed. DNS supportis also provided. The UxImport utility should be used as part of theinstallation procedure. The extracted information is automaticallyprocessed to generate TACF commands that can be used to add usersand groups to the TACF database. The generated commands areprinted to the standard output. Use redirection to a file or pipeline tothe utility selang.

Arguments–a Generates the TACF commands required to import users,

groups, and hosts, and to join users to their default groups.

–c Generates the TACF commands required to explicitly joinusers to their default groups.

Note: If groups are also imported via the –g option, thecommands are generated to join users to the groups towhich they are explicitly linked.

–g Generates the following two types of TACF commands:

¶ Commands required to import groups from UNIX andNIS to the TACF database

¶ Commands to link users to the groups to which they areexplicitly linked

uxlmport Utility


3.TA

CF

Utilities

This switch does not generate commands to link users totheir default groups.

–h Generates the TACF commands required to import hostsfrom UNIX and NIS to the TACF database. UxImportextracts host information from the file /etc/hosts and fromNIS and builds HOST resources. For each host entry in thefile /etc/hosts or extracted from NIS, the appropriate newrescommand is built and permission to receive any TCP serviceis assigned to that host.

In addition, DNS is supported via the –d option. In somemachines, information from the file /etc/hosts and NIS isignored if the DNS daemon is running. In Solaris, theinformation gathered depends on the configuration of thesystem in the file /etc/nsswitch.conf.

–t Generates the commands required to import terminal rulesfrom UNIX and NIS to the TACF database.

UxImport extracts host information from the file /etc/hostsand from NIS and builds TERMINAL resources. For eachentry in /etc/hosts or extracted from NIS, the appropriatenewres TERMINAL command is built and permission to login from the terminal is granted.

In addition, DNS is supported via the –d option. In somemachines, information from /etc/hosts and NIS is ignored ifthe DNS daemon named is running. In Solaris, theinformation gathered depends on the configuration of thesystem in the file /etc/nsswitch.conf.

–T Generates the TACF commands required to import TCPservices from UNIX and NIS to the TACF database. Thenames are set according to gecos in UNIX. The names aretruncated to 40 characters if they are longer.

–u Generates the TACF commands required to import usersfrom UNIX and NIS to the TACF database. The names areset according to gecos in UNIX. The names are truncated to40 characters if they are longer.

uxlmport Utility

296 Version 3.7

Options

–o ownerSets ownership rules for each record and specifies the name ofthe user or group to be assigned ownership of all records definedby UxImport. Tivoli recommends that you use this flag toprevent root from automatically becoming the owner of all therecords. The –o option must be followed by owner.

–pr groupNameAssigns a profile group to users. If groupName is specified,TACF uses that group when building a user’s profile; otherwise,TACF uses the primary UNIX group.

–U Creates SURROGATE class rules for users. The UxImportfunction adds a record to class SURROGATE for each user itdefines, thus making SURROGATE requests protected resources.It also adds rules so that root can surrogate to each of the users.

–d Specifies the user of DNS for generating the list of hosts andterminals to import. Must be accompanied by the –hor –targument.

–G Creates SURROGATE class rules for groups. The UxImportfunction adds a record to class SURROGATE for each group itdefines, thus making SURROGATE requests protected resources.It also adds rules so that root can surrogate to each of thegroups.

–gr n Specifies the number of grace logins for all users, forcing usersto change their passwords after n logins. This ensures that thePASSWD_L_C property in the USER record is updated.

–s Creates SURROGATE class rules for users and groups. TheUxImport function adds a SURROGATE record for every groupit defines, thus making SURROGATE requests to the groupprotected resources.

–v Verbose mode displays the status of the program. It isrecommended that you use this option if your site has manyusers, groups, or hosts, so that you can verify the program’sprogress.

uxlmport Utility


3.TA

CF

Utilities

EXAMPLESThe following command extracts all information of users, groups,and hosts from the UNIX and NIS databases and creates TACFcommands that can be used to add those records to the TACFdatabase. UxImport creates SURROGATE class records andprovides progress indication. Output is directed to the fileuxinfo.seos in your home directory.UxImport –a –s –v > x/uxinfo.seos

SEE ALSOselang, seuidpgm

uxlmport Utility

298 Version 3.7

TACF Properties

This chapter contains the following two sections:

¶ The first section describes every property in every class definedin the database. The properties are arranged by class.

¶ The second section contains a table that lists the modifiableproperties in the TACF database, the parameters that are used toupdate these properties, and the TACF commands to execute toupdate these properties.

Database Properties by TACF ClassThis section provides detailed information on every property in everyclass in the TACF database. The information is presented in tableswith the following columns:

¶ Property-the name of the property in the TACF database

¶ Description-the property’s function and purpose

¶ Modifiable-whether the property can be modified by the user orwhether it is set automatically by TACF

¶ Data Type-the data type of the property value, and the size ofthe property value, if the type has a size associated with it

The UDP class is in the TACF database but is not currently used.

4


4.TA

CF

Pro

perties

ADMINThe security administrator can delegate administration tasks tonon-ADMIN users, allowing them to perform tasks that normallycannot be done by regular users. The ADMIN class contains thedefinitions that allow non-ADMIN users to administer specificclasses. Each TACF class that is to be administered by delegatedusers is represented by an ADMIN record. The record contains a listof accessors with the access authorities of each. Conditional accesscontrol lists are also supported.

Property Description Modifiable Data Type

AAUDIT Displays the type of activity whichTACF is auditing.

No SPECIAL

ACL A list of accessors that arepermitted to access a particularresource along with the access typesassociated with each accessor Eachelement in the list contains thefollowing information: Accessorreference-A reference to an accessorobject. Default values are USER orGROUP. Permitted access-Theaccess types that the accessor hasfor this resource. Default values areNONE and EXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List

CATEGORY The category list of the recordNote: The selang parametercategory [-] in chusr, editusr, andnewusr updates this property.

Yes CategoriesReference List

COMMENT A remarkNote: The selang parameterupdates this property.

Yes String, 255characters

CREATE_TIME The date and time the record wascreated. Default values are Date andTime.

No

ADMIN

300 Version 3.7


DAYTIME The day and time restrictions thatgovern when the resource can beaccessed. Default values are Dateand Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newres updatesthis property.

Yes

NOTIFY The name of the user to be notifiedwhen a resource is successfullyaccessedNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.


OWNER The owner of the record.Note: The selang parameter ownerin chres, editres, and updates thisproperty.

Yes AccessorReference

PACL A program access control list thatapplies to accessor objects when theaccess is requested by a specificprogram

Yes SPECIAL

RAUDIT The resource audit mode specifieswhich access events are logged inthe audit log. Valid values are asfollows: ALL-All access requests,whether successful or not, areaudited ALLOW-All granted accessrequests are audited DENY-Onlydenied access requests are audited.NONE- No access requests areaudited

Yes SPECIAL

SECLABEL The security label of the record Yes Label Reference

SECLEVEL The security level of the record, orzero The number zero means thereis no security level limiting accessto the record. Default values aredecimals ranging from 0 to 255.

Yes

ADMIN


4.TA

CF

Pro

perties


UACC The default access of the resource,which specifies the access type thatis given to users who are notdefined to TACF

Yes Access

UPDATE_TIME The date and time the record waslast modified. Default values areDate and Time.

No

UPDATE_WHO The person who performed theupdate

No User Reference

WARNING Whether to operate in warningmode |In warning mode, accessrequests are always granted and foreach access request that violates anaccess rule, a record is written tothe audit log. Default values are ONor OFF.

Yes

CATEGORYEvery security category defined to TACF is represented by a recordin the CATEGORY class.


COMMENT A remarkNote: The selang parameter updatesthis property.


CREATE_TIME The date and time the object wascreated. Default values are Date andTime.

No

OWNER The owner of the category definition Yes AccessorReference

UPDATE_TIME The date and time the object waslast modified. Default values areDate and Time.

No


No User Reference

ADMIN

302 Version 3.7

CONNECTTACF provides protection for outgoing connections. Records of theCONNECT class control include who can connect to a particularstation, and how the user can create the connection. The name of therecord is the name of the station to which the connection is beingmade.


ACL The access control list of accessorobjects that are permitted to kill theprocess. Each element in the listcontains the following information:Accessor reference-A reference to anaccessor object. Default values areUSER or GROUP. Permittedaccess-The access type that theaccessor has for this resource.Default values are NONE andEXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes SPECIAL






No

CONNECT Class


4.TA

CF

Pro

perties


DAYTIME The day and time restrictions thatgovern when the object can beaccessed. Default values are Dateand Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newres updatesthis property.

Yes

NOTIFY The name of the user to be notifiedwhen the object is successfullyaccessedNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.




PACL A program access control list thatapplies to accessor objects when theaccess is requested by a specificprogram.

Yes SPECIAL

RAUDIT The resource audit mode specifieswhich access events are logged inthe audit log. Valid values are asfollows: ALL-All access requests,whether successful or not, areaudited ALLOW-All granted accessrequests are audited DENY-Onlydenied access requests are auditedNONE-No access requests areaudited

Yes SPECIAL

SECLABEL The security label of the object Yes Label Reference

SECLEVEL The security level of the object. Thenumber zero means there is nosecurity level limiting access to theobject. Default values are decimalsranging between 0 and 255.

Yes

CONNECT Class

304 Version 3.7


UACC The default access of the resource.This default access specifies theaccess type given to users notdefined to TACF.

Yes Access


No

UPDATE_WHO The person who performed the lastupdate

No User Reference

WARNING Whether to operate in warning modeIn warning mode, access requestsare always granted and for eachaccess request that violates an accessrule, a record is written to the auditlog. Default values are ON or OFF.

Yes

FILEEvery object in the FILE class defines the access allowed to a file ordirectory.


ACL A list of accessors that arepermitted to access the fileprotected by this record along withthe access type associated witheach accessor. Each element in thelist contains the followinginformation: Accessor reference-Areference to an accessor object.Permitted access-The access typethat the accessor has for thisresource. Default values are:Default values are NONE andEXECUTE.

Yes Reference List

CONNECT Class


4.TA

CF

Pro

perties






CREATE_TIME The date and time of objectcreation. Default values are Dateand Time.

DAYTIME The day and time restrictions thatdetermine when the file can beaccessed. Default values are Dateand Time.Note: The selang parameterrestrictions (days--and time--) inchres, editres, and newres updatesthis property.

Yes

NOTIFY The name of the user to benotified when the file issuccessfully accessedNote: The selang parameternotify [-] in chres, editres, andnewres updates this property.


OWNER The owner of the record.Note: The selang parameterowner in chres, editres, andupdates this property.


PACL A program access control list thatapplies to accessor objects whenthe access is requested by aspecific program

Yes SPECIAL

FILE Class

306 Version 3.7


RAUDIT The resource audit mode specifieswhich access events are logged inthe audit log.Valid values are asfollows: ALL-All access requests,whether successful or not, areaudited. ALLOW-All grantedaccess requests are audited.DENY-Only denied access requestsare audited. NONE-No accessrequests are audited.

Yes SPECIAL

SECLABEL The security label assigned to thefile

Yes LabelReference

SECLEVEL The security level assigned to thefile. The number zero means thereis no security level limiting accessto the file. Default values aredecimals, ranging between 0 and255.

Yes

UACC The default access of the resource,which specifies the access typethat is given to users who are notdefined to TACF

Yes Access

UPDATE_TIME The date and time the object waslast updated. Default values areDate and Time.

No

UPDATE_WHO The person who last updated therecord

No User Reference

WARNING Whether to operate in warningmode In warning mode, accessrequests are always granted andfor each access request thatviolates an access rule, a record iswritten to the audit log. Defaultvalues are ON or OFF.

Yes

FILE Class


4.TA

CF

Pro

perties

GFILEEvery object in the GFILE class defines the access allowed to agroup of the file or directories.


ACL A list of accessors that arepermitted to access the groupedfiles protected by this record alongwith the access type associated witheach accessor. Each element in thelist contains the followinginformation:

Accessor reference – A reference toan accessor object. Default valuesare USER or GROUP.

Permitted access – The access typethat the accessor has for thisresource. Default values are:Default values are NONE andEXECUTE.

Yes Reference List

AUDIT Determines whether TACFperforms auditing on the resource.Valid values are as follows:

ALL- All access requests, whethersuccessful or not, are audited.

ALLOW- All granted accessrequests are audited. DENY- Onlydenied access requests are audited.NONE- No access requests areaudited.

No SPECIAL



CREATE_TIME The date and time the object wascreated. Default values are Dateand Time.

No

GFILE Class

308 Version 3.7


MEMBERS The list of files that belong to thegroup

Yes File ReferenceList

NOTIFY The user name of the user to benotified when a file is successfullyaccessedNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.




PACL Contains the program accesscontrol list-an access control listthat applies to accessor objectswhen the access to the group orfiles or directories is being made bya specific program.

Yes SPECIAL

RAUDIT Determines whether TACFperforms auditing on the resource.Valid values are as follows:ALL-All access requests, whethersuccessful or not, are audited.ALLOW-All granted accessrequests are audited. DENY-Onlydenied access requests are audited.NONE-No access requests areaudited.

Yes SPECIAL


No


No User Reference

GFILE Class


4.TA

CF

Pro

perties


WARNING Whether to operate in warningmode In warning mode, accessrequests are always granted and foreach access request that violates anaccess rule, a record is written tothe audit log. Default values areON or OFF.

Yes

For more information on SPECIAL properties in class GHOST, seethe description of class HOST.

GHOSTEvery object in class GHOST defines a group of hosts. GHOSTobjects define access rules that govern the access other stations(hosts) that belong to the group of hosts have to the local host whenusing Internet communication. For each client (GHOST object) thereis a property that lists all service rules that the local host mayprovide to the client.




CREATE_TIME The date and time of objectcreation. Default values are Dateand Time.

No

DAYTIME The day and time restrictions thatgovern when the resource can beaccessed. Default values are Dateand Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newresupdates this property.

Yes

GFILE Class

310 Version 3.7


INETACL A list of services and the accessallowed to the local host (Formore information aboutINETACL, see the discussion ofthe HOST class.)

Yes SPECIAL

INSERVRNGE An ACL that contains a range ofservice numbers and the accessallowed The access is used for allthe TCP/IP ports in the specifiedrange.

Yes Access ControlList

MEMBERS A list of hosts that are membersof the host group

No GHOSTReference



RAUDIT The resource audit mode specifieswhich access events are logged inthe audit log. Valid values are asfollows: ALL-All access requests,whether successful or not, areaudited. ALLOW-All grantedaccess requests are audited.DENY-Only denied accessrequests are audited. NONE-Noaccess requests are audited.

Yes SPECIAL

UNTRUST Reserved for future use – –


No


No User Reference

GHOST Class


4.TA

CF

Pro

perties



Yes

For more information on SPECIAL properties in class GHOST, seethe description of class HOST.

GROUPThe GROUP class represents groups of users. Each record in theGROUP class contains the following properties:


AUDIT_MODE Specifies user activities to belogged.

Yes SPECIAL




No

DAYTIME The day and time restrictions for auser’s sign-on The value in theDAYTIME property of a USERrecord overrides this value. Defaultvalues are Date and Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newres updatesthis property.

Yes

GHOST Class

312 Version 3.7


EXPIRE_DATE The date on which the user recordsexpire and become invalid Thevalue in the EXPIRE_DATEproperty of a USER recordoverrides this value. Default valuesare Date and Time. To reinstate auser record, you have to use thechusr TACF command with theexpire- parameter. You cannotresume an expired user (you canonly resume a suspended user buyspecifying a resume date.Note: The selang parameter expire[-] in chgrp, editgrp, and newgrpupdates this property.

Yes

FULL_NAME The full name associated with thegroup


HOMEDIR The home directory assigned to anew user created in UNIX if theuser has been assigned to a groupwith this property in the groupprofile


INACTIVE Specifies the number of days thatmust pass before the systemchanges the user to inactive. Whenthe number of days is reached, theuser becomes inactive and cannotlog in. If the field is not specified,and the user has a profile groupwith a value for interval, theinterval setting of the profile groupis used. If this field is not specified,and the user does not have a profilegroup, or the profile group does nothave a value for this field, theTACF global password intervalsetting is used.

Yes Integer

GROUP Class


4.TA

CF

Pro

perties


MAXLOGINS The maximum number ofconcurrent logins from differentterminals allowed for a user A zerovalue means that there is nomaximum and a user can log inconcurrently from any number ofterminals.

If this group is the profile group fora user, this value overrides thevalue in the PASSWDRULESproperty of the TACF class and thevalue in the MAXLOGINS propertyof the USER record overrides thisvalue.Note: If MAXLOGINS is set to 1,you cannot run selang.

Yes Number



PASSWDRULES Specifies the password rules. Thisproperty contains a number of fieldsthat determine how TACF handlespassword protection.Note: The selang parameterpassword (rules[-]...) in chgrp,editgrp, and newgrp updates thisproperty.

Yes SPECIAL

GROUP Class

314 Version 3.7


POLICYMODEL Specifies that when a user changesa password with the sepass utility,the new password is propagated tothe specified policy model. Thepassword is not sent to the policymodel defined in the parent_pmd orpasswd_pmd token in the [seos]section of the seos.ini file.Note: The selang parameter pmdbin chgrp, editgrp, and newgrpupdates this property.


RESUME_DATE The date on which the user recordbecomes valid The value in theRESUME_DATE property of aUSER record overrides this value.Default values are Date and Time.

Yes

SHELL The shell program assigned to anew user created in UNIX, if theuser has been assigned to a groupwith this property in the groupprofile.


SUBGROUP The subgroups that belong to thegroup

Yes GroupReference List

SUSPEND_DATE The date on which the user recordis suspended and becomes invalid.The value in the SUSPEND_DATEproperty of a USER recordoverrides this value.

Yes

SUSPEND_WHO The person who activated the dateof suspension on which the userrecord is suspended and becomesinvalid

No User Reference


No


No User Reference

GROUP Class


4.TA

CF

Pro

perties


USERLIST The list of users that belong to thegroup

Yes User ReferenceList

GSUDOThis class defines groups of objects in class SUDO commands. Youcan define access rules for a group of objects rather than having tospecify the same access rule for each object.


ACL A list of accessors that are permittedto access a particular resource alongwith the access types associated witheach accessor Each element in thelist contains the followinginformation: Accessor reference-Areference to an accessor object.Default values are USER orGROUP. Permitted access-Theaccess types that the accessor hasfor this resource. Default values are:Default values are NONE andEXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List




No

MEMBERS The list of objects in class SUDOthat are members of the group

Yes SUDOReference List



GROUP Class

316 Version 3.7


RAUDIT The resource audit mode specifieswhich access events are logged inthe audit log. Valid values are asfollows: ALL-All access requests,whether successful or not, areaudited. ALLOW-All granted accessrequests are audited. DENY-Onlydenied access requests are audited.NONE-No access requests areaudited.

Yes SPECIAL


No


No UserReference

WARNING Whether to operate in warning modeIn warning mode, access requestsare always granted and for eachaccess request that violates an accessrule, a record is written to the auditlog. The default values are ON orOFF.

Yes

GTERMINALThe GTERMINAL class defines groups of terminals. This definitionis useful when defining access rules. You can specify a permit ordeny rule to a group of terminals rather than having to specify thesame access rule for each terminal. Note that it is also possible todefine an access rule for a group of terminals to a group of users.

GSUDO Class


4.TA

CF

Pro

perties


ACL A list of accessors that are permittedto access a particular resource alongwith the access types associated witheach accessor Each element in thelist contains the followinginformation: Accessor reference-Areference to an accessor object. Thedefault values are USER or GROUP.Permitted access-The access typesthat the accessor has for thisresource. The default values are:Default values are NONE andEXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List



CREATE_TIME The date and time the object wascreated. The default values are Dateand Time.

No

MEMBERS The list of terminals that aremembers of the group

Yes TerminalReference List



UACC The default access of the resource.This default access specifies theaccess type given to users notdefined to TACF.

Yes Access

UPDATE_TIME The date and time the object was lastmodified. Default values are Dateand Time.

No


No User Reference

GTERMINAL Class

318 Version 3.7


WARNING Whether to operate in warning modeIn warning mode, access requests arealways granted and for each accessrequest that violates an access rule, arecord is written to the audit log.The default values are ON or OFF.

Yes

LIDAYEach record in the HOLIDAY class defines one or more periodswhen users cannot log in without extra permission.


ACL A list of accessors that are permittedto access a particular resource alongwith the access types associated witheach accessor Each element in thelist contains the followinginformation: Accessor reference-Areference to an accessor object.Default values are USER orGROUP. Permitted access-Theaccess types that the accessor hasfor this resource. The default valuesare: Default values are NONE andEXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List






No

GTERMINAL Class


4.TA

CF

Pro

perties


DAYTIME Date and time access restrictions.Default values are Date and Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newres updatesthis property.

Yes

HOL_DATE The time period during which userscannot log in. The format is asfollows:

mm/dd[/yy[yy]][@hh:mm] [-mm/dd] \[/yy[yy]][@hh:mm]

Yes SPECIAL

NOTIFY The person who is notified whenaccess to the resource is grantedNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.





Yes SPECIAL

SECLABEL The security label associated withthe process

Yes Label Reference

SECLEVEL The security level associated withthe process. The number zero meansthere is no security level limitingaccess to the process. Default valuesare decimals, ranging between 0 and255.

Yes

LIDAY Class

320 Version 3.7


UPDATE_TIME The date and time the object waslast modified. The default Date andTime.

No

UPDATE_WHO The person who performed the lastupdate.

No User Reference

WARNING Whether to operate in warning modeIn warning mode, access requestsare always granted and for eachaccess request that violates an accessrule, a record is written to the auditlog. Default values are ON or OFF.

Yes

The HOLIDAY object contains the following SPECIAL propertytype:

HOL_DATE-This property uses a data type calledTACF_TINTERVAL that defines an interval of time.TACF_TINTERVAL contains two fields of time (each with amonth, day, year, hour, and minute): the time at the beginning of theinterval, and the time at the end of the interval.

HOSTThe HOST class defines access rules that govern the access otherstations (hosts) have to the local host when using Internetcommunication. These “clients” of the local host are represented byobjects in this class. For each (HOST object) there is a property thatlists all service rules that the local host may provide to the client.





No

LIDAY Class


4.TA

CF

Pro

perties



Yes

GROUPS A list of host groups to which thehost belongs

No GHOSTReference

INETACL A list of services and the accessallowed to the local host Moreinformation about INETACLfollows this table.

Yes SPECIAL






Yes SPECIAL


No


No User Reference

HOST Class

322 Version 3.7


WARNING Whether to operate in warningmode In warning mode, accessrequests are always granted and foreach access request that violates anaccess rule, a record is written tothe audit log. Default values are ONor OFF.

Yes

The HOST object contains the following SPECIAL property type:

INETACL-This property contains the port number or name (asteriskstring if all services), the access allowed to this service (currentlyonly READ or NONE), and the protocol code (TCP or UDP).

HOSTNETEvery object in class HOSTNET defines a group consisting of allhosts on a particular network. HOSTNET objects define access rulesthat govern the access other stations (hosts) on the specific networkhave to the local host when using Internet communication. The nameof each HOSTNET object consists of a set of mask and matchvalues for the IP address. For each client (HOSTNET object) there isa property that lists all service rules that the local host may provideto the client.





No

HOST Class


4.TA

CF

Pro

perties



Yes

INETACL A list of services and the accessallowed to the local host (Formore information about INETACL,see the discussion of the HOSTclass.)

Yes SPECIAL

INMASKMATCH A combination of a mask and amatch on the IP address of thehost that is requesting a serviceTACF performs a logical AND onthe IP address and the mask andchecks whether the result equalsthe match.

Yes SPECIAL





HOSTNET Class

324 Version 3.7


RAUDIT The resource audit mode specifieswhich access events are logged inthe audit log. Valid values are asfollows: ALL-All access requests,whether successful or not, areaudited. ALLOW-All grantedaccess requests are audited.DENY-Only denied access requestsare audited. NONE-No accessrequests are audited.

Yes SPECIAL


No

UPDATE_WHO The user who last updated theobject’s properties

No User Reference


Yes

HOSTNPEvery object in class HOSTNP defines a group of hosts that havesimilar host names. HOSTNP objects define access rules that governthe access other stations (hosts) that match the object’s name patternhave to the local host when using Internet communication. For eachmask (HOSTNP object) there is a property that lists all service rulesthat the local host may provide to the client.




HOSTNET Class


4.TA

CF

Pro

perties



No


Yes

INETACL A list of services and the accessallowed to the local host (For moreinformation about INETACL, seethe discussion of the HOST class.)

Yes SPECIAL

INSERVRNGE An ACL that contains a range ofservice numbers and the accessallowed. The access is used for allthe TCP/IP ports in the specifiedrange.




RAUDIT The resource audit mode specifieswhich access events are logged inthe audit log. Valid values are:ALL-All access requests, whethersuccessful or not, are audited.ALLOW-All granted accessrequests are audited. DENY-Onlydenied access requests are audited.NONE-No access requests areaudited.

Yes SPECIAL


No

HOSTNP Class

326 Version 3.7



No User Reference

WARNING Whether to operate in warningmode. In warning mode, accessrequests are always granted. Foreach access request that violates anaccess rule, a record is written tothe audit log. Default values areON or OFF.

Yes

LOGINAPPLThe LOGINAPPL class defines a generic setup of the loginprograms. It also provides the ability to control programs fromwhich a user can login to a host.

Each record in the LOGINAPPL class defines access and detectionrules applicable to a particular login application. The record name ofthe applicaton (telnet or ftp, for example) is a logical name thatrepresents a login application. The physical name is the completepathname of the executable file. The logical name is a name used totell you in a simple way which application is involved

The properties are preset. You must verify the settings before makingchanges.

Note: In Version 3.7, LOGINAPPL replaces loginpgna.init.

In this example, all users but root are blocked from usingrlogin

to enter the following selang commands:1. chres LOGINAPPL RLOGIN defaccess (n)

2. authorize LOGINAPPL RLOGIN uid (root) access (x)

HOSTNP Class


4.TA

CF

Pro

perties


ACL A list of accessors that arepermitted to access a particularresource along with the access typesassociated with each accessor Eachelement in the list contains thefollowing information: Accessorreference-A reference to an accessorobject. Default values are USER orGROUP. Permitted access-Theaccess types that the accessor hasfor this resource. Default values areNONE and EXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List



COMMENT Accommodates any extrainformation that you want to storein the record.Note: The selang parameterupdates this property.



No


Yes

LOGINAPPL Class

328 Version 3.7


LOGINFLAGS Controls login programs’ specialfeatures, including changes indevice number and derements ingrace. The value nfs is set if thelogin application resides on an NFSmounted file system. Default valuesare: nfs, nograce, and nograceroot.If the value nograceroot is set, gracelogins will not be decremented,when root logs in using thisapplication. For more information,see ″GRACELOGIN,″ above.Note: The selang parameterloginflags in chres, editres, andnewres update this property.

Yes SPECIAL

LOGIN-METHOD

Identifies applications as pseudologin programs for purposes ofTACF detection. Some loginapplications use other applicationsto execute setgid and setuid calls.Default values are PSEUDO andNORMAL. We recommend that younot modify this pre-set property.

Yes SPECIAL

LOGINPATH Full path to the login application.For example, /usr/sbin/telnetd.Note: The selang parameterloginpath in chres, editres, andnewres updates this property.

No String, 255characters

LOGINAPPL Class


4.TA

CF

Pro

perties


LOGIN-SEQUENCE

Specifies the sequence in which anapplication completes a login. Loginapplicatons use a variety of systemcalls. TACF uses these calls tomonitor login activity. Loginsequence values are predefined. Youcan learn how to change them byreferring to the TACF trace file.Note: parameter loginsequence inchres, editres, and newres updatesthis property. We recommend thatyou not modify this preset property.

Yes SPECIAL

NOTIFY The name of the user to be notifiedwhen the resource is successfullyaccessed. The audit record can besent by e-mail using selogrd.Note: The selang parameter notify[-] in chres, editres, and newresupdates this property.




RAUDIT The resource audit mode specifieswhich access events are recorded inthe audit log. The following valuesare valid: ALL-All access requests,whether successful or not, areaudited. ALLOW-All granted accessrequests are audited. DENY-Onlydenied access requests are audited.NONE-No access requests areaudited.Note: The selang parameter auditin chres, editres, and newresupdates this property.

Yes SPECIAL

LOGINAPPL Class

330 Version 3.7


SECLABEL The security label associated withthe login process.Note: The selang parameter label[-] in chres, editres, and newresupdates this property.

Yes Label Reference

SECLEVEL The security level associated withthe process. The number 0 meansthere is no security level limitingaccess to the process. Default valuesare decimals, ranging between 0 and255.Note: The selang parameter level[-] in chres, editres, and newresupdates this property.

Yes

UACC The default access of the resource,which specifies the access type thatis given to users who are notdefined to TACF. The default valueis NONE. Possible values areEXECUTE and NONE.Note: The selang parameterdefaccess in chres, editres, andnewres updates this property.

Yes Access


No


No User Reference

WARNING Whether to operate in warningmode In warning mode, accessrequests are always granted and foreach access request that violates anaccess rule, a record is written tothe audit log. Default values are ONor OFF.Note: The selang parameterwarning [-]in chres, editres, andnewres updates this property.

Yes

LOGINAPPL Class


4.TA

CF

Pro

perties

PROCESSThe PROCESS class defines objects that represent programs(executable binaries) running in their own address space and thatneed to be protected from being killed. Major daemons and databaseservers are good candidates for such protection since these processesare the main targets for service denial attacks.

The following signals are intercepted to protect objects of thePROCESS class:

Signal Number

KILL 9

STOP Machine dependent

TERM 15

Before defining the program file in the PROCESS class, the filemust also be defined in the FILE class.


ACL A list of accessors that arepermitted to access a particularresource along with the accesstypes associated with each accessorEach element in the list containsthe following information: Accessorreference-A reference to anaccessor object default values areUSER or GROUP. Permittedaccess-The access types that theaccessor has for this resource.Default values are NONE andEXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List

PROCESS Class

332 Version 3.7




COMMENT Accommodates any extrainformation that you want to storein the record.Note: The selang parametercomment [-]updates this property.



No


Yes

LOGINFLAGS Controls login programs’ specialfeatures, including changes indevice number and derements ingrace. Valid values are nfs,nograce, and nograceroot. Thevalue nfs is set if the loginapplication resides on an NFSmounted file system. If the valuenograceroot is set, grace logins willnot be decremented, when root logsin using this application. For moreinformation, see ″GRACELOGIN,″above.Note: The selang parameterloginflags in chres, editres, andnewres update this property.

Yes

PROCESS Class


4.TA

CF

Pro

perties


LOGINMETHOD Identifies applications as pseudologin programs for purposes ofTACF detection. Some loginapplications use other applicationsto execute setgid and setuid calls.

LOGINPATH Full path to the login application.For example, /usr/sbin/telnetd.Note: The selang parameterloginpath in chres, editres, andnewres updates this property.

No

LOGIN-SEQUENCE

Specifies the sequence in which anapplication completes a login.Login applicatons use a variety ofsystem calls. TACF uses these callsto monitor login activity. Loginsequence values are predefined.You can learn how to change themby referring to the TACF file.Note: parameter loginsequence inchres, editres, and newres updatesthis property.

Yes

NOTIFY The name of the user to be notifiedwhen the resource is successfullyaccessed. The audit record can besent by e-mail using selogrd.Note: The selang parameter notify[-] in chres, editres, and newresupdates this property.


OWNER The owner of the process record.Note: The selang parameter ownerin chres, editres, and updates thisproperty.


PACL A program access control list thatapplies to accessor objects whenthe access is requested by aspecific program.

Yes SPECIAL

PROCESS Class

334 Version 3.7


RAUDIT The resource audit mode specifieswhich access events are recorded inthe audit log. The following valuesare valid: ALL-All access requests,whether successful or not, areaudited. ALLOW-All grantedaccess requests are audited.DENY-Only denied access requestsare audited. NONE-No accessrequests are audited.Note: The selang parameter auditin chres, editres, and newresupdates this property.

Yes SPECIAL

SECLABEL The security label associated withthe login processNote: The selang parameter label[-] in chres, editres, and newresupdates this property.

Yes Label Reference

SECLEVEL The security level associated withthe process The number zeromeans there is no security levellimiting access to the process.Default values are decimals rangingfrom 0 to 255.Note: The selang parameter level[-] in chres, editres, and newresupdates this property.

Yes

UACC The default access of the resource,which specifies the access type thatis given to users who are notdefined to TACF. Default valuesare NONE and EXECUTE.Note: The selang parameterdefaccess in chres, editres, andnewres updates this property.

Yes Access


No

PROCESS Class


4.TA

CF

Pro

perties



No User Reference

WARNING Whether to operate in warningmode In warning mode, accessrequests are always granted and foreach access request that violates anaccess rule, a record is written tothe audit log. Default values areON or OFF.Note: The selang parameterwarning [-] in chres, editres, andnewres updates this property.

Yes

PROGRAMThe PROGRAM class defines programs that are considered part ofthe trusted computing base (setuid and setgid programs). Programsin this class are programs that can be trusted not to have securitybreaches and that are monitored by the TACF watchdog (seoswd) toensure they are not modified. If such a trusted program is altered,TACF automatically marks the program as untrusted, and any rulesreferring to this program with conditional access are discarded. EachPROGRAM object contains several properties that defineinformation about the trusted program’s file. The TACF watchdogchecks whether these values change.

Note: A program is automatically added to the PROGRAM classwhen it is added to a PACL, the program (conditional) accesscontrol list.

PROCESS Class

336 Version 3.7


ACL A list of accessors that arepermitted to access a particularresource along with the accesstypes associated with each accessorEach element in the list containsthe following information:Accessor reference-A reference toan accessor object. Default valuesare USER or GROUP. Permittedaccess-The access types that theaccessor has for this resource.Default values are: Default valuesare NONE and EXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List






No

DAYTIME The day and time restrictions thatgovern when the program can beexecuted. Default values are Dateand Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newres updatesthis property.

Yes

MD5 The RSA signature of the program No SPECIAL

PROGRAM Class


4.TA

CF

Pro

perties


NOTIFY The name of the user to be notifiedwhen the program is successfullyaccessedNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.




PACL Contains the program accesscontrol list-a list of programs thatare permitted to run a particularresource, along with the accesstype associated with each program.

Yes SPECIAL

PGMINFO Program information This dataincludes the CRC, size, creationtime, device number, i-nodenumber, and permission bits of theprogram file.

Yes SPECIAL

RAUDIT The resource audit mode specifieswhich access events are recordedin the audit log. The followingvalues are valid: ALL-All accessrequests, whether successful or not,are audited. ALLOW-All grantedaccess requests are audited.DENY-Only denied access requestsare audited. NONE-No accessrequests are audited.Note: The selang parameter auditin chres, editres, and newresupdates this property.

Yes SPECIAL

SECLABEL The security label associated withthe login process.Note: The selang parameter label[-] in chres, editres, and newresupdates this property.

Yes Label Reference

PROGRAM Class

338 Version 3.7


SECLEVEL The security level associated withthe process. The number zeromeans there is no security levellimiting access to the process.Default values are decimalsranging from 0 to 255.Note: The selang parameter level[-] in chres, editres, and newresupdates this property.

Yes

SNEFRU The SNEFRU file signature of thefile

No SPECIAL


Yes Access

UNTRUST Specifies program is untrusted.Default values are ON or OFF.

Yes


No


No User Reference


Yes

The PROGRAM object contains the following SPECIAL propertytype:

PGMINFO-This property is generated automatically by TACF. Youcannot edit its contents. The information stored in this property is

PROGRAM Class


4.TA

CF

Pro

perties

verified by the TACF watchdog (seoswd). The information alsocontains flags that determine what the watchdog is to verify. Thoseflags are modifiable.

SECFILEThe SECFILE class is similar to the PROGRAM class in that itstores information about program files. However, objects of theSECFILE class cannot appear in a conditional (program) accesscontrol list. This class is intended to provide verification forimportant files. Sensitive system files that are not frequentlymodified should be added to this class to verify that they are notaltered by an unauthorized user. The watchdog part of TACF(seoswd) scans these files and ensures the information known aboutthese files is not modified.


COMMENT A remarkNote: The selang parameter comment[-]updates this property.



No

MD5 The RSA signature of the file No SPECIAL

OWNER The owner of the record.Note: The selang parameter owner inchres, editres, and updates thisproperty.


PGMINFO Program information This dataincludes the CRC, size, creation time,device number, i-node number, andpermission bits of the program file.

Yes SPECIAL

SNEFRU The SNEFRU file signature of the file No SPECIAL

UNTRUST Specifies program was found to beuntrusted This property is not usedduring the authorization process.Default values are ON or OFF.

Yes

PROGRAM Class

340 Version 3.7


UPDATE_TIME The date and time the object was lastmodified. Default values are Date andTime.

No


No User Reference

For discussion of the SPECIAL properties found in this class, see thePROGRAM class discussion earlier in this chapter.

SECLABELThe SECLABEL class defines security labels. A security labelconsists of a set of security categories and a security level.






CREATE_TIME The date and time the record wascreated. Default values are Dateand Time.

No



SECLEVEL The security level associated withthe security label The number zeromeans there is no security levelassociated with the security label.Default values are decimalsranging between 0 and 255.

Yes


No

SECFILE Class


4.TA

CF

Pro

perties



No User Reference

SEOSThe SEOS class controls the behavior of the TACF authorizationdaemon (seosd). The class contains only one object, called SEOS,that determines whether a resource is checked and whether a securityaspect is used during the authorization flow.


<Resource ClassName>

Determines whether TACFprotects the class identified byResource Class Name. Theclasses include ADMIN,CATEGORY, CONNECT, FILE,HOST, PROCESS, PROGRAM,SECLABEL, SECLEVEL,SUDO, SURROGATE, TCP, andTERMINAL. TACF protectioncannot be turned off for theclasses GROUP, SECFILE,UACC, and USER. Defaultvalues are ON or OFF.

Yes

SECLABEL Class

342 Version 3.7


ACCPACL A list of programs that arepermitted to run a particularresource along with the accesstype associated with eachprogram, using both the ACLand PACL lists. WhenACCPACL is active, if there isexplicit access provided for auser through ACL, then thataccess is the allowed access. Ifexplicit access has not beenspecified through ACL, or accessis not specified as NONE, thenaccess rules are a combination ofPACL and ACL specification.The elements in the program andaccess control lists (PACL andACL) contain the followinginformation:

¶ Program reference - areference to a record of thePROGRAM class.

¶ Accessor reference - areference to an accessor (auser or group).

¶ Permitted access - the accessallowed to the accessor whenusing the specified program.Valid values are NONE andREAD.

Yes Reference List

SEOS Class


4.TA

CF

Pro

perties


ADMIN Determines whether the ADMINclass is active. Normally theclass is active, because theADMIN class controlspermission to perform securityadministration tasks. If theADMIN class were inactive, allusers could work like TACFadministrators.Default values areYES and NO.

Yes

CATEGORY The category list of the recordNote: The selang parametercategory [-] in chusr, editusr,and newusr updates thisproperty.




CREATE_TIME The time the object was created.Default values are Date andTime.

No

ENDTIME The date and time the TACFdatabase files were last closed inan orderly manner. Defaultvalues are Date and Time.

No

FILE Determines whether class FILEis active. Default values are YESor NO.

Yes

GRACCR Determines whether accumulatedgroup rights of users arechecked. Default values are ONor OFF.

Yes

HOLIDAY Determines whether classHOLIDAY is active. Defaultvalues are YES or NO.

Yes

SEOS Class

344 Version 3.7


INACT Determines the number ofinactive days after which a user’slogin is suspended. An inactiveday is a day in which the userdoes not log in.

Yes Number

MAXLOGINS Determines the default value forthe maximum number ofconcurrent logins allowed for auser. The user record issuspended after this number oflogins has occurred. This valuecan be overridden by assigning avalue in the user’s user record.

Yes Number

PASSWDRULES Password rules setup Yes SPECIAL

PASSWORD Determines whether passwordrules are applied. Default valuesare ON or OFF.

Yes

PROCESS Determines whether the classPROCESS is active. Defaultvalues are YES or NO.

Yes

SECLABEL Determines whether the classSECLABEL is active. Defaultvalues are YES or NO.

Yes

SECLEVEL Determines whether the classSECLEVEL is active. Defaultvalues are YES or NO.

Yes

STARTTIME The date and time the TACFdatabase files were last opened.Default values are YES or NO.

No

SUDO Determines whether the classSUDO is active. Default valuesare YES or NO.

Yes

SURROGATE Determines whether the classSURROGATE is active. Defaultvalues are YES or NO.

Yes

SEOS Class


4.TA

CF

Pro

perties


TCP Determines whether the classTCP is active. Default values areYES or NO.

Yes

TERMINAL Determines whether TACFperforms a terminal access checkduring sign-on, and protectsX-Window sessions. Defaultvalues are YES or NO.

Yes

UDP Determines whether class UDP isactive. Default values are YES orNO.

Yes

UPDATE_TIME The time and date the object waslast updated. Default values areDate and Time.

No

UPDATE_WHO The person who last updated theobject

No User Reference

SPECIALPGMThe SPECIALGM class differentiates between various user accesslimitations during the authorization process. These user accesslimitations are associated with logical user names. You can use thisclass to protect system daemons running with the root user identity.The record should be a path to a range, or pattern of specialprograms.

Note: This class replaces xdmpgms.init and privpgms.init.The following procedure shows you how to use the logical userfeature to protect a sensitive file:

To protect a file that resides in/DATABASE/data/*,

the database data manager uses the file server daemonfirmdb_filemgr. This file server resides on/opt/dbfirm/bin/firmdb_filemgr.The file, firmdb_filemgrusuallyruns under root, making the data accessible to any root-shell hack.

SEOS Class

346 Version 3.7

In this example, the logical user is defined as the only accessor ofthese files.

1. Define the ″sensitive″ files to TACF using the command:newres file/DATABASE/data/*defaccess\ (NONE)owner(nobody)

2. Define the logical user to access the files:newuser firmDB_mgr

3. Allow only the logical user, firmDB_mgr to access the files.Authorize file/DATABASE / data/* uid (firmDB_mgr)

4. Finally, makefirmdb_filemgr

run with logical userfirmDB_mgrnewres SPECIALPGM/opt/dbfirm/bin/ firmdb_filemgr\unixuid (root) seosuid\ (firmDB_mgr)

When the daemon accesses the files, TACF recognizes the logicaluser as the accessor of the files, and not root. A hacker who attemptsto access the files as root will fail.


CREATE_TIME The time the object was created.Default values are Date and Time.

No

OWNER The owner of the recordNote: The selong parameterowner in chres, editres, andnewres updates this property.


SEOSUID Specifies the user as havinginvoked SPECIALPGM forpurposes of authorization. Thelogical user name (seosid) must bedefined in TACF.Note: The selang parameter namein chres, editres, and newresupdates this property.


SPECIALPGM Class


4.TA

CF

Pro

perties


SPECIAL-PGMTYPE

A way to bypass superfluousaccess checks. Checks that can bebypassed are mail, backup (chdir,read, utimes), and XDM(unconditional cross-terminalaccess). Default values are: mail,backup, and xdm.

Yes SPECIAL

UPDATE_TIME The time and date the object waslast updated. Default values areDate and Time.

No

UPDATE_WHO The person who last updated theobject

No User Reference

UNIXUID Specifies the Unix user if theprogram runs with this user’s I.D.Note: The selang parameter uidin chres, editres, and newresupdates this property.


SUDOThis class is used by the sesudo command. Each object in the classdefines a command that can be executed with root permissions.

SPECIALPGM Class

348 Version 3.7


ACL A list of accessors that arepermitted to access a particularresource along with the access typeassociated with each accessor. Eachelement in the list contains thefollowing information: Accessorreference-A reference to anaccessor object. Default values areUSER or GROUP. Permittedaccess-The access type that theaccessor has for this resource.Default values are NONE andEXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List



COMMENT Accomodates any extra informationthat you want to store in the record.Note: The selang parametercomment [-]updates this property.



No

DAYTIME The day and time restrictions thatgovern when the sesudo commandcan be executed. Default values areDate and Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newres updatesthis property.

Yes

GROUPS The list of SUDO groups that thisSUDO command belongs to

Yes Object ID List

SUDO Class


4.TA

CF

Pro

perties


NOTIFY The name of the user to be notifiedwhen the object is used to grantaccessNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.




PACL A program access control list thatapplies to accessor objects whenthe access is requested by a specificprogram

Yes SPECIAL

PASSWORDREQ Whether sesudo is to request thetarget user’s password as acondition for execution. Defaultvalues are YES or NO.

Yes


Yes SPECIAL

SECLABEL The security label assigned to therecord

Yes Label Reference

SECLEVEL The security level assigned to therecord The number 0 means there isno security level limiting access tothe record. Default values aredecimals ranging from 0 to 255.

Yes

SUDO Class

350 Version 3.7


TARGUSR The user whose permissions are tobe borrowed for executing thecommand The default is root.

Yes

UACC The default access of the resource,which specifies the access type thatis given to users who are notdefined to TACF.

Yes Access


No

UPDATE_WHO The person who performed theupdate.

No User Reference


Yes

SURROGATEThe SURROGATE class defines restrictions that protect a user fromanother user who makes a surrogate request to that user. TACF treatsthe surrogate request as an abstract resource that can be accessedonly by authorized users. There is a record called USER._default torepresent all users that do not have records of their own. Similarly,there is a record called GROUP._default to represent all groups thatdo not have records of their own.

SUDO Class


4.TA

CF

Pro

perties


ACL The access control list definesaccessor objects (users and groups)and the access type each objecthas to the resource. Each elementin the list contains the followinginformation: Accessor reference-Areference to an accessor object.Default values are USER orGROUP. Permitted access-Theaccess type that the accessor hasfor this resource. Default valuesare NONE and EXECUTE.Note: The selang parameteraccess type-of-access in authorizeand authorize-updates thisproperty.

Yes SPECIAL



COMMENT Accomodates any extrainformation that you want to storein the record.Note: The selang parametercomment [-]updates this property.



No


Yes

SURROGATE Class

352 Version 3.7


NOTIFY The person to be notified whenaccess to this resource is grantedNote: The selang parameternotify [-] in chres, editres, andnewres updates this property.


OWNER The owner of the surrogate record.Note: The selang parameterowner in chres, editres, andnewres updates this property.


PACL A program access control list thatapplies to accessor objects whenthe access is requested by aspecific program.

Yes SPECIAL

RAUDIT The resource audit mode specifieswhich access events are recordedin the audit log. The followingvalues are valid: ALL-All accessrequests, whether successful ornot, are audited. ALLOW-Allgranted access requests areaudited. DENY-Only denied accessrequests are audited. NONE-Noaccess requests are audited.Note: The selang parameteraudit in chres, editres, andnewres updates this property.

Yes SPECIAL

SECLABEL The security label associated withthe surrogate user

Yes Label Reference

SECLEVEL The security level associated withthe surrogate record. The numberzero means there is no securitylevel limiting access to the record.Default values are decimals,ranging between 0 and 255

Yes

TARGUSR Specify the target user for whichyou may use sesudo to executecommands other than root. Defaultvalues are YES or NO.

Yes

SURROGATE Class


4.TA

CF

Pro

perties


UACC The default access of the resource,which specifies the access typethat is given to users who are notdefined to TACF.

Yes Access


No


No User Reference

WARNING Whether to operate in warningmode. In warning mode, accessrequests are always granted andfor each access request thatviolates an access rule, a record iswritten to the audit log. Defaultvalues are ON or OFF.

Yes

TCPThe TCP class defines objects that represent TCP/IP services. Hostscan obtain the services only if the TCP-class data explicitly orimplicitly grants access.

The TCP class can be active only if the HOST class is not.

SURROGATE Class

354 Version 3.7


ACL The access control list that appliesto hosts requesting access to theservice. Each element in the listcontains the following information:Accessor reference-A reference toan accessor object. Default valuesare: HOST, HOSTNET, GHOST,HOSTNP, UID, or GID. Permittedaccess-The access type that theaccessor has for this resource.Default values are NONE andEXECUTE.Note: The selang parameteraccess type-of-access in authorizeand authorize-updates thisproperty.

Yes SPECIAL

CACL The conditional access control listthat applies to users and groups ofhosts, using particular hosts thatare requesting access to theservice. Each element in the listcontains the following information:Accessor reference-A reference toan accessor object. Default valuesare USER or GROUP.

Accessor reference-A reference toan accessor object. Default valuesare HOST, HOSTNET, GHOST, orHOSTNP. Permitted access-Theaccess type that the accessor hasfor this resource. Default valuesare NONE and WRITE.

Yes SPECIAL

COMMENT Accomodates any extrainformation that you want to storein the record.Note: The selang parametercomment [-]updates this property.


TCP Class


4.TA

CF

Pro

perties



No


Yes

NOTIFY The person who is notified whenaccess to the resource is grantedNote: The selang parameternotify [-] in chres, editres, andnewres updates this property.


OWNER The owner of the TCP record.Note: The selang parameterowner in chres, editres, andnewres updates this property.


PACL Reserved for future use. – –

RAUDIT The resource audit mode specifieswhich access events are recordedin the audit log. The followingvalues are valid: ALL-All accessrequests, whether successful ornot, are audited. ALLOW-Allgranted access requests areaudited. DENY-Only denied accessrequests are audited. NONE-Noaccess requests are audited.Note: The selang parameter auditin chres, editres, and newresupdates this property.

Yes SPECIAL

UACC The default access of the resource,which specifies the access typethat is given to users who are notdefined to TACF.

Yes Access

TCP Class

356 Version 3.7


UPDATE_TIME The date and time the object waslast modified. The default valuesare Date and Time.

No


No User Reference

WARNING Whether to operate in warningmode In warning mode, accessrequests are always granted andfor each access request thatviolates an access rule, a record iswritten to the audit log. Thedefault values are ON or OFF.

Yes

TERMINALThe TERMINAL class defines objects that represent the terminals ofthe local host. Terminals are checked during user sign-on. Users cansign on from a terminal only if they have been authorized to use theterminal.


ACL A list of accessors that are permittedto access a particular resource alongwith the access types associatedwith each accessor Each element inthe list contains the followinginformation: Accessor reference-Areference to an accessor object. Thedefault values are USER orGROUP. Permitted access-Theaccess types that the accessor hasfor this resource. Default values areNONE and EXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List

TCP Class


4.TA

CF

Pro

perties




COMMENT A remarkNote: The selang parametercomment [-] updates this property.


CREATE_TIME The date and time the object wascreated. The default values are Dateand Time.

No

DAYTIME Date and time access restrictions.The default values are Date andTime.Note: The selang parameterrestrictions (days--and time--) inchres, editres, and newres updatesthis property.

Yes

GROUPS The list of terminal groups to whichthe terminal belongs

Yes Resource GroupReference List

NOTIFY The person who is notified whenaccess to the resource is grantedNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.




PACL A program access control list thatapplies to accessor objects when theaccess is requested by a specificprogram

Yes SPECIAL

TERMINAL Class

358 Version 3.7



Yes SPECIAL

SECLABEL The security label associated withthe terminal

Yes Label Reference

SECLEVEL The security level associated withthe terminal The number 0 meansthere is no security level limitingaccess to the terminal. The defaultvalues are decimals, rangingbetween 0 and 255.

Yes


Yes Access

UPDATE_TIME The date and time the object waslast modified. The default values areDate and Time.

No


No User Reference

WARNING Whether to operate in warningmode In warning mode, accessrequests are always granted and foreach access request that violates anaccess rule, a record is written tothe audit log. The default values areON or OFF.

Yes

TERMINAL Class


4.TA

CF

Pro

perties

UACCThe UACC (universal access authority) class has an object for everyresource class. Each UACC object defines the default access allowedto a resource of that class. The UACC object also determines themaximal access type allowed to a resource of that class that is notprotected by TACF.


ACL A list of accessors that are permittedto access a particular resource alongwith the access type associated witheach accessor. Each element in thelist contains the followinginformation: Accessor reference-Areference to an accessor object. Thedefault values are USER or GROUP.Permitted access-The access typethat the accessor has for thisresource. Default values are NONEand EXECUTE.Note: The selang parameter accesstype-of-access in authorize andauthorize-updates this property.

Yes Reference List

ALLOWACCS Specifies the access levels that areavailable for the resource

No Access



CREATE_TIME The date and time of object creation.The default values are Date andTime.

No

DEFACCS Specifies the default access used inauthorize commands when noaccess is specified

No Access



UACC Class

360 Version 3.7



Yes SPECIAL


Yes Access

UPDATE_TIME The date and time the record waslast modified. The default values areDate and Time.

No

UPDATE_WHO The user who last updated therecord

No User Reference

USEREach user is represented by a record of the USER class. The USERrecord contains the definitions for the user.


AUDIT_MODE Specifies user activities to be logged Yes User Audit





UACC Class


4.TA

CF

Pro

perties


COUNTRY A string that can be used to storeinformation on the country this userworks in This string is part of theX.500 naming scheme and is notused during authorization.


CREATE_TIME The date and time of user recordcreation. The default values are Dateand Time.

No

DAYTIME The day and time restrictions for theuser’s sign-on. The default valuesare Date and Time.Note: The selang parameterrestrictions (days-- and time--) inchres, editres, and newres updatesthis property.

Yes

EMAIL Contains the e-mail address of theuser. An address can contain up to128 characters.


EXPIRE_DATE The date on which the user recordexpires and becomes invalid. Dateand Time.

Yes

FULL_NAME The full name of the user This stringis not used during authorizationprocedures.


GRACELOGIN The number of grace logins the userhas

Yes Number

GROUPS The list of groups to which this useris connected.

Yes Group Connect

INACTIVE Specifies the number of days thatmust pass before the system changesthe user to inactive. When thenumber of days is reached, the userbecomes inactive and cannot log in.The default value is that the userwill remain active.

Yes Integer

LAST_ACC_TERM The terminal from which the lastsign-on was performed

No String, 20characters

USER Class

362 Version 3.7


LAST_ACC_TIME The date and time of the lastsign-on. Default values are Date andTime.

No

LOCATION A string that can be used to store theuser’s location This information isnot used during authorization.


MAXLOGINS The maximum number of concurrentlogins allowed for the user The userrecord is suspended after thisnumber of logins has occurred. Thisvalue overrides the value in theMAXLOGINS property of the TACFclass.Note: If maxlogins is set to 1, youcannot run selang.

Yes Number

NOTIFY The name of the user to be notifiedwhen this user successfully logs inNote: The selang parameter notify[-] in chres, editres, and newresupdates this property.


OBJ_TYPE Determines whether the user is aregular user or a user with specialattributes.

Yes SPECIAL

OLD_PASSWD A list of the user’s previouspasswords The user is not permittedto use a password in this list. Themaximum number of passwordssaved by TACF is determined by thesetoptions command.

No SPECIAL

ORGANIZATION A string that can be used to storeinformation on the organization thisuser works in This string is part ofthe X.500 naming scheme and is notused during authorization.


USER Class


4.TA

CF

Pro

perties


ORG_UNIT A string that can be used to storeinformation on the organization unitthis user works in This string is partof the X.500 naming scheme and isnot used during authorization.




PASSWD_INT The time interval between passwordreplacements The value in thePASSWD_INT property of a USERrecord overrides the PASSWD_INTvalue in the GROUP record.

Yes Decimal, 256characters

PASSWD_A_C_W Determines which ADMIN lastchanged a user’s password

No User Reference

PASSWD_L_A_C The date and time on which thepassword was last updated. Defaultvalues are Date and Time.

No

PHONE A string that can be used to store theuser’s telephone number Thisinformation is not used duringauthorization.


POLICYMODEL Specifies that when a user changes apassword with the utility sepass, thenew password is propagated to thespecified policy model. Thepassword is not sent to the policymodel defined in the parent_pmd orpasswd_pmd tokens in the [seos]section of the seos.ini file.Note: The selang parameter pmdbin chusr, editusr, and newusrupdates these properties.


USER Class

364 Version 3.7


PROFILE Assigns a user to a profile group.TACF assigns properties from theprofile group to the user if theproperties have not been explicitlyassigned to the user in the userrecord. The values that can be takenfrom the record of the profile groupare:

¶ daytime

¶ expire_date

¶ maxlogins

¶ passwd_policy

¶ passwd rules

v History

v Interval

v Min_life

v Rules

Alpha, Alphanum, Grace,Length, Lowercase, Max_len,Max_rep, Min_len,Namechk, Numeric,Oldpwchk, Special, andUppercase.

¶ policy model

¶ resume_date

¶ suspend_date

¶ unix (homedir, shellprog)

Yes Profile GroupReference

RESUME_DATE The date on which the user recordbecomes valid. Default values areDate and Time.

Yes

SECLABEL The security label of the user Yes Label Reference

USER Class


4.TA

CF

Pro

perties


SECLEVEL The security level of the user Thenumber 0 means the user has noaccess to anything that possesses asecurity level. Default values aredecimals, ranging between 0 and255.

Yes

SUSPEND_DATE The date on which the user record issuspended and becomes invalid.Default values are Date and Time.

Yes

SUSPEND_WHO The person who activated thesuspension

No User Reference

UPDATE_TIME The date and time the user recordwas last updated. Default values areDate and Time.

No

UPDATE_WHO The name of the person whoperformed the last update

No User Reference

Class USER contains the following special properties:

OBJ_TYPE-Determines special attributes assigned to a user. Validvalues are:

¶ ADMIN-The user can perform most administrative functions,such as root in the UNIX environment.

¶ AUDITOR-The user is an auditor.

¶ OPERATOR-The user can list everything in the TACF database.The OPERATOR attribute also allows the user to use the seconsutility.

¶ PWMANAGER-Gives the user the authority to modify thepassword settings of other users.

¶ IGN_HOL-The user can log in during any period of time, evenduring periods of time defined in a holiday record, when mostusers need special permission to log in.

USER Class

366 Version 3.7

¶ SERVER-Allows a process to ask for authorization for users.Users with the SERVER attribute can issue theSEOSROUTE_VerifyCreate API call.

A user can have more than one attribute set.

OLD_PASSWD-Old passwords. This data is stored encrypted.

USER Class


4.TA

CF

Pro

perties

368 Version 3.7

TACF Status Codes

This chapter provides detailed information on all status, return, anderror codes returned by TACF. The chapter contains tables for thefollowing items:

¶ Stage codes for login interception.

¶ Stage codes for general resource checks.

¶ Stage codes for _default checks.

¶ Special codes used for the SURROGATE class.

¶ Codes used for the INET class.

¶ Codes used for the PROGRAM class.

¶ Codes that specify the reasons a log record was created.

¶ Codes that specify the reason the watchdog daemon logged anuntrust operation.

¶ Return codes of the password quality checking mechanism.

¶ Codes received after performing a TACF command.

Stage Codes for Login Interception0 Account was disabled or reenabled by serevu.

1 Fetching TACF global flags.

2 Fetching user record.

5


5.TA

CF

Statu

sC

od

es

3 Checking user’s authority to log in from the currentterminal.

4 Checking user’s SHIFT record.

5 Checking whether user was suspended.

6 Checking whether user’s record has expired.

7 Checking user’s day and time restrictions.

8 Checking validity of user’s password.

9 Checking user’s grace login setting.

10 Found that user’s password expired and no gracelogins remain.

11 Building the user’s accessor environment element(ACEE).

12 Checking the number of days since user last loggedin.

13 Checking whether user has exceeded maximumlogins setting.

49 The user’s ACEE was deleted, creating a logoutaudit record.

Stage Codes for General Resource Checks50 Checking resource’s security label.

51 Checking resource’s security level.

52 Checking resource’s security category.

53 Checking resource’s day and time restriction settings.

54 Checking whether current user is resource’s owner.

55 Checking user’s entry in resource’s access control list(ACL).

56 Checking user’s entry in ACL of resource’s resource group.

57 Checking entry for user’s group in resource’s ACL.

Stage Codes for Login Interception

370 Version 3.7

58 Checking entry for user’s group in resource’s resource groupACL.

59 Checking resource’s universal access authority (UACC)entry.

60 Checking UACC of resource’s resource group.

61 Checking whether user has operator authority over theresource.

62 Checking record representing resource’s class in the UACCclass.

63 Checking resource’s program conditional access entries(PACL).

64 Checking whether an asterisk (*) exists in resource’s ACL.

69 No check permitted the user access to the resource.

200 Class checking is not active for the resource’s class.

201 Loading the user information.

202 Resource in warning mode.

Stage Codes for _default Checks1050 Checking resource’s security label.

1051 Checking resource’s security level.

1052 Checking resource’s security category.

1053 Checking resource’s day and time restriction settings.

1054 Checking whether current user is resource’s owner.

1055 Checking user’s entry in resource’s ACL.

1056 Checking user’s entry in ACL of resource’s resourcegroup.

1057 Checking entry for user’s group in resource’s ACL.

1058 Checking entry for user’s group in resource’sresource group ACL.

Stage Codes for General Resource


5.TA

CF

Statu

sC

od

es

1059 Checking resource’s universal access authority(UACC) entry.

1060 Checking UACC of resource’s resource group.

1061 Checking whether user has operator authority overthe resource.

1062 Checking record representing resource’s class in theUACC class.

1063 Checking resource’s program conditional accessentries (PACL).

1064 Checking whether an asterisk (*) exists in resource’sACL.

1069 No check permitted the user access to the resource.

1200 Class checking is not active for the resource’s class.

1201 Loading the user information.

1202 Resource in warning mode.

1250 Executing an untrusted program.

Class SURROGATE Codes100 Fetching TACF settings for the SURROGATE class.

101 Fetching user record.

102 Checking whether user is permitted to executerequested su command.

Class INET Codes150 Checking class table.

151 Checking whether client is valid.

152 Searching for service information.

153 Checking ACL of record in HOST class.

154 Fetching a network rule.

Stage Codes for _default Checks

372 Version 3.7

155 Checking whether an asterisk (*) is specified in ACLof HOSTNET record.

156 Checking HOST entry in INETACL.

157 Checking HOST record in UACC class.

158 Client is untrusted.

159 Checking service range in ACL of HOST record.

160 Checking host group (GHOST) record.

161 Checking HOSTNET record.

162 Checking HOSTNP record.

163 No rule exists to grant the requested access.

164 Checking GHOST entry in INETACL.

165 Checking service range in ACL of GHOST record.

166 Checking whether an asterisk (*) is specified in ACLof GHOST record.

167 Checking ACL in HOSTNET record.

168 Checking service range specified in HOSTNETACL.

169 Checking whether an asterisk (*) is specified in ACLof HOSTNET record.

170 Checking ACL of HOSTNP record.

171 Checking service range in ACL of HOSTNP record.

172 Checking whether an asterisk (*) is specified in ACLof HOSTNP record.

173 Checking the host’s day and time restrictions.

174 Checking the GHOST day and time restrictions.

175 Checking the HOSTNET day and time restrictions.

176 Checking the HOSTNP day and time restrictions.

177 Checking the _default day and time restrictions.

Class INET Codes


5.TA

CF

Statu

sC

od

es

178 Checking the _default service ACL.

179 Checking the _default service range.

180 Checking the _default service /*/.

Class PROGRAM Codes250 User is trying to execute an untrusted program.

251 Access was denied because of the parameters in the utilitysesudo.

252 A relative path was specified by a user in the _abspathgroup.

Reason Codes That Specify Why a Log Record WasCreated

0 No request for LOG the operation.

1 User logged in outside shift with LOGSHIFTproperty.

2 The audit record was created because of the user’saudit mode setting.

3 The audit record was created because of theresource’s audit mode setting.

4 The audit record was created because the resource’swarning property is set.

5 The audit record was created by the serevu utility.

6 The audit record was created by the TACF NetworkAttack Protection (NAP) function.

10 An explicit request to log the operation wasreceived.

400 _default service in class TCP.

401 Class UACC of TCP services.

402 Day and time restrictions on TCP service.

Class INET Codes

374 Version 3.7

403 ACL read stage of TCP service.

404 HOST entry in TCP service ACL.

405 GHOST entry in TCP service ACL.

406 HOSTNET entry in TCP service ACL.

407 HOSTNP entry in TCP service ACL.

408 Default access of TCP service.

Watchdog Untrust Logging Reasons0 A general error occurred during watchdog file

checking.

1 The status information of PROGRAM or SECFILEwas changed.

2 The AIX extended information of PROGRAM orSECFILE changed.

3 The AIX ACL of PROGRAM or SECFILE changed.

4 The CRC check (cycle redundancy check) ofPROGRAM or SECFILE changed.

5 Cannot read the status of PROGRAM or SECFILE.

6 The SNEFRU signature of PROGRAM or SECFILEchanged.

7 MD5 signature of PROGRAM or SECFILE changed.

Password Quality Return Codes0 Password quality verified.

1 Password too short.

2 Password contains user name.

3 Too few lowercase letters in password.

4 Too few capital letters in password.

5 Too few numeric characters in password.

Reason Codes


5.TA

CF

Statu

sC

od

es

6 Too few other characters in password.

7 Too many repetitions of same character in password.

8 Same as current password.

9 Same password as one of old ones in password history.

10 Too few alphabetic characters in password.

11 Too few alphanumeric characters in password.

12 Insufficient time has passed since the last password change.

20 Passwords do not match.

100 Bad arguments.

Codes Received After Performing a TACF Command300 Failure: User is undefined to TACF.

301 1. Failure: Tried to delete the last ADMIN user fromthe database; or

2. Failure: Tried to remove the ADMIN attributefrom the only user with the ADMIN attribute.

302 Failure: Tried to delete the user root.

303 Failure: Tried to change your own password. Youcan only change your password with the utilitysepass.

304 1. Failure: A user who does not have the AUDITORattribute tried to change the audit mode of a record;or

2. Success: A user with the AUDITOR attributechanged the audit mode of a record.

305 Success: Operation permitted because the user hasthe ADMIN attribute.

306 Success: A user displayed the properties of the user’sown record.

Password Quality Return Codes

376 Version 3.7

307 Failure: One user tried to assign security categoriesto a second user that the first user does not have.

308 Failure: One user tried to assign security labels to asecond user that the first user does not have.

309 Failure: One user tried to assign a security level to asecond user that is greater than the security level ofthe first user.

310 Failure: A user without the ADMIN attribute tried toset one of the administrative attributes (ADMIN,OPERATOR, AUDITOR, PWMANAGER,SERVER).

311 Success: An owner of a record can perform thisoperation.

312 Success: The UNIX owner of a file defined it toTACF (permitted because the tokenuse_unix_file_owner in the lang section of theseos.ini file is set to yes.)

313 Success: A user with the GROUP-ADMIN attributechanged a record within the group scope.

314 Success: A user with the GROUP-ADMIN attributeconnected a user to a group.

315 Success: A user with the GROUP-AUDIT orGROUP-ADMIN attribute displayed the attributes ofthe group in which the user is a GROUP-AUDIT orGROUP-ADMIN.

316 Success: A user with the AUDITOR attributedisplayed data from database records.

317 Success: A user with the OPERATOR attributedisplayed data from database records.

318 Success: A user with the GROUP-AUDIT attributedisplayed data from database records within thegroup scope.

Codes Received After Performing a TACF Command


5.TA

CF

Statu

sC

od

es

319 Success: A user with the GROUP-OPERATORattribute displayed data from database records in thegroup scope.

320 Success: A user in the access control list (ACL) of arecord in class ADMIN performed this operation.

321 Success: A user with the PWMANAGER attributechanged a password or the attributes of a password(such as the number of grace logins).

322 Failure: There is no rule allowing this operation.

323 Failure: A user without the ADMIN attribute tried tochange UNIX file attributes.

324 Success: A user changed a user’s own password withsepass.

Codes Received After Performing a TACF Command

378 Version 3.7

TACF Trace Messages

This chapter provides a detailed description of the TACF tracemessages.

ConventionsAll messages begin with a date and time prefix followed by an eventtype word in uppercase letters and a symbol such as :, !, or >. Thefollowing table explains the meaning of the symbols:

Symbol Meaning

: TACF was signaled for an event or took an action.

> TACF made an authorization decision resulting in D(Deny), P, (Permit), or BYPASS. BYPASS indicatesthat the event did not require the interpretation of anaccess rule; for example, a setuid request to thesame user ID as the current user ID.

The result may sometimes be C (Check). This occursas a result of an error condition and indicates thatyou should contact your customer supportrepresentative.

! TACF detected an error; for example, a request froman unknown process.

6


6.TA

CF

TraceM

essages

MessagesThe symbol described in the previous section is followed by theevent arguments described in this section.

ACTION : TACF killed P=ppp

TACF denied a setuid or login request and killed the requestingprocess (ppp) as a precautionary measure.

ALARM ! Uid uuu breached the system!!!

An unknown process made a request such as fork, exec, or setuid.The process is unknown to TACF and, in addition, the user IDassigned to the process is not assigned to any other process in thesystem, implying that this user logged in without TACF beingnotified. This situation could occur as a result of a software bug or ifthe user logged in immediately after TACF scanned the currentprocess status but before completing initialization.

APIAUTH ! P=ppp U=uuu ChangePasswd(user) Error 0xerr

Process ppp associated with user uuu, wants to change the passwordof user “user.” The result of this request was an error with its codespecified in hexadecimal notation. Use the utility semsgtool todetermine the nature of the error.

APIAUTH ! P=ppp U=uuu CheckPasswd(user) Error 0xerr

Process ppp associated with user uuu, wants to check the validity ofa new password for user “user.” The result of this request was anerror with its code specified in hexadecimal notation. Use the utilitysemsgtool to determine the nature of the error.

APIAUTH ! P=ppp U=uuu Error, Unknown API Service nnn

Process ppp used the application programming interface and passed aservice code that is not supported by the TACF applicationprogramming interface. This situation is probably a result of user

Messages

380 Version 3.7

error. Check the cause of the error, correct the source, and recompileit. If you cannot determine the cause of the problem, contact yourcustomer support representative.

APIAUTH ! P=ppp U=uuu GeneralResourceProc Errornnn->description

Process ppp working under user ID uuu issued a request to access ageneral resource; however, the specified resource could not beresolved. Either the specified class is not defined or the specifiedaccess is not known. This situation is probably a result of user error.Check the code, correct it, and recompile. If you cannot determinethe cause of the problem, contact your customer supportrepresentative.

APIAUTH ! P=ppp U=uuu in VerifyCreate only for ROOT

Process ppp working under user ID uuu issued a VerifyCreaterequest to build an accessor environment element (ACEE). Thisoperation is permitted only to multiuser processes that are associatedwith user ID 0 (root). If the specified process is to run as amultiuser process, rerun the process under root authorities. If not,determine why the process issued the request.

APIAUTH : P=ppp U=uuu in VerifyDelete only for ROOT

Process ppp working under user ID uuu issued a VerifyDeleterequest to remove an ACEE. This operation is allowed only tomultiuser processes that are associated with user ID 0 (root). If thespecified process is supposed to run as a multiuser process, rerun itunder root authorities. If not, determine why the request was issued.

APIAUTH ! P=ppp U=uuu LoginProc Error nnn ->description

Process ppp working under user ID uuu requested to verify a user’slogin. The TACF login verification procedure failed. Contact yourcustomer support representative.

Messages


6.TA

CF

TraceM

essages

APIAUTH ! P=ppp U=uuu NULL ACEE Error VerifyCreate(ACEEH=hhh)

A request was made by a user process marked as “server” to createan accessor environment element, or ACEE, probably as the serverprocess was handling signon for an accessor. The result is a NULLACEE due to one of the following reasons:

¶ The specified user is not defined in the TACF database.

¶ The issuer of the VerifyCreate request did not provide all theinformation correctly.

¶ The specified user is not allowed to log in.

APIAUTH ! P=ppp U=uuu NULL ACEE Error VerifyDelete(ACEEH=hhh)

Process ppp associated with user uuu, and which is probably markedas a “server” process, has requested to delete the ACEE handle hhh(probably as part of handling the user’s signoff). However, there isno ACEE associated with this handle and therefore TACF could notdelete it.

APIAUTH : P=ppp U=uuu Request with ACEEH=–1 -> NewACEEH=hhh

Process ppp working under user ID uuu requested access to ageneral resource and supplied an ACEE handle of –1. Therefore,TACF used the ACEE handle associated with the requesting process.This message is typical of single user processes that request accessto a resource. No action is required.

APIAUTH ! P=ppp U=uuu VerifyCreate(ACEEH=hhh) Error nnn

Process ppp working under user ID uuu issued a request toVerifyCreate (to build an ACEE). The VerifyCreate procedurefailed. Contact your customer support representative.

APIAUTH > P=ppp U=uuu VerifyCreate DENY (Result=[P | D |C]) string

Messages

382 Version 3.7

The VerifyCreate request was denied for one of the followingreasons:

¶ The specified user cannot log in due to time or day rules.

¶ The user cannot work from the specified terminal.

¶ The specified password (if supplied) is incorrect.

¶ One of the reasons described in the messages that follow.

APIAUTH > P=ppp U=uuu VerifyCreate OK (ACEEH=hhh)!

The VerifyCreate request was granted. An accessor environmentelement (ACEE) was built in storage. TACF returned an ACEEhandle (ACEEH) to the calling program. If the specified user is notdefined to TACF, the function returned an ACEEH of –1.

APIAUTH ! P=ppp U=uuu VerifyDelete(ACEEH=hhh) [OK |Error 0xerr]

Process ppp associated with user uuu, which is probably marked as a“server” process, has requested the deletion of the ACEE handle hhh(probably as part of handling the user’s signoff). The result of theVerifyDelete request is either OK or error; if the latter, the errorcode is displayed in hexadecimal notation as err. Use the utilitysemsgtool to determine the nature of the error.

APIAUTH > P=ppp U=uuu VerifyRequest(ACEEH=hhh, C=ccc,R=rrr, A=nnn) DENY (Result=’D’) Why ? detailed-denial-reason

The request to access resource rrr of class ccc with access xxx wasdenied. If the ACEEH is –1, the denial was based onuniversal-access rules. If the ACEEH is not –1, the denial was basedon the user associated with the specified handle. Thedetailed-denial-reason provides the reason for the denial.

APIAUTH > P=ppp U=uuu VerifyRequest(ACEEH=hhh, C=cccR=rrr, A=xxx) PASS

Messages


6.TA

CF

TraceM

essages

The request to access a resource rrr of class ccc with access xxx wasgranted. If the ACEEH is –1 (the user is not defined to TACF), thepermission to access the resource was based on universal-accessrules. If the ACEEH is not –1, the permission was based on accessrules relating to the user associated with the specified handle.

CONNECT : P=ppp U=uuu ACEEH=hhh from ipip:port1 tosocket 6000 host=iiii

A request to open a window on host iiii (X-Terminal or station) wasmade by process ppp associated with user ID uuu.

Note: The port number is always 6000; all other TCP/IP connectrequests are ignored by TACF.

CONNECT > P=ppp U=uuu from ipip:port1 to socket 6000host=iiii BYPASS

TACF bypassed the CONNECT request without interpreting accessrules, because the program executing in process ppp is the registeredXDM program.

CONNECT > Result: [P | D | C] P=ppp ACEEH=hhhTERM=tttWhy ? detailed-decision-text

The CONNECT result is D (deny), P (permit), or C (check). Thedetailed-decision-text provides a reason for the decision. If the resultis C, it means TACF did not make a decision. Contact yourcustomer support representative.

ERROR ! Cannot fork. Errno nnn.

During initialization, TACF forks a few times to become a daemon.The fork request failed with the specified error number. If youcannot determine the cause of the problem, contact your customersupport representative.

ERROR ! Exec of TACF agent failed ddd

Messages

384 Version 3.7

This message indicates that the TACF daemon (seosd) could notstart up seagent, the TACF agent daemon. Check that the seagentexecutable is located in the right place, usually/usr/seos/bin/seagent. If this file exists in the correct location, reportthe problem to the TACF technical staff. In the message text ddd isthe error number that TACF received from the operating systemwhen trying to execute the agent.

ERROR ! Failed to get memory for LOGIN programs ERROR !Failed to get memory for NFS devices ERROR ! Failed to getmemory for PRIV programs ERROR ! Failed to get memory forXDM programs

The previous messages imply a severe shortage of memory. Eitheryour computer does not meet the minimum memory requirements torun TACF or there is a software bug. Contact your customer supportrepresentative.

ERROR ! Failed to get memory for PROC table

When the TACF daemon (seosd) starts up, it has to scan all therunning processes to resolve all required information on eachrunning process. The TACF daemon has failed to allocate memoryfor this purpose; therefore it terminates execution. This is caused bya severe memory shortage.

ERROR ! Failed to register login pgm: program-name

During startup, TACF registers all executable files that are to betreated as login programs. The list of login programs is defined inthe TACF code for each operating system environment. You canoverride the list of login programs using the loginpgms.init file. Thespecified program-name could not be located on the file systemduring TACF startup. The program is ignored and startup continues.

ERROR ! Failed to register privileged pgm: program-name

During startup, TACF registers all executable files that are to betreated as privileged programs. The list of privileged programs is

Messages


6.TA

CF

TraceM

essages

defined in the TACF code for each operating system environment.You can override the list of privileged programs by using theprivpgms.init file. The specified program-name could not be locatedon the file system during TACF startup. Startup continues and TACFignores the program.

ERROR ! Failed to register XDM pgm: program-name

During startup, TACF registers all executable files that are to betreated as XDM programs. The list of XDM programs is defined inthe TACF code for each operating system environment. You canoverride the list of XDM programs using the xdmpgms.init file. Thespecified program-name could not be located on the file systemduring TACF startup. Startup continues and TACF ignores thisprogram.

ERROR : No Memory for FileDb List

During startup, the TACF daemon (seosd) could not allocate memoryto hold the list of TACF protected files. This is probably due to asevere shortage of memory. The TACF daemon is terminated.

ERROR ! No Memory for GroupDb List ERROR ! No Memoryfor HostDb List ERROR ! No Memory for ServDb List ERROR! No Memory for UserDb List

These messages imply a severe shortage of memory. Either yourcomputer does not have the minimum memory required to run TACFor there is a software bug. Contact your customer supportrepresentative.

ERROR ! Pre-Mature-Exec Assuming FORK Child=pppParent=PPP

This message indicates that an EXEC system call was issued byprocess ID (ppp) and this process ID is not known to seosd, themain TACF daemon. Usually such messages indicate that seosd wasnot yet informed of the FORK system call that preceded the EXECrequest. It may indicate a problem in the serialization locks that the

Messages

386 Version 3.7

TACF extension to the UNIX kernel should maintain. If the ppp inthe message text is the process ID of the TACF agent, you canignore the message. If you get the message more than once, reportthe problem to your customer support representative.

ERROR ! P=ppp Exec Failed

TACF received an EXEC event but the executable’s i-node numberwas 0. This message occurs when invoking a script file that does notcontain the #! shell-program declaration line at the beginning. Noaction is necessary.

ERROR ! TACF file table set failed

The TACF daemon (seosd) has tried to set the file table (a table withall TACF-protected files); however, the TACF extension to the UNIXkernel has refused this request. This is most likely caused byinsufficient memory in the kernel or different versions of the TACFdaemon and the TACF extension to the UNIX kernel(SEOS_syscall). TACF file protection cannot continue to functionproperly. If you can, resolve the version mismatch. If everythinglooks correct, report the problem to your customer supportrepresentative.

ERROR ! seosini_ShutDown rv=error-no

TACF has encountered an error during shutdown. Report the error toyour customer support representative.

ERROR ! String too general ’path’

An attempt was made to define a generic rule for file protection,probably through a newfile or newres command. However, thespecified path cannot be a generic file access rule. The file rule isnot defined.

ERROR ! Unknown request: Type:ttt Pid=ppp, Buff=bbb

Messages


6.TA

CF

TraceM

essages

TACF received a request from its system call, but the request type tttis not recognizable. This could be due to a software versionmismatch between the TACF system call and the TACF daemon(seosd), or as a result of a software error. The request came fromprocess ppp, and bbb is a printout of the request buffer. Report theproblem to your customer support representative.

EXEC : P=ppp U=uuu G=ggg (D=ddd I=iii) Pgm:Program-Name[Attached to: ip-address]

TACF received a program execution event from process pppassociated with user ID uuu and group ID ggg. (A ggg value of –1indicates that TACF has not yet registered the group ID of thatprocess.) In the message text, ddd and iii are the file’s devicenumber and i-node. Program-Name is the zero argument used wheninvoking the program. The specified program is a regular program(non-setuid or setgid); therefore, TACF will grant its executionwithout invoking the database access rule decision mechanism. If theip-address to which the process is attached is extractable, TACFreports this in the message text.

EXECsg : P=ppp U=uuu G=ggg (D=ddd I=iii) Pgm:Program-Name[Attached to: ip-address]

TACF received a program execution event from process pppassociated with user ID uuu and group ID ggg. (A ggg value of –1means TACF has not yet registered the group ID of that process.) Inthe message text, ddd and iii are the file’s device number and i-node.Program-Name is the zero argument used when invoking theprogram. The specified program is a setgid program; TACF willdecide whether to grant its execution by invoking the databaseaccess rule decision mechanism. If the ip-address to which theprocess is attached is extractable, TACF reports this in the messagetext.

EXECsu : P=ppp U=uuu G=ggg (D=ddd I=iii) Pgm:Program-Name[Attached to: ip-address]

Messages

388 Version 3.7

TACF received a program execution event from process pppassociated with user ID uuu and group ID ggg. (A ggg value of –1means TACF has not yet registered the group ID of that process.) Inthe message text, ddd and iii are the file’s device number and i-node.Program-Name is the zero argument used when invoking theprogram. The specified program is a setuid program; TACF willdecide whether to grant its execution by invoking the databaseaccess rule decision mechanism. If the ip-address to which theprocess is attached is extractable, TACF reports this in the messagetext.

EXECsusg : P=ppp U=uuu G=ggg (D=ddd I=iii)Pgm:Program-Name [Attached to: ip-address]

TACF received a program execution event from process pppassociated with user ID uuu and group ID ggg (A ggg value of –1means TACF has not yet registered the group ID of that process). Inthe message text, ddd and iii are the file’s device number and i-node.Program-Name is the zero argument used when invoking theprogram. The specified program is a setuid or setgid program;TACF will decide whether to grant its execution by invoking thedatabase access rule decision mechanism. If the ip-address to whichthe process is attached is extractable, TACF reports this in themessage text.

EXEC > P=ppp U=uuu (R=rrr E=eee S=sss) to (E=EEE) BYPASS

Although the program is setuid, setgid, or both, and its executionshould have invoked the access rule decision mechanism, TACFbypassed this check since the owner of the file EEE is the same asthe current effective user ID (eee). The program execution cannotchange the scope of the process’ privileges. If the program is definedin the database as a trusted program and was modified or otherwisetampered with, program execution will not be granted.

EXEC > Result: ’R’ [stage=sss gstag=ggg ACEEH=hhh rv=rc]Why? detailed-decision-text

Messages


6.TA

CF

TraceM

essages

TACF checked the authority of the user to execute the program andthe result ’R’, where R is either D (deny), P (permit), or C (check).The stage sss and the granting-stage ggg indicate which phase of thedecision flow determined the result. The accessor environmentelement (ACEE) handle hhh was used as the accessor to theprogram. If the result is C, it means TACF did not make a decision,probably because of a software error. Contact your customer supportrepresentative and supply the return value rc. Thedetailed-decision-text is a verbal description of the stage andgranting-stage. If the result is P, the program will be executedsuccessfully. If the result is D, the program will not be executed andthe user will get a permission denied message.

EXECARGS : ’execution arguments’

As a result of an EXEC system call, TACF displays the executedcommand line with all the arguments passed to it.

EXIT : Going down...

TACF started the shutdown process and has disabled the interceptionof system calls.

FATAL ! in seosrt_InitDatabase (nnn) Layer = nnn Stage = nnnReturn Code = 0xnnn

TACF could not initialize the database I/O routines. Possible reasonsare as follows:

¶ There is no TACF database in the directory identified by thedbdir= token in the seos.ini file.

¶ The user invoking TACF is not root.

¶ The database is corrupt.

If you cannot correct the problem, contact your customer supportrepresentative.

FILE : P=ppp U=uuu (D=dev I=inode) acc : pathname

Messages

390 Version 3.7

An attempt to access a TACF-protected file was made by processppp that is associated with user ID uuu. In the message text, dev andinode are the device and i-node of the file being accessed, acc is theaccess mode (for example, READ or WRITE) and pathname is thepath name of the file being accessed.

FILE > Result ’D’ TACF File Only ’filename’

The result of the file access request is D (deny) because this file canonly be accessed by TACF itself. Even if the access rules permitaccess, TACF is hardcoded to deny access to this file.

FILE > Result: ’R’ [stage=sss gstag=gs ACEEH=hhh rv=rv](profile) Why? detailed-reason-text

In the result ’R’ of the file access request, R is either D (deny) or P(permit). The stage sss and granting stage gs are mapped to atext-string reason. In the message text, hhh is the accessor handleassociated with the accessor of the request and profile is the name ofthe access rule profile that triggered the decision to deny or permitaccess.

FORK : P=ppp U=uuu G=ggg Child=cppp Pgm:Program-Name

TACF intercepted a fork request made by process ppp associatedwith user ID uuu and group ID ggg. The child process ID is cppp.The program running in the parent process (and initially also in thechild process) is Program-Name. TACF never denies a fork request;it is always granted. Variations of the fork system call such as vforkand kfork are also reported as fork requests.

GPEERNAM : P=ppp, ADDR=addr, N=desc

TACF intercepted the getpeername() system call to verify which IPaddress is associated with the current process. This system call isalways granted. In the message text, ppp is the process ID issuingthe getpeername() call and addr is the IP address associated withthe socket descriptor desc.

Messages


6.TA

CF

TraceM

essages

INET : P=ppp, from ip-address:local-port to port port-number

TACF intercepted an incoming Internet accept request that wasissued by the remote ip-address requesting the TCP/IP serviceport-number.

INET > Result: ’R’ ip-addr->locport, stg=stage gtsg=gstageWHY ?detailed-reason-text

The result of the Internet request is ’R’, where R is P (permit) or D(deny). In the message text, ip_addr is the IP address of the request.The detailed-reason-text is the description that indicates which stageand granting stage phase of the decision flow made the final decisionto permit or deny the TCP/IP service for the requesting host.

INFO : Auto-Disabling Trace due to tight fs-space (space)

The trace facility automatically disables itself when the amount offree space left in the file system where the trace file resides goesbelow the threshold specified by the trace_space_saver token in theseos.ini file. In the message text, space is the amount of free spaceleft on the file system.

INFO : Can’t fetch fs freespace (errno=err)

The Auto-Disable feature of the trace facility could not determine theamount of free space in the file system. In the message text, err isthe error integer received from the UNIX statfs() call. Report theproblem to your customer support representative.

INFO : DB Query

The TACF daemon (seosd) received a request to extract informationfrom the database.

INFO : DB Request

The TACF daemon (seosd) received a request to modify (or query)data in the TACF database.

Messages

392 Version 3.7

INFO : Filter Mask: ’mask’ is registered

Each filter mask that is read from the trcfilter.init file is registeredby the TACF daemon (seosd) so that messages matching the maskwill not be sent to the trace file.

INFO : GroupList Registered with nnn entries

When the TACF daemon (seosd) runs under the NIS server, it cachesall group entries (from /etc/group and NIS maps) at startup so thatthe TACF daemon can solve group ID to group name translationswithout invoking ypserv processes and TCP/IP requests. Thismessage also indicates that the under_NIS_server token in seos.iniis set to YES. If the station where TACF is running is not the NISserver, set under_NIS_server token to NO in seos.ini. In themessage text, nnn is the number of group entries that were cached.

INFO : HostList Registered with nnn entries

The TACF daemon (seosd) caches all entries from /etc/hosts atstartup. In the message text, nnn is the number of host entries thatwere cached.

INFO : Login program: program-name is registered

The TACF daemon (seosd) must recognize all the programs throughwhich users log in to the system. A setuid system call invoked by alogin program is considered as a login request and not as a setuidrequest. In the message text, program-name is the full path of thelogin program that was registered. The names of the login programsare taken internally from the TACF startup code or, if theloginpgms.init file exists, from the file. Note that loginpgms.initeither adds login programs to the internal list or overrides theinternal list, depending on its contents. For more information, see″loginpgms.init″ below .

INFO : NFS Device Majors Registered, nnn entries

Messages


6.TA

CF

TraceM

essages

The TACF watchdog (seoswd) checks for trusted programs,including checking the device number on which the file resides. Thischeck can lead to errors if the file resides on an NFS mounted filesystem, especially auto-mounted file systems, for which devicenumbers can have a different value after boot. For this reason, TACFregisters the major device numbers of NFS file systems to be able toignore the nonstable minor device number. TACF has a list of majordevice numbers for NFS mounted file systems in each environment.If your installation uses a network mounted file system that is notrecognized by TACF, contact your customer support representativefor instructions on how to add major device numbers to the list. Inthe message text, nnn is the number of major device numbers thatwere registered as NFS mounted file systems.

INFO : P=ppp ended

Process ppp ended. The TACF daemon (seosd) disassociates thisprocess number from its ACEE (accessor environment element). Ifthe process ppp was the last process associated with its ACEE (thereare no more subprocesses or parent-processes that use the sameenvironment), the ACEE is removed from storage. This message isnot issued immediately after the process has terminated; it is issuedonly when TACF performs some “garbage collection” to reuseprocess entries in its internal tables.

INFO : P=ppp Exec Failed

This message indicates that the process ppp has failed to execute thelast EXEC system call, because the UNIX operating system hasrefused this request (after TACF has granted the execution). As aresult, TACF restores the value of the former executable that wasassociated with this process, as the program running under thisprocess ID. In most cases, the process will terminate. This is notnecessarily an error of any sort and no special action isrecommended. The reason that execution failed should be isolated byUNIX tools. In most cases the reason will be a shell script that doesnot have the #!/bin/sh header on the first line.

INFO : P=ppp Unknown TTY type type-name

Messages

394 Version 3.7

The TACF daemon (seosd) could not determine if the process ppp isusing a real TTY or a pseudo TTY. Contact your customer supportrepresentative.

INFO : Privileged program: program-name is registered

The TACF daemon (seosd) registers a few privileged programs. Suchprograms are allowed to setuid to any user without checking theSURROGATE class. Currently, only /bin/sendmail can be made aprivileged program due to its flow requirements. You must keep thislist as small as possible and it is recommended that all privilegedprograms be monitored by the watchdog (seoswd) to make sure theyremain trusted. In the message text, program-name is the full path ofthe registered program. You can override the internal list ofprivileged programs through the privpgms.init file.

INFO : Restricted File Table set with nnn entries

During startup, the TACF daemon (seosd) found nnn entries forTACF protected files and successfully passed this list to the TACFextension of the UNIX kernel. This is an information-only message.

INFO : SEOS_syscall Un-Register rc=nnn

During shutdown, the TACF daemon (seosd) unregisters itself to thekernel so that it can be started up again. In the message text, nnn isthe return code, which should be zero. If the return code is not zero,report the problem to your customer support representative.

INFO : ServList Registered with nnn entries

The TACF daemon (seosd) caches all entries from /etc/services atstartup. In the message text, nnn is the number of host entries thatwere cached.

INFO : ServList registered with nnn portmapper entries

Messages


6.TA

CF

TraceM

essages

During startup of the TACF daemon (seosd), it registered nnnTCP/IP services that are resolved by the portmapper. This is aninformation-only message.

INFO : Set site

The TACF agent daemon, seagent, which is responsible forcommunication with other TACF stations, addressed the TACFdaemon (seosd) with a connection request from a remote station.

INFO : Setting PV C=ccc O=ooo P=ppp

The TACF watchdog (seoswd) set the value of property ppp inobject ooo of class ccc.

INFO : UserList Registered with nnn entries

When the TACF daemon (seosd) runs under the NIS server, it cachesall user entries (from /etc/passwd and NIS maps) at startup so thatthe TACF daemon can solve user ID to user name translationswithout invoking ypserv processes and TCP/IP requests. Thismessage also indicates the under_NIS_server token in seos.ini is setto YES. If the computer where TACF is running is not an NISserver, set under_NIS_server token to NO in seos.ini. In themessage text, nnn is the number of user entries that were cached.

INFO : XDM program: program-name is registered

The XDM programs are those programs that display the user ID andpassword box on X-Terminals. XDM programs run under superuserwho usually cannot open windows on X-Terminals. However, theXDM program must open a window on an X-Terminal to present abox with the user ID and password for the user to specify. TheTACF daemon (seosd) therefore bypasses terminal checking if theprogram issuing the CONNECT request is a registered XDMprogram. You may override the internal list of XDM programsthrough the xdmpgms.init file.

KILL : P=ppp U=uuu kill [ Process | All Except ] (nn): (proclist)

Messages

396 Version 3.7

Process ppp associated with user uuu has attempted to kill all theprocesses listed in proclist (or all the processes except the processesin the list). In the message text, nn is the number of target processes.

KILL > Result ’R’ [stage=sss gstag=gs rv=rr] ACEEH=hhh Why?detailed-reason-text

In the result ’R’ of the kill event, R is either D for denial or P forpermit. In the message text, sss, gs, and rr are the stage, grantingstage, and return values of the TACF decision routines and hhh isthe accessor handle associated with the kill event. Thedetailed-reason-text is a derivation of the stage and granting stagecodes.

LOGIN : P=ppp User=uuu Terminal=ttt

The TACF daemon (seosd) intercepted a login request from user uuuworking on terminal ttt under process number ppp. A Login Resultmessage should follow this message.

LOGIN > Result: ’R’ [stage=stage gstag=gstage rv=nnn]ACEEH=hhh [Why ? detailed-denial-reason]

In the result ’R’ of the login request, R is either P (permit) or D(deny). In the message text, stage and gstage are numbers indicatingthe phase in the TACF flow that made the decision to grant or denythe login request. If the login was permitted, hhh is the ACEEhandle that is now associated with the issuing process. If the loginwas denied, hhh is set to –1 and a detailed-denial-reason isdisplayed. If the reason relates to resource access (such as “no rulegranting access to resource”), the resource in question is the terminalfrom which the user issued the login request.

LOGIN > Result: ’D’ Login Disabled for ALL

The login request was denied since login is currently disabled for allusers.

LOGIN > Result: ’D’ Login Disabled for U=uuu

Messages


6.TA

CF

TraceM

essages

The login request was denied since login is currently disabled for thespecific user. The reason can possibly be that this user is alreadylogged in.

MESSAGE : string

A marker message is put into the trace file by console request.

NEWPASS : Set new password

The sepass program requested to set a new password for a user ID.

RESTART : DBSERV restarted by Watchdog (P=ppp)

The TACF daemon (seosd) has been restarted by the TACFwatchdog (seoswd). In the message text, ppp is the process ID of theTACF daemon.

SCONSOLE : Login Disabled For UID: uuu

The TACF console utility (secons) issued a request to disable loginrequests for the user ID uuu. From this point, login requests for thespecified user ID will be denied.

SCONSOLE : Login is already Disabled for U=uuu

The TACF console utility (secons) issued a request to disable loginrequests for the user ID uuu. However, login is already disabled forthis user ID.

SCONSOLE : Login is not Disabled for U=uuu

The TACF console utility (secons) issued a request to reenable loginfor the user ID uuu. However, login is already enabled for this userID.

SCONSOLE : Login Is Now Disabled

Messages

398 Version 3.7

The TACF console utility (secons) issued a request to disable loginfor all users. From this point on, login requests by any user will bedenied.

SCONSOLE : Login Is Now Enabled

The TACF console utility (secons) issued a request to reenable loginfor all users. From this point on, login requests will be allowed.

SCONSOLE : Login Re-Enabled for U=uuu

The TACF console utility (secons) issued a request to reenable loginfor a specified user. From this point on, login requests for thisspecific user will be allowed.

SCONSOLE : No more space in Disabled Logins Table

The TACF console utility (secons) issued a request to disable loginfor a particular user. However, the login disable table is full. Contactyour customer support representative.

SCONSOLE : U=uuu is not allowed for operation

A user without the OPERATIONS attribute tried to use one of thesecons switches that are not allowed for non-OPERATIONS users.

SCONSOLE : U=uuu is not allowed to disable login for U=uuu2

The user ID uuu tried to disable login for user uuu2 through theTACF console utility. However, only root and user uuu2 are allowedto disable login for uuu2.

SCONSOLE : U=uuu is not allowed to Re-enable login forU=uuu2

The user ID uuu tried to reenable login for user uuu2 through theTACF console utility. However, only root and uuu2 are allowed toreenable login for uuu2.

SETGRPS : P=ppp to grouplist

Messages


6.TA

CF

TraceM

essages

The process ppp issued the setgroups system call for the groupsspecified in grouplist.

SGID : P=ppp U=uuu G=ggg to GGG (GROUP.groupname)ACEEH=hhh D=devnum I=inode

Process ppp running with the authorities of user ID uuu and groupID ggg issued a setgid system call for the group ID GGG. TACFwill check the authority of that process using the SURROGATEclass and object GROUP.groupname, and hhh will be used as theaccessor handle for the request. In the message text, devnum andinode are the device and i-node of the issuing program. A SGIDResult message should follow this one.

SGID > P=ppp U=uuu (RG=rg EG=eg SG=sg) to (RG=trg EG=tegSG=tsg) () BYPASS

TACF granted the setgid request without checking anySURROGATE access rule. In the message text, ppp is the issuingprocess ID; iii is the user ID associated with this process; rg, eg, andsg are the real, effective, and saved group IDs of that process; trg,teg, and tsg are the target effective, real, and saved group IDs withwhich the setgid request was issued. The reason for the bypass isusually because the current real or saved group ID is the same as thetarget group ID and therefore the setgid request does not change thesecurity scope of the user.

SGID > Result: ’R’ [stage=stage gstag=gstage ACEEH=hhh]Why? detailed-reason-text

TACF checked the setgid request against a SURROGATE accessrule and the result is ’R’, where R is either P (permit) or D (deny).The decision was made on behalf of the accessor handle hhh. In themessage text, detailed-reason-text is the reason for the denial orgrant.

SHUTDOWN ! Request Denied. U=uuu not allowed toSHUTDOWN the Server

Messages

400 Version 3.7

The user ID uuu tried to shut down the TACF daemon (seosd) usingthe TACF console utility; however, this user’s profile does not havethe OPERATIONS attribute. The request was therefore denied.

SHUTDOWN : Server going down upon operator’s request

The TACF daemon (seosd) started shutting down following a requestfrom an authorized operator.

SHUTDOWN : Terminating TACF daemon daemon-name P=pppRV=nnn

TACF terminated its daemon ppp as part of its shutdown processing;TACF also brings down the watchdog (seoswd) and the TACF agent(seagent).

START-UP : TACF daemon PID=ppp

The TACF daemon (seosd) has been started; its process ID is ppp.

STREAMc : P=ppp Closes Stream Id=iii

Process ppp closed a stream with stream ID iii. TACF keeps track ofall stream-open and stream-close operations so it can verify whichprocess ID owns the stream when a TCP/IP request is made onbehalf of a certain stream ID.

STREAMo : P=ppp Opens Stream Id=iii

Process ppp opened a stream with stream ID iii. TACF keeps trackof all stream-open and stream-close operations to verify later, when aTCP/IP request is done on behalf of a certain stream ID, whichprocess ID owns the stream.

SUID > P=ppp U=uuu (R=r E=e S=s) to (R=tr E=te S=ts) (reason)BYPASS

TACF granted the setuid request without checking anySURROGATE access rule. In the message text, ppp is the issuingprocess ID; uuu is the user ID associated with this process; r, e, and

Messages


6.TA

CF

TraceM

essages

s are the real, effective, and saved user IDs of process ppp; tr, te,and ts are the target effective, real, and saved user IDs with whichthe setuid request was issued. The reason for the bypass is usuallybecause the current real or saved user ID is the same as the targetuser ID and therefore the setgid request does not change the securityscope of the user. Other possible reasons are that the programissuing the setuid system call is a privileged program (in which casereason is For Priv) or that the issuing program is a login programthat switches user IDs several times before and after the actual login,in which case reason is specified as For Login.

SUID : P=ppp U=uuu (R=r E=e S=s) to USER.username (R=trE=te S=ts) D=devnum I=inode

Process ppp running with the authorities of user ID uuu issued asetuid system call to change the current real, effective, or saved userID to user ID GGG. TACF will check the authority of process pppusing the SURROGATE class and object USER.username; hhh willbe used as the accessor’s handle for that request. In the messagetext, devnum and inode are the device number and i-node of theissuing program. An SGID Result message should follow this one.

SUID > Result: ’R’ [stage=stage gstag=gstage ACEEH=hhh rv=rv]Why? detailed-reason-text

TACF checked the setuid request against a SURROGATE accessrule and the result is ’R’, where R is either P (permit) or D (deny).The decision was made on behalf of the accessor handle hhh. In themessage text, detailed-reason-text is the reason for the denial orgrant.

VERPASS : Verify password

TACF received a request to verify password validity for a user.

WAKE_UP : Server going up

The TACF daemon (seosd) has started to initialize.

Messages

402 Version 3.7

WARNING : Associate P=ppp ACEEH=hhh

TACF performs an association between a process and an accessorhandle (ACEEH) for any fork request. This message indicates thatthe association could not be performed, either because the handlehhh is –1 or because hhh is not a valid accessor handle. In the lattercase, contact your customer support representative.

WARNING : Can’t verify P=ppp

This message follows an Unknown P= message, which indicates afork request from a process that is not known to TACF was received.TACF tries to verify who the user that UNIX associates with thatprocess is. This verification task could not be completed. A possiblereason is that the process has already terminated. If this is not thecase, contact your customer support representative.

WARNING : DeAssociate P=ppp ACEEH=hhh

TACF performs a dissociation between a process and an accessorhandle (ACEEH) for any process that is terminated. This messageindicates that the dissociation could not be performed, either becausethe handle hhh is –1 or because hhh does not exist as a validaccessor handle. In the latter case, report the problem to yourcustomer support representative.

WARNING : ExecArg for entry with P=ppp not NULL

This warning is displayed when TACF finds a new process that wasnot known to the system and for which the executing program is notknown. In most cases, the message can be ignored. If the systemdoes not produce the expected results, contact your customer supportrepresentative.

WARNING : Failed to get ACEEH of P=ppp

TACF was requested to check the authority of process ppp but therewas no valid accessor handle for that process. In most cases thereason is that the user associated with the process is not a

Messages


6.TA

CF

TraceM

essages

TACF-defined user, or that the process is unknown to the TACFsystem. In both cases, TACF will give this process only universalaccess rights. If the system does not produce the expected results,contact your customer support representative.

WARNING : Login for P=0 ???

When this message appears during startup in systems other the AIX,it can be ignored. If it appears during normal work (after the TACFdaemon, seosd, has been started and is functioning) or if it appearsduring startup under AIX, it identifies a software error. Contact yourcustomer support representative.

WARNING : TACF failed to kill P=ppp reason=nnn

As a measure of caution TACF kills processes that try to obtainsensitive privileges that may create loopholes. Such events can beattempts to surrogate the user ID (setuid system call) with nopermission. TACF has tried to kill the violating process but failed todo so. The reason for the failure is detailed in the reason codereturned by the kill system call.

WARNING : Terminal for entry with P=ppp not NULL

This warning is displayed when TACF finds a new process that wasnot known to the system and for which the executing program is notknown. In most cases, the message can be ignored. If the systemdoes not produce the expected results, contact your customer supportrepresentative.

WARNING : Unknown P=ppp

This message indicates a fork request that was issued by a processnot known to TACF. If this message appears for the TACF watchdog(seoswd) or TACF agent process (seagent) during startup, it can beignored. At other times, it could imply a software error since TACFcannot verify the actual authority of that process. For the latter case,contact your customer support representative.

Messages

404 Version 3.7

WATCHDOG : Ask if I’m Here (AYT)

The TACF watchdog (seoswd) tried to verify that the TACF daemon(seosd) is alive; in other words, whether seosd is giving the expectedresponse. AYT in the message text is the watchdog “are you there”challenge. This message can and should be ignored; filter it outusing the trcfilter.init file. The message implies normal behavior ofthe watchdog daemon.

WATCHDOG : Init initialization-text

This is the TACF watchdog (seoswd) initialization message. It canbe ignored.

WATCHDOG : Log log-text

The TACF watchdog (seoswd) issued a log request. The log requestis detailed in log-text.

WATCHDOG : SecFile operation result

The TACF watchdog (seoswd) requested the daemon to extractinformation regarding secured files. In the message text, operationcan be GETFIRST or GETNEXT, and result can be OK if suchinformation was extracted or NOFOUND if there are no moresecured files in the TACF database. This message signifies normalbehavior of the watchdog to scan secured files.

WATCHDOG : Timer

The TACF watchdog (seoswd) issues a timer request every 3seconds or so (as set by the seos.ini file). This message can andshould be filtered out using the trcfileter.init file.

WATCHDOG : Trust Pgm: program-name [OK | NOTOK]

The TACF watchdog (seoswd) has marked the specified program asa trusted program. This implies that the specified program haspassed the digital signature tests. In the message text, OK means thetrust operation completed successfully and NOTOK means that the

Messages


6.TA

CF

TraceM

essages

watchdog has failed to mark the program as trusted. The reason forNOTOK is probably a corrupted database, in which case you shouldcontact your customer support representative.

WATCHDOG : Untrust Pgm: program-name [OK | NOTOK]

The TACF watchdog (seoswd) marked the specified program asuntrusted. This implies that the specified program did not pass thedigital signature checks of the watchdog. In the message text, OKmeans that the untrust operation has completed successfully andNOTOK means that the watchdog failed to mark the program asuntrusted. A possible reason for NOTOK can be a corrupteddatabase, in which case you should contact your customer supportrepresentative.

Messages

406 Version 3.7

The seos.ini File

This chapter provides a detailed description of the TACFinitialization file, seos.ini. The seos.ini file contains various setupand initialization tokens used by TACF. The tokens are grouped intosections, where each section contains the tokens for one utility,daemon, or other facility of TACF.

Use the seini utility to view current token values and to set values.

Note: The seos.ini file, as installed, is protected by TACF andcannot be updated while TACF is running. Enter thefollowing command to allow an authorized user to update thefile while TACF is running:TACF newres FILE /usr/seos/seos.ini owner(authUser)

This command establishes that authUser is the owner of thefile, and as the owner of the file, authUser can always updateit.

The seos.ini file, as defined by default in TACF, has READaccess because many utilities access this file during theirprocessing. If they cannot read the seos.ini file, they will fail.

The following table lists all the sections in the seos.ini file:

Section Description

daemons Specifies programs that seload is to run automatically.

7


7.T

he

seos.in

iF

ile

Section Description

lang Contains tokens that control the command definitionlanguage modules.

ldap Contains tokens that define location of the LDAP serverand LDAP server variables.

logmgr Contains tokens that control the TACF logging facility.

message Contains tokens that control the TACF message services.

passwd Defines the tokens of password replacement and other userrelated services.

segrace Contains the tokens that control the segrace utility-theutility that displays the number of grace logins left for auser, the number of days remaining until the user’s existingpassword expires, or the date and time the user last loggedon and from which terminal.

selogrd Contains tokens that control the TACF log routing daemon.

seos Contains global TACF tokens.

seosd Contains tokens that control the TACF authorizationdaemon.

seosdb Contains tokens that determine the behavior of the TACFauthorization daemon.

seoswd Contains tokens that control the TACF watchdog.

serevu Contains the tokens that control the serevu utility-theutility that disables the logins of users who have had aspecified number of failed logins during a specified periodof time.

sesu Contains tokens that control the sesu utility-the utility thatenables a user to substitute to another user withoutknowing the target user’s password.

sesudo Contains tokens that control the sesudo utility-the utilitythat assigns users selected selected authorities thatnormally belong to other users such as root.

The tokens for each section are described on the following pages.

The seos.ini File

408 Version 3.7

daemonsThe tokens of the daemons section specify whether the seload utilityexecutes the daemons. The daemons tokens are described in thefollowing table:

Token Meaning Default Value

program-name Either of two possibilities.

¶ The name of a daemon or other program, to bematched with a yes value (so seload will run theprogram with default parameters), a no value (soseload will not run the program), or a set ofparameters (so seload will run the program withthose parameters). For example:

to run serevu from the TACF installation directory(normally /usr/tacf/bin) with default parameters,enter:

serevu=yes

to refrain from running serevu (this is the same asusing no serevu token at all), enter:

serevu=no

to run serevu from the TACF installation directory(normally /usr/tacf/bin) with specified parameters,enter:

serevu=-f 3 -d 6m -t 1m -s 5m

¶ A dummy string, to be matched with the absolutepathname of a daemon or other program, followedoptionally by parameters, so seload will run theprogram accordingly. For example:

to run the serevu utility that resides in the/usr/tacf/alt directory, with the specified parameters,enter:

run_it=/usr/tacf/alt/serevu -f 3 -d \6m -t 1m

To include specifications for several programs, use thetoken once for each program.

no

Daemons


7.T

he

seos.in

iF

ile

ldapThe tokens of the ldap section, which contain the attributes used tolocate the LDAP server and input data, are described in thefollowing table:

Token Meaning Default value

base_entry The LDAP base entry. no default

host The host name of the LDAP server. no default

past The LDAP base directory. /usr/local/ldap

port The LDAP communication port. port 389

langThe tokens of the lang section specify the attributes used by theTACF command language program selang. The lang tokens aredescribed in the following table:


exits_dir The target directory for/usr/seos/lib/install_exits.sh.

/usr/seos/exits

exits_source_dir The source of the exits to be installed by/usr/seos/lib/install_exits.sh.

/usr/seos/samples/exists-src

exit_timeout The maximum time, in seconds, thatTACF allows the exit program toexecute. After this time has passed,TACF kills the exit program.

5 seconds

help_path The directory in which lang help filesare located.

/usr/seos/data/langhelp

logfile Whether each command is logged to afile. If yes, for each command entered,an entry is written in the log file.Specify no to omit writing log records.

yes

Daemons

410 Version 3.7


logfile_append Whether the new records are added to orwritten over the log file. If yes, newlines are appended to the existing logfile. If no, the lines generated by thesession are written over the previousentries, erasing the previous entries.

yes

logfile_group Determines which group owns the filelisted in the token logfile_name, andsets its user and group permissions toread and write. By default, only theowner of the file has read and writepermissions.

no default

logfile_name The name of the log file that is used iflogfile=yes.

./lang.log

post_group_exit The specified exit called after a groupcommand is executed in the UNIXenvironment.

/usr/seos/exits/lang_exit.sh

post_user_exit The specified exit called after a usercommand is executed in the UNIXenvironment.


pre_group_exit The specified exit called before a groupcommand is executed in the UNIXenvironment.

no default

pre_user_exit The specified exit called before a usercommand is executed in the UNIXenvironment.


query_size The maximum number of records to belisted in a database query.

100

timeout The maximum time, in seconds, to waitfor seosd to respond. If seosd does notrespond within this time period, an errormessage is sent noting that seosd is notresponding. The client stops trying toconnect to seosd.

90

lang Section


7.T

he

seos.in

iF

ile


use_unix_file_owner

Whether a UNIX owner of a file candefine the file to TACF. Valid values areyes and no. If the value is yes, an ownerof a file in UNIX can define it to TACF,using the newres or newfile command.If the file is already defined to TACF,the user cannot change its parameters inthe TACF database unless the user isallowed to do so according to the normalTACF authorization rules.

no

logmgrThe tokens of the logmgr section control the behavior of the TACFlogging facility. The logmgr tokens are described in the followingtable:


audit_back The name of the TACF audit backupfile. Only TACF can write to this file.Users can only have READ access tothis file.

/usr/seos/log/seos.audit.bak

lang Section

412 Version 3.7


audit_group The group that can read the audit files.If no group is specified, only root canread the audit files. TACF does notverify the value of this token; therefore,if you enter an invalid group name,TACF does not assign any grouppermissions to the audit log files. Tochange the group ownership of anexisting audit log file, do the following:

¶ Use the selang command chgrp toset the group ownership of the file.

¶ Change the UNIX permissions byentering:

chmod 640 /usr/seos \/log/seos.audit

none

audit_log The name of the TACF audit log file.When this file reaches the size specifiedin audit_size, TACF closes the file,renames it with the name in audit_back,and creates a new audit log. Only TACFcan write to this file. Users can onlyhave READ access to this file.

/usr/seos/log/seos.audit

audit_size The size, in KB, of the TACF audit logfile. Do not specify less than 50 KB.

1024

BackUp_Date The criteria by which the back up isdone. Five values are possible: none,yes, daily, weekly, and monthly. If thecriteria is yes, the backup is contingenton the size limit, and the date isappended to the backup filename.

None

error_back The name of the TACF error backupfile.

/usr/seos/log/seos.error.bak

logmgr Section


7.T

he

seos.in

iF

ile


error_group The group that can read the error logfiles. If no group is specified, only rootcan read the error log files. TACF doesnot verify the value of this token;therefore, if you enter an invalid groupname, TACF does not assign any grouppermissions to the error log files. Tochange the group ownership of anexisting error log file, do the following:

¶ Use the selang command chgrp toset the group ownership of the file.

¶ Change the UNIX permissions byentering:

chmod 640 /usr/seos \/log/seos.audit

none

error_log The name of the TACF error log file.When this file reaches the size specifiedin error_size, TACF closes the file,renames it with the name in error_back,and creates a new error log. Only TACFcan write to this file.

/usr/seos/log/seos.error

error_size The size, in KB, of the TACF error logfile. Do not specify less than 50 KB.

50 KB

For more information, see the seaudit and seerlog utilitiesdocumentation.

messageThe token of the message section controls the behavior of the TACFmessage utility semsgtool. The message token is described in thefollowing table:

logmgr Section

414 Version 3.7


filename The name of the file from which messagesare taken.

/usr/seos/data/seos. msg

Most of the messages that appear in response to typed TACFcommands are taken from the file in the filename token.

pam_seosThe tokens of the pam_seos section, which help you more fullyexploit pam, are described in the following table:


call_segrace Automatically calls the TACF segraceutility. Set call_segrace to yes.

no

debug_mode_for_user Lets the user know the reason for logindenial. Set debug_mode_for_user toyes.

no

failed_login_file Provides the location of the failed loginaudit file pam_seos.

/usr/seor/log/pam_seos_failed_logins.log

serevu_use_pam_seos Instructs serevu to employ the pam_seoslogin failure log file. Setserevu_use_pam_seos to no

no

Note: You can use the pam_seos token for HP-UX Versions 11.00and later, as well as Solaris Versions 2.6 and 7.0.

passwdThe tokens of the passwd section control password replacement andother user-related services. The passwd tokens are described in thefollowing table:

message Section


7.T

he

seos.in

iF

ile


AllowableGidRange The integers below the first number andabove the second number are reserved groupIDs that TACF cannot update. If only oneinteger is specified, all integers between oneand the specified integer are reserved groupIDs.

100, 3000

AllowableUidRange The integers below the first number andabove the second number are reserved userIDs that TACF cannot update. If only oneinteger is specified, all integers between oneand the specified integer are reserved userIDs.

100, 3000

DefaultHome The default home directory of the system. Theuser’s home directory is a subdirectory of thespecified system home directory. For example,if the system home directory is /home, thenew user’s home directory is/home/userName. If specified, the value forthis token overrides the value in the client’slang.ini file.

/home

DefaultPasswdCmd The default password program. If specified,this password program is used when seosd isnot running. If this token is not set, sepasswill not allow the user to change his passwordwhen TACF is not running.

no default

DefaultPgroup The primary group TACF assigns to a newUNIX user, if no value is entered.

other

DefaultShell The default shell of new users. If specified,the value for this token overrides the value inthe client’s lang.ini file.

/bin/sh

Dictionary File that contains words that cannot be usedas passwords.

/usr/dict/words

nis_env Whether the local host is an NIS or NIS+client. Valid values are nis or nisplus.

no default

passwd Section

416 Version 3.7


NisPlus_server Whether this host is an NIS+ server. If thevalue of the token is yes, TACF treatspassword replacements as NIS+ passwordreplacements.

no

quiet_mode Whether sepass displays a copyright noticeand a message regarding propagatingpasswords to policy models.

no

SavePasswdAttrs If this token is set to ″Yes″, then after anupdate of a user in the Unix environment, theprevious password file owner, group andmode are preserved. Otherwise, the newvalues are set to 0, 0, and 644 respectively.Valid values are ″yes″ or ″no.″

no

SaveGroupAttrs If this token is set to ″Yes″, then after anupdate of a group in the Unix environment,the previous group file owner, group andmode are preserved. Otherwise, the newvalues are set to 0,0, and 644 respectively.Valid values are ″yes″ or ″no.″

no

UseDict Whether to use the dictionary file/usr/dict/words when verifying a password.Valid values are yes and no.

no

YpGrpCmd The command to use to generate the NISgroup map.

make group

YpMakeDir The name of the makefile directory to be usedwhen creating NIS maps.

/var/yp

YpPassCmd The command to use to generate the NISpassword map.

make passwd

YpServerGroup The group file from which the NIS group mapis made.

/etc/group

YpServerPasswd The password file from which the NISpassword map is made.

/etc/passwd

YpServerSecure The name of the security file that containspasswords and that is used for building thepassword map.

/etc/shadow

passwd Section


7.T

he

seos.in

iF

ile


YpTimeOut The number of seconds allowed for a newclient (e.g., selang) to run the ypbind test thatdetermines whether the local host is connectedto a NIS server. At expiration, the client exitsand an error message is displayed. DefaultValue = 0 means that no ypbind test isconducted.

YpTimeOut=0

segraceThe token of the segrace section is described in the following table:


sepass_command The location of the TACF passwordreplacement command that is executed when auser has zero grace logins.

/usr/seos/bin/sepass

For more information, see the segrace utility documentation.

selogrdThe tokens of the selogrd section control the behavior of the logrouting daemons selogrd and selogrcd. The selogrd tokens aredescribed in the following table:


ChangeLogFactor The factor applied to the value in the tokeninterval, before testing whether the log filewas changed to a backup file.

3 (3 x 5 = 15seconds)

CollectFile The name of the file in which the collectordaemon selogrcd stores the collected auditrecords.

/usr/seos/log/seos.collect.audit

CollectFileBackup The name that the collector daemonselogrcd uses when backing up andrenaming the file of collected audit records.

/usr/seos/log/seos.collect.bak

passwd Section

418 Version 3.7


DataFile The name of the file containing informationregarding the number of log records thathave been routed. The information includeswhich targets were sent audit records.

/usr/seos/log/selogrd.dat

Interval The interval, in seconds, between each pollof the log file.

5

Mailer The name of the program to be used to sendmail. The daemon selogrd opens a pipe tothis program.

/bin/mail

MaxSeqNoSleep The maximum number of log recordsscanned without sleeping.

50

RouteFile The name of the file containing the routingrules. This file is used unless overridden bythe selogrd utility’s –config option.

/usr/seos/log/logroute.cfg

SavePeriod The amount of time, in minutes, betweensaving information regarding the number ofrecords sent.

2

ServicePort The name or port number that the logrouting facility must use. If present, selogrdand selogrcd use the specified port. If thereis no value in the token, selogrd andselogrcd dynamically allocate a UDP portusing the RPC mechanism portmapper. Theservice name must be a UDP port becausethe log routing daemon uses UDP forcommunication. If the token value is anumber, daemons bind to the specified portnumber. If the token value is a string,/etc/services, /etc/rpt, or NIS services mapsare used to resolve the port number.

dynamically allocate aUDP port

For more information, see the seaudit, selogrcd, and selogrdutilities documentation.

segrace Section


7.T

he

seos.in

iF

ile

seosThe tokens of the seos section control the global settings used byTACF. The seos tokens are described in the following table:


full_year When using the secons –tv and dbdump utilities,specifies that years should be displayed with fourdigits instead of two. For example, display 2000instead of 00.

no

use.rpc.protocol Allows you to administer TACF from a stationrunning older TACF versions. Valid values are yesand no. If set to ‘yes’ TACF will adhere to theTACF v1.4x protocol. If set to ‘no’, TACF willskip registering itself as an RPC program. TACFdoes not require portmapper to to run ifold_protocol is set to no.

yes

SEOSPATH The directory in which TACF is installed. base_dir/TACF

SyncUnixFilePerms Whether TACF should synchronize its accesscontrol list (ACL) permissions with the ACL andother permissions of the native UNIX system, ifthey exist. The following options are valid:

no Do not synchronize ACL permissions.This is the default value.

warn Do not synchronize ACL permissions, butif the permissions in TACF and UNIXconflict, TACF will issue a warning.

traditionalChange the “rwx” permissions for thegroup, according to the TACF ACL.

acl On systems that support ACLs, add entriesto the UNIX ACL when ACL definitionsare added to TACF.

force Map TACF permissions into the UNIXenvironment.

no

segrace Section

420 Version 3.7

seosdThe tokens in the seosd section determine the behavior of the TACFauthorization daemon. The seosd tokens are described in thefollowing table:


dbdir The directory where the TACF database isstored.

/usr/seos/seosdb

domain_name A listing of name suffixes used for matchingpurposes. Seosd appends these suffixes toshort host names. This creates fully qualifiedhost names. These names can then beauthorized in the relevant HOST, CONNECT,or TERMINAL classes. To identify a fullname (a long, fully qualified host name),seosd tries to append domain names from thedomain names list to the short name that itreceives for authorization purposes. Seosdlooks for a relevant rule in its database.

For example, if you give

domain_names

the the following list:

domain_name= market.co.il, \journey.com, total.co.il

and a request for authorization frommarathong comes in, it will be checked in thisorder:

marathonmarathon.market.co.ilmarathon.journey.commarathon.total.co.il

seosd will use for authorization purposes thefirst record which matches(marathon.total.co.il).

no default

seosd Section


7.T

he

seos.in

iF

ile


GroupidResolution Determines how TACF translates group IDnumbers to group names. The valid values aresystem, cache, and ladb. If the value issystem, TACF uses a system call to translategroup ID numbers. This value can be used forstandalone, NIS/NIS+ client, DNS client, andDNS server stations. See also theresolve_timeout token. If the value is cache,group ID numbers and group names arecached in seosd. This is the fastest and easiestway to do translations but the cache cannot beupdated during runtime. If the value is ladb,TACF uses a lookaside database to translategroup ID numbers. The sebuildla utility mustbe run to re-create the lookaside database eachtime an update to the relevant transaction tabletakes place. For NIS and NIS+ servers, youcan use either cache, or the value ladb ispreferred. However, the default values are thatseosd uses the tokens under_NIS_server anduse_lookaside to control the translationprocess.

system

seosd Section

422 Version 3.7


HostResolution Determines how TACF translates IP addressesto host names. The valid values are system,cache, and ladb. If the value is system, TACFuses a system call to translate IP addresses.This value can be used for standalone,NIS/NIS+ client, and DNS client stations. Seealso the resolve_timeout token. If the value iscache, host names and their IP addresses arecached in seosd. This is the fastest and easiestway to do translations but the cache cannot beupdated during runtime. If the value is ladb,TACF uses a lookaside database to translate IPaddresses. The sebuildla utility must be run tore-create the lookaside database each time anupdate to the relevant transaction table takesplace. For NIS, NIS+, and DNS servers, youcan use either cache or ladb. For all stations,the value ladb is preferred. However, forTACF Version 2, the default values are thatseosd uses the tokens under_NIS_server anduse_lookaside to control the translationprocess.

system

kill_ignore Determines whether the TACF daemons ignoreall the signals sent to them. Valid values areyes and no. When the value is yes, the TACFdaemons ignore all the signals that are sent tothem, even SIGKILL (–9).

yes

lookaside_path The directory in which the lookaside databaseresides. Create this directory before runningthe sebuildla utility.

/usr/seos/ladb

nfs_devices The name of the file that contains the NFSmajor device numbers. Specify the full path ofthe file.

/usr/seos/etc/ \nfsdevs.init

seosd Section


7.T

he

seos.in

iF

ile


protect_bin Determines whether TACF binaries areautomatically protected. Valid values are yesand no. If you want to use the value yes, it isstrongly recommended that you define thebinaries to TACF and then define TACFaccess rules for them before changing thevalue of the token. If the value of the token isyes and you do not define access rules for thebinaries, the _default rule in class FILEprotects the binaries. If the _default value inclass FILE is NONE, you can lock yourselfout of the station.

no

resolve_rebind Specifies if seosd will re-establish theconnection to the NIS server after a timeoutfailure. It is strongly recommended that younot change the default value.

NCR: noAIX 4.xx: noSunOS 4.1.4: noAll other platforms:yes

resolve_timeout Specifies the maximum number of secondsseosd will try to resolve an IP address to hostname, user ID to user name, group ID togroup name, or service port number to servicename. The value only takes effect in thefollowing cases:

¶ When seosd is using system resolution.(See the HostResolution,ServiceResolution, UseridResolution, andGroupidResolution tokens.)

¶ When the under_NIS_server token is setto no.

If the specified time expires without aresolution, seosd assumes that no resolutionexists for the specified IP address, user ID,group ID, or port number. If the value is set to0, there is no timeout.

5

seosd Section

424 Version 3.7


ServiceResolution Determines how TACF translates TCP portnumbers to service names. The valid valuesare system, cache, and ladb. If the value issystem, TACF uses a system call to translateTCP port numbers. This value can be used forstandalone, NIS/NIS+ client, DNS client, andDNS server stations. See also theresolve_timeout token. If the value is cache,service names and their TCP port numbers arecached in seosd. This is the fastest and easiestway to do translations but the cache cannot beupdated during runtime. If the value is ladb,TACF uses a lookaside database to translateTCP port numbers. The sebuildla utility mustbe run to re-create the lookaside database eachtime an update to the relevant transaction tabletakes place. For NIS and NIS+ servers, youcan use either cache or ladb. For all stations,the value ladb is preferred. However, thedefault values are that seosd uses the tokensunder_NIS_server and use_lookaside tocontrol the translation process.

system

trace_file The name of the file to which the tracemessages are sent, if trace messages arerequested.

/usr/seos/log/ \seosd.trace

trace_file_type Determines whether the trace file is written inbinary or text format. If the trace file shouldbe written in binary format, the value of thistoken must be binary. If the trace file shouldbe written in text format, the value of thistoken must be text. The daemon seosd checksthe value of this token and compares it to thecontents of the trace file. If the token valuedoes not match the format of the trace file,seosd saves the trace file under its name andadds the extension .backup.

text

trace_filter The name of the file that contains the filterdata that is used to filter the trace messages.Specify the full path of the file.

/usr/seos/etc/ \trcfilter.init

seosd Section


7.T

he

seos.in

iF

ile


trace_space_saver The amount of free space in KB to be left inthe file system. When the amount of freespace is less than this number, TACF disablesthe trace.

1024

trace_to The destination of trace messages. Set tonone, file, or file,stop. If you select none,TACF does not generate trace messages. Ifyou select file, TACF generates trace messagesand sends them to the file listed in the tokentrace_file as soon as TACF becomes active. Ifyou select file,stop, TACF generates tracemessages during the period of daemoninitialization. After the daemon is initialized,no more trace messages are generated.

file,stop

under_NIS_ server TACF usually asks UNIX to do user ID touser name, group ID to group name, IPaddress to host name, and port to servicetranslations by calling the standard libraryroutines. If the machine is an NIS or DNSclient, UNIX may also ask the concernedservers.

If this token is set to yes, seosd does its owntranslations by using information it has saved.See the use_lookaside token in this section formore information.

If the token is set to no, then theresolve_timeout token takes effect.Note: On a station that is an NIS, NIS+, orDNS server, specifying no may hang thecomputer.

This token remains for only for purposes ofbackward compatibility. If you are a newTACF installation or an installation using thenew features of TACF v2, use the tokensHostResolution, ServiceResolution,UseridResolution, and GroupidResolutioninstead.

The value of thistoken is normally setduring installation. Ifthe installationprocess does notrequest a value, thedefault value is no. Ifyou are using Solaris2.5 or later, the valuemust be yes.

seosd Section

426 Version 3.7


use_lookaside If the token under_NIS_server is set to yes,the value in this token determines whetherseosd uses the lookaside database or memory(cached data) for user ID, group ID, IPaddress, and port number translations. Validvalues are yes and no.

If the value of this token is no, seosd cachesall user, group, host, and service informationduring startup so that all translations can bedone in memory. It is recommended that seosdbe restarted daily to refresh the cache.

If the value of this token is yes, seosd uses thelookaside database to resolve user, group, host,and service number information. The lookasidedatabase is built by the sebuildla utility andcan be refreshed by it at any time. For moreinformation, see the sebuildla utility.

The location of the lookaside database is setby the lookaside_path token.

This token remains for only for purposes ofbackward compatibility. If you are a newTACF installation or an installation using thenew features of TACF v2, use the tokensHostResolution, ServiceResolution,UseridResolution, and GroupidResolutioninstead.

no

seosd Section


7.T

he

seos.in

iF

ile


UseridResolution Determines how TACF translates user IDnumbers to user names. The valid values aresystem, cache, and ladb. If the value issystem, TACF uses a system call to translateuser ID numbers. This value can be used forstandalone, NIS/NIS+ client, DNS client, andDNS server stations. If the value is cache,user names and their user ID numbers arecached in seosd. This is the fastest and easiestway to do translations but the cache cannot beupdated during runtime. If the value is ladb,TACF uses a lookaside database to translateuser ID numbers. The sebuildla utility mustbe run to re-create the lookaside database eachtime an update to the relevant transaction tabletakes place. For NIS and NIS+ servers, youcan use either cache or ladb. For all stations,the value ladb is preferred. However, thedefault values are that seosd uses the tokensunder_NIS_server and use_lookaside tocontrol the translation process.

system

use_seauxd Provides an option of using the TACFauxiliary daemon (seauxd) for nameresolution. Not all platforms support theauxiliary daemon. Refer to TACF manuals forthe list of platforms that support the auxiliarydaemon. If the platform you are working ondoes not support the auxiliary daemon, thistoken is ignored by TACF. Valid values are″yes″ or ″no.″

On a platform wherethe auxiliary daemonis supported, thedefault is ″yes.″ On aplatform where theauxiliary daemon isnot supported, thedefault is ″no.″

seosdbThe tokens of the seosdb section, which govern database checkingand rebuilding, are described in the following table:

seosd Section

428 Version 3.7


CheckAlways Whether the database should be checkedfor corruption.

no

CheckProgram The full path and parameters of analternative command to be used instead ofthe internal code for checking thedatabase. The command should return 0 ifthe database is valid, non-zero if it shouldbe corrected.

no alternative command(uses internal code,which is similar todbutil -fast)

RebuildProgram The full path and parameters of analternative command to be used instead ofthe internal code for correcting thedatabase.

no alternative command(uses internal code,which is similar todbutil -build)

seoswdThe tokens of the seoswd section are used by the TACF watchdogdaemon. The seoswd tokens are described in the following table:


PgmRest The rest period, in seconds, betweenchecking programs. The program rests toprevent system overload.

10

PgmTestInterval The time period, in seconds, betweenrescanning of programs.

18000 (5 hours)

RefreshParams The time period, in seconds, betweensuccessive reads by the TACF watchdogdaemon of the seos.ini parameters.

86400 (1 day)

SecFileRest The rest period, in seconds, betweenchecking secured files.

10

SecFileTestInterval The time period, in seconds, betweenrescanning of secured files.

36000 (10 hours)

SeosAYT The time period, in seconds, betweenTACF watchdog checks of the daemonseosd. Do not change this value.

60

seosdb Section


7.T

he

seos.in

iF

ile


SeosTimer The time period, in seconds, between theTACF watchdog timer and the TACFdaemon. Do not change this value.

10

UnTrustMissing When this token is set to ″no″ a programthat cannot be located during scanningdoes not become untrusted.

yes

UseSnefru Whether seoswd creates and checksSNEFRU signatures on programs andsecure files. (SNEFRU is the digitalsignature of objects in the PROGRAMand SECFILE classes.) If yes, thedaemon creates and checks them; if no,the daemon does not create them. Settingthis token to yes greatly improvesauthentication for these objects.

no

serevuThe tokens of the serevu section are described in the followingtable:


config_file Location of the serevu configurationfile.

/usr/seos/etc/serevu.cfg

def_fail_count The number of failed logins each useris entitled to, per time period in thetoken def_diff_time.

5

def_disable_time The length of time a user account isdisabled.

6 minutes

def_sleep_time The time between successive serevuchecks.

2 minutes

def_diff_time The period of time during whichserevu accumulates failed logins. It isrecommended that this value be aneven multiple of the value in thedef_sleep_time token.

5 minutes

seoswd Section

430 Version 3.7


save_disable_path Location of the disabled user accountslist when serevu goes down.

/usr/seos/log/serevu_disable.users

For more information, see the serevu utility documentation.

sesuThis section contains tokens that control logging on as a user otherthan oneself, without having to enter the password of the other user.The sesu tokens are described in the following table:


AlwaysTargetShell Whether to use the target shell (SysV) orthe invoker shell (BSD style). If yes,TACF uses the target user shell. Validvalues are yes and no.

no

FilterEnv If specified, contains the variables thatthe sesu utility filters from theenvironment when the user root isinvoked. Separate variable names withspaces or tabs.

no default

Path If specified, sesu sets the PATHenvironment variable to the pathspecified by this token.

leave PATH unchanged

Sys_env_file Names an ASCII file containingenvironment variable values for the sesusession. Format for each line of the fileis variable - value.

/etc/environment

(on AIX)

SystemSu The location of the /bin/su program.Update this token if you use a programin a location other than the defaultlocation. When sesu cannot find theTACF authorization daemon, it executesthe program specified in this token.

/bin/su

serevu Section


7.T

he

seos.in

iF

ile


UseInvokerPassword Valid values are yes and no. If yes, sesurequires the invokers to specify their ownpassword. If no, sesu does not requireany password.

no

For more information, see the sesu utility documentation.

sesudoThe token of the sesudo section is described in the following table:


echo_command Whether to display the command beforeexecuting it. Valid values are yes and no. Toecho the command, enter yes.

no

For more information, see the sesudo utility documentation.

sesu Section

432 Version 3.7

The lang.ini File

This chapter describes the tokens in the lang.ini file, used by theselang utility.

The lang.ini file contains the following sections:

Section Name Description

general Contains default parameters that apply tomore than one type of resource, i.e., both newresources and new users.

history Contains default parameters for the selanghistory mechanism.

newres Contains the default values that are assignedto the properties of new resource records. Thedefault value is assigned unless a differentvalue is explicitly set.

newusr Contains the default values that are assignedto the properties of new user records. Thedefault value is assigned unless a differentvalue is explicitly set.

properties Contains tokens which specify values for userdefined properties, such as file locations foruser defined properties, etc. The tokens haveno default values. Values must be explicitlyset.

8


8.T

he

lang

.ini

File

Section Name Description

unix Contains the default values that are assignedwhen a new user is defined to UNIX fromwithin the TACF command shell. The defaultvalue is assigned unless a different value isexplicitly set.

Each section is described under a separate heading.

generalThe general section contains default parameters that apply to morethan one type of resource.

Token Description Default Value

defaultOwner The name of the owner assigned to a newrecord.

If no value is given,the creator of thenew record will beassigned as owner.

historyThe history section contains default parameters for the selanghistory mechanism.


HistFile The name of the file where the commands in thehistory list are stored. The commands list isloaded at the beginning of each session.

No default value.The history list is notsaved at the end of asession.

HistSize The number of commands that are stored by thehistory mechanism. Specify a positive integerbetween 10 and 100.

30

The lang.ini File

434 Version 3.7

newresThe newres section specifies the default values that are assigned bythe newres command. The newres command creates new resourcerecords in the TACF database. Each token in the newres sectionrepresents a newres parameter. Parameters not represented in thelang.ini file are assigned default values that are hardcoded in TACF.


DefaultAudit The default audit mode for the new resource.Valid values are {none | all | success | failure}.

failure

DefaultDay The default day restrictions that apply to theresource. Valid values are {anyday | weekdays| [mon] [tue] [wed] [thu] [fri] [sat] [sun]}.

anyday

DefaultNotify The default e-mail address to which alertmessages regarding the resource record are sent.

No default value. Nonotification messageis sent.

DefaultTime The default time restrictions that apply to theresource. Valid values are {anytime |startTime:endTime}.

anytime

DefaultWarning The default warning mode for the resource.Valid values are {yes | no}.

no

newusrThe newusr section specifies the default values that are assigned bythe newusr command. The newusr command creates new userrecords in the TACF database. Each token in the newusr sectionrepresents a newusr parameter. Parameters not represented in thelang.ini file are assigned default values that are hardcoded in TACF.


DefaultAudit The default audit mode for the new user. Validvalues are {none | all | [success] [failure][loginsuccess] [loginfailure]}.

failure loginfailure

The lang.ini File


8.T

he

lang

.ini

File


DefaultDay The default day restrictions that apply to theuser when logging in to the system. Validvalues are {anyday | weekdays | [mon] [tue][wed] [thu] [fri] [sat] [sun]}.

anyday

DefaultExpire The default expiration date for the user record.Valid values are {expire | expire(dd/mm/yy[@hh:mm]) | expire–}.

expire–

DefaultLocation The default location in which the user works. No default value.

DefaultNotify The default e-mail address to which alertmessages are sent when the user logs in.

No default value. Nonotification message issent.

DefaultOrg The organization for which the user works. No default value.

DefaultOrgUnit The organizational unit for which the userworks.

No default value.

DefaultTime The default time restrictions that apply to theuser when logging in to the system. Validvalues are { anytime | startTime:endTime }.

anytime

propertiesThe properties section contains parameters that apply to userdefined properties.


UserDefinedTokensFile The path for a definition file containingcontext informaton for user definedproperties.

none

UserDefinedAttributesFile The path for a definition file containingattribute information for user definedproperties.

none

The lang.ini File

436 Version 3.7

User Defined PropertiesThis feature is complementary to the Sepropadm utility (see″sepropadm″ in “Installation Utilities” on page 141). It defines theselang context by which Sepropadm database properties arerecognized. This definition is accomplished by two files with formatssimilar to the one used by Sepropadm. The two tokens listed in thetable above specify the location of these files.

You must define the properties in the TACF database (using thesepropadm utility). Once you have done this, the definition filesload automatically when you run selang. The files are loadedduring selang’sinitialization phase.

With defined properties in the appropriate definition files and in thedatabase, you can use the properties in selang commands as youwould any other TACF-defined property.

Note: Do not use the sepropadm utility with a description file thatwas not certified by your vendor’s support personnel.

The Definition FilesTo get selang to recognize the new user-defined properties, two*.def files are loaded by selang during its initialization: the tokensfile and the attributes file.

lang.ini User Defined Properties


8.T

he

lang

.ini

File

The Tokens FileThe following table describes the format of the tokens file parameter.Below the table, you can see an example of a sample definitiontokens file.

Parameter Description

User Defined Tokens File A definition file supplied by your vendor’ssupport personnel. The definition file takesthe following format: Lines that begin witha semicolon (;) are comments and are notprocessed. There must be one line thatbegins with the harsh symbol (#). This linemust precede the description lines. Thedescription line must conform to thefollowing format:

TOKEN=%s DOMAIN=%d CLASS=%d COMMAND=%d

This sample definitions tokens file shows the appropriate format.; Sample Token Definition File for user defined properties; Copyright 2000 Tivoli Systems,Inc.; Portions of Tivoli Access Control Facility copyright 1995-2000; by MEMCO Software Ltd., a CA company; ------------------------------------; DO NOT USE THIS FILE UNLESS YOU KNOW HOW TO !# token definition file; Format is :TOKEN=EMAIL DOMAIN=1 CLASS=USER COMMAND=206TOKEN=NOEMAIL DOMAIN=1 CLASS=USER COMMAND=206TOKEN-EMAIL DOMAIN=1 CLASS+USER COMMAND=218TOKEN=AGE DOMAIN=1 CLASS=USER COMMAND=206TOKEN=AGE DOMAIN=1 CLASS=USER COMMAND=218TOKEN=NOAGE DOMAIN=1 CLASS-USER COMMAND=218TOKEN=NOAGE DOMAIN=1 CLASS=USER COMMAND=206TOKEN=TERMLOCATION DOMAIN=1 CLASS=TERMINAL COMMAND=217TOKEN=NOTERMLOCATION DOMAIN=1 CLASS=TERMINAL COMMAND=205TOKEN=TERMLOCATION DOMAIN=1 CLASS=TERMINAL COMMAND=205

lang.ini Tokens File

438 Version 3.7

The Attributes FileThe following table describes the format of the attributes fileparameter. Below the table, you can see an example of a sampledefinition attributes file.

Parameter Description

User Defined AttributesFile

A definition file supplied by your vendor’ssupport personnel. The definition file takes thefollowing format: Lines that begin with asemicolon (:) are comments and are notprocessed. There must be one line that beginswith the harsh symbol (#). This line mustprecede the description lines. The descriptionline must conform to the following format:

PROPERTY=%s TYPE=%d FLAGS=%x

This sample definitions attributes file shows the appropriate format.; Sample Token Definition File for user defined properties; Copyright 2000 Tivoli Systems,Inc.; Portions of Tivoli Access Control Facility copyright 1995-2000; by MEMCO Software Ltd., a CA company; ------------------------------------; DO NOT USE THIS FILE UNLESS YOU KNOW HOW TO !# token definition file; Format is :PROPERTY=EMAIL TYPE=306 FLAGS=8000PROPERTY=EMAIL TYPE=5 FLAGS=8000PROPERTY=AGE TYPE=306 FLAGS=8000PROPERTY=AGE TYPE=5 FLAGS=8000PROPERTY=TERMLOCATION TYPE=306 FLAGS=8000PROPERTY=TERMLOCATION TYPE=5 FLAGS=8000

Warning: Do not use selang with a definition file that was notcertified by your vendor’s support personnel.

lang.ini Attributes File


8.T

he

lang

.ini

File

unixThe unix section specifies the default values that are assigned by thenewusr command when a user is added to UNIX. Each token in theunix section represents an argument of the unix parameter. UNIXarguments not represented in the lang.ini file are assigned defaultvalues that are hardcoded in TACF.

Token Description Default value

DefaultPGroup The default group assigned to new users. other

DefaultShell The default shell of new users. If a defaultshell is specified in the server’s seos.ini file, itoverrides the value specified here.

/bin/sh

DefaultHome The default home directory of the system. Theuser’s home directory is a subdirectory of thespecified system home directory. For example,if the system home directory is /home, the newuser’s home directory is /home/userName. If ahome directory prefix is specified in theserver’s seos.ini file, it overrides the valuespecified here. For those familiar with earlierversions of Memco’s SeOS, the tokenDefaultHome replaces HomeDirPrefix.

/home

lang.ini Attributes File

440 Version 3.7

String Matching

This chapter describes how TACF performs string matching.

Wildcard ExpressionsThis section describes the syntax that can be used to build wildcardexpressions.

TACF performs string matching using the following methods:

¶ Wildcard matching

¶ Character lists

Wildcard MatchingTACF supports the following wildcard characters:

* (asterisk)Any sequence of zero or more characters.

? (question mark)Any single character.

Character ListsA character list enclosed by square brackets ( [ ] ) can contain oneor more characters. TACF uses these characters as positive ornegative matching criteria.

A character list can be composed of one or more characters. For thistype of list, TACF matches any single character in the list. If the list

9


9.S

tring

Match

ing

within the brackets is preceded by a caret (^), TACF matches anysingle character that is not in the list.

A range is a type of character list that specifies a range ofcharacters. TACF matches all the characters in the list, inclusively. Ifa caret (^) precedes the list, TACF excludes all the characters in thespecified list. You can specify both ends of the range or only its firstor last character.

The following table describes the character lists that can be used.Remember, in this syntax the square brackets are to be typed. Theexpressions ch1, ch2, and chN each stand for a single character.

[ch1ch2...chN]TACF matches any single character in the list enclosed bythe square brackets.

[^ch1ch2...chN]TACF matches any single character that is not in the listenclosed by the square brackets.

[ch1–ch2]TACF matches any single character in the range, inclusive.

[^ch1–ch2]TACF matches any single character that is not in theinclusive range.

[–ch2] TACF matches any single character with an ASCII valuelower than or equal to the specified character (ch2).

[^–ch2]TACF matches any single character with an ASCII value notlower than the specified character (ch2).

[ch1–] TACF matches any single character with an ASCII valueequal to or higher than the specified character (ch1).

[^ch1–]TACF matches any single character with an ASCII value nothigher than the specified character (ch1).

Character Lists

442 Version 3.7

ExamplesTo make a single character a “don’t care” character that will matchany other single character, use a question mark (?), as in thefollowing examples:

mmc? mmc3, mmcx, mmc5

mmc?.tmmc1.t, mmc2.t

mmc04.?mmc04.a, mmc04.1

To match any string of zero or more characters, use an asterisk (*),as in the following examples:

*i*.c main.c, list.c

st*.h stdio.h, stdlib.h, string.h

* All records of the specified class

To match any character in a list, follow one of the examples:

[abcgk]a, b, c, g, or k

[âbcgk]Any character other than a, b, c, g, or k, such as A, B, d, e,f, or @.

[a–z] Any character between a and z, inclusive.

[â–z] Any character with an ASCII value less than a and greaterthan z.

[Z–] Any character with an ASCII value greater than Z, such as a,b, \, and x.

[Â] Any character with an ASCII value not lower than A, suchas B, a, c, or x.

Character Lists


9.S

tring

Match

ing

444 Version 3.7

Improving Performance

This appendix provides information about the Global Access Checkfeature, a feature that can improve TACF performance by improvingfile access time.

Included are step-by-step instructions for implementation.

TACF Global Access Check (GAC)The Global Access Check feature (GAC) lets you access protected,frequently opened files much faster than otherwise possible. Theseare files whose access rules are unlikely to change.

GAC allows the TACF ADMIN to cache rules for read, write,chown, chmod, rename, unlink, utimes, chattr, link, chdir, andcreate all, so that appropriate access to files is granted withoutpassing control to seosd. The default is all. Execute requests,however, are not eligible for the GAC feature because they couldpose a security loophole.

Without GAC, TACF runs through security checks whenever a useror program attempts to access protected files. Frequently accessedfiles need repeated in-depth checks to confirm access permissions.

GAC allows the TACF ADMIN to take for granted that certainfrequently accessed protected files require shorter security checks.The TACF ADMIN can select files suitable for a shorter check.Before TACF allows a shorter security check, the file must first

A


A.

Imp

rovin

gP

erform

ance

undergo a full security check, according to the set rule. The ruleitself consists of a generic file name and a list of accesses. Rules arecached according to users.

Selecting certain files for a shorter check is reliable because, withthe GAC feature in place, if a change is actually made to rulesregarding the protected files, the shorter security check table isflushed, and an initial full security check is instituted. This featureworks for every user except root.

How Does GAC Work?First GAC is applied to a set of files that you specify in advance.(See ″Setting up GAC rules” on page 188.) TACF watches access tothe specified files and builds a table of permitted accesses duringexecution time.

Whenever TACF concludes that a user should be granted a certainlevel of access to a certain file, it checks whether the following twoadditional conditions are met:

1. The granted access is unconditional, i.e., not dependent on time,day, or program from which executed, etc.

2. The file matches one of its preselected set of file masks.

Note: File rules define permissions for access to files.

If these conditions are met, TACF generates a uid/file rule/accesstriplet and stores it in a table composed of such uid/file rule/accesstriplets. This table will be examined before any database access-ruleinterpretation takes place. Whenever a user attempts to access a file,this table is consulted as a filtering mechanism.

The table is best described as Don’t-Call-Me Table, as it contains alist of file masks that, once recognized, no longer need undergoaccess permission checks. It is also referred to as an Always-Granttable, as access is always granted to files specified within its list offile masks.

TACF Global Access Check

446 Version 3.7

Whenever a user attempts to access a file, the table is consulted. Ifthe file matches one of the triplets found in the table, the appropriateaccess is granted without passing control to seosd, thuscircumventing the access-rules analysis. From now on, all access tofiles that match this pattern will be granted, according to the tripletstored in the table, without approaching the access-rule database.

Whenever a new access-rule is added to the TACF database, theentire Don’t-Call-Me table is flushed, and the learning process startsfrom the beginning.

Implementing GACTo set up GAC, you will need to choose masks for sets of fileswhich are accessed a lot, set up a GAC file containing these filemasks, then start the caching process.

Setting Up GAC RulesFile rules in the TACF database are created using the class FILEparameter and file masks. Rules apply to all files matching the filemasks.

From the file rules defined in the TACF database, choose the filemasks that you wish to cache. Enter a list of file masks into the/usr/seos/etc/GAC.init

file, in exactly the same form as they appear in the TACF database.

Each such mask should be specified on a separate line. For example,if the TACF database contains a file mask for /temp/mydir/* andyou wish it to be cached, add the following line to the/usr/seos/etc/GAC.init file:/tmp/mydir/*

Note: Specific file names cannot be specified in the GAC.init file.You may only use file masks.

TACF Global Access Check


A.

Imp

rovin

gP

erform

ance

Starting GACTo turn your currently installed version of TACF into a GACcompatible version, prepare a file /usr/seos/etc/GAC.init with thefile masks that are eligible for caching. Only file masks can be used.An example is a /usr/seos/etc/GAC.init file with only one line:/IBBS/REL63/*

GAC RestrictionsGAC implementation has proved to be very efficient, especially incases where there are hundreds of file accesses in a second, but ithas the following restrictions:

¶ A file rule that is protected conditionally, for example withday/time restrictions, program pathing, or the like, must not beincluded in the table. If such file rule is specified in theGAC.init file, the day/time and other restrictions will not longerapply.

¶ A file rule which as audit (ALL) or audit (success) must not beincluded in the GAC.init file. If such file rule is specified in theGAC.init file, audits of successful accesses will not be recorded.

¶ The filtering process uses the real (current) UID, that is, the UIDthat is associated with the process at the time of execution. Thisprovides a loophole to the TACF tracking of the original UID(the one with which the user has originally logged in) and notthe current UID. (TACF implements tracking of UID usage toprovide the security of more accountability.)

Let’s examine an example of how someone may try to takeadvantage of this loophole. User Tony is not authorized to access thefile Accounts/temp. So Tony surrogates (via /bin/su) to user Sandra,who is authorized to access Accounts/tmp. If Sandra has alreadyaccessed the Accounts/tmp file, the file will appear in theDon’t-Call-Me table with her UID. Tony, using Sandra’s UID, isthen permitted to access the file. This is because the kernal codedoes not maintain the history of UIDs.

Starting GAC

448 Version 3.7

However, if Sandra has not previously accessed the file, the accesspermissions will be checked in the regular manner via seosd, andTony will be denied access to the file.

To close this loop hole, The ADMIN user must protect theSURROGATE objects in the TACF database. For the above example,the ADMIN could add the following rule to the TACF database:newres SOURROGATE USER.Sandra default (N) owner (nobody)

This command would ensure that Tony would not be able to use thesu command to gain Sandra’s access privileges.

¶ The caching mechanism will not have any impact if the accessoris root. the reason is that no access is granted to root withoutconsulting the TACF database.

TroubleshootingYou can test GAC as follows to see if it is working:

1. Enable the trace (secons -t+).

2. Access a file that corresponds to one of the file masks specifiedin GAC.init. The first access should be reported in the trace.

3. Try to access the file again. The second file access should not berecorded in the trace. (If it is, GAC is not working. Check theGAC.init to see that it contains the correct format.)

Starting GAC


A.

Imp

rovin

gP

erform

ance

450 Version 3.7

Index

Special Characters/bin/sendmail file 395/bin/sh 416, 440/bin/su 431_default checks stage codes 371/etc/group 115, 417/etc/group.SeOS.bak 115/etc/passwd 114, 417/etc/passwd.SeOS.bak 115/etc/shadow 417/home 440/tmp/selogrcd 223/tmp/selogrd 223/usr/dict/words 416/usr/local/ldap 410/usr/seos/bin/sepass 418/usr/seos/data/langhelp 410/usr/seos/data/seos.msg 165, 415/usr/seos/etc/nfsdevs.init 239, 423/usr/seos/etc/selogrcd.ext 209/usr/seos/etc/selogrd.ext 223/usr/seos/etc/serevu.cfg 430/usr/seos/etc/trcfilter.init 425/usr/seos/exits 410/usr/seos/exits/lang_exit.sh 411/usr/seos/ladb 423/usr/seos/log/logroute.cfg 224, 419/usr/seos/log/logroute.dat 224/usr/seos/log/selogrd.dat 419/usr/seos/log/seos.audit 165, 209, 223, 413/usr/seos/log/seos.audit.bak 412/usr/seos/log/seos.collect.audit 209, 418/usr/seos/log/seos.collect.bak 209, 418/usr/seos/log/seos.error 191, 414/usr/seos/log/seos.error.bak 413/usr/seos/log/seosd.trace 425/usr/seos/log/serevu_disable.users 231, 431/usr/seos/seosdb 421/var/spool/locks/selogrcd 223

/var/yp 115, 417

Aabbreviating commands 8, 202access authority

accumulating group rights 94all 13, 27, 46alter 27, 46changing or setting defaults 46chmod 13, 27, 46, 174chown 13, 27, 46, 174classes

ADMIN class 13, 47FILE class 13, 20, 47GHOST class 13, 18, 47GSUDO class 13, 47GTERMINAL class 13, 47HOST class 13, 18, 47HOSTNET class 13, 18, 47HOSTNP class 18PROGRAM class 13, 20, 47SUDO class 13, 47TCP class 13, 18, 47TERMINAL class 13, 47

connect 46control 27, 46, 174create 13, 46, 174delete 13, 27, 46, 174exec 174execute 13, 46filescan 174GROUP authorities 79join 13modify 13, 46modifying access authority 17none 13, 27, 46


Ind

ex

access authority (continued)password 13, 46read 13, 27, 46, 174removing access authority 17rename 13, 27, 46, 174sec 13, 27, 46security 174See also authorize command and authorizeð

command 11setting defaults 12setting or changing defaults 27, 46update 13, 27, 46, 174utime 13, 27, 46, 174viewing authority options 74, 127write 13, 27, 46, 174

access control list (ACL)adding accessors 11classes that support 12conditional-program (PACL) 11internet (INET-ACL) 12internet access control list (INETACL) 11maintenance 11removing accessors 17, 86standard 11

access parameterauthorize command 12help command 74help command in UNIX 127

access to 21access types 118accgrr– parameter

setoptions command 94, 95accgrr parameter

setoptions command 94ACL, See access control list (ACL) 12adding

administrators 55auditors 55file records 24GROUP authorities 79groups 32groups in UNIX 120resources 42users 55users in UNIX 122

ADMIN 107

ADMIN classaccess authority 13, 47administering 43deleting records from 88displaying properties of 105properties 300support for access control lists 12using with the authorize command 13

admin– parameterchusr command 57editusr command 57join command 79

admin parameterchusr command 57editusr command 57join command 79newusr command 57

administratorsadding, changing, and removing 55

agent daemon 151alias

variable parameters 9alias command, syntax and description 9aliases

creating 9deleting 110

aliasName parameteralias command 9unalias command 110

all (type of access authority) 13, 27, 46AllowableGidRange token 416alpha parameter, setoptions command 98alphanum parameter, setoptions command 98alter access authority 27, 46AlwaysTargetShell token 280, 431API 171argument

source file 109asterisk wildcard 8, 441audit_back token 165, 412audit.cfg file 244audit_group token 165, 413audit log

collecting records 207audit_log token 165, 413

452 Version 3.7

audit– parameterjoin command 79

audit parameterchfile command 25chres command 45chusr command 57editfile command 25editres command 45editusr command 57join command 79newfile command 25newres command 45newusr command 57

audit records 157, 160audit_size token 165, 413AUDITOR 107auditor– parameter

chusr command 58editusr command 58

auditor parameterchusr command 58editusr command 58newusr command 58

auditorsadding, changing, and removing 55

authority, See access authority 11authorization daemon 237authorize command

syntax and description 11authorize– command

syntax and description 17

Bbackups

automatic backup copies 115files used 115

base_entry token 410

Ccaching

caching information during startup 242, 243clients 183programs 183source of data 247

CATEGORY classadministering 43deleting records from 88displaying properties of 105properties 302

category– parameterchfile command 26chres command 45chusr command 58editfile command 26editres command 45editusr command 58

category parameterchfile command 26chres command 45chusr command 58editfile command 26editres command 45editusr command 58newfile command 26newres command 45newusr command 58

ChangeLogFactor token 418changing

administrator definitions 55auditor definitions 55file records 24GROUP authorities 79group definitions 32groups in UNIX 120resource definitions 42UNIX file records 118user definitions 55users in UNIX 122

CheckAlways token 429CheckProgram token 429chfile command

syntax and description 24syntax and description, UNIX 118


Ind

ex

chgrp commandsyntax and description 32syntax and description, UNIX 120

chmod access authority 13, 27, 46, 174chown access authority 13, 27, 46, 174chres command

syntax and description 42chusr command


classfile 21

class+ parametersetoptions command 95

class– parametersetoptions command 96

class parameterfind command 72find command in UNIX 125

classesadding new classes 173ADMIN 43, 300allowed access modes 174CATEGORY 302CONNECT 303deleting classes 174deleting with rmres 88FILE 305GHOST 308, 310GROUP 312GSUDO 316GTERMINAL 317HOST 319, 321HOSTNET 323HOSTNP 325listing the database classes 96listing with showres 105PROCESS 327, 332PROGRAM 249, 336SECFILE 249, 340SECLABEL 341SEOS 342, 346SUDO 282, 348SURROGATE 351TCP 354TERMINAL 357

classes (continued)UACC 360USER 361using with chres, editres, and newres 43using with the authorize command 13using with the authorize– command 18using with the check– command 21

className parameterauthorize command 13authorize– command 18, 21chres command 46editres command 46find command 72newres command 46rmres command 88ruler command 92showres command 106

CollectFile token 418CollectFileBackup token 418collector daemon 207command history list 75, 201command language, how to use 4command recognition 202command shells

in the UNIX environment 113operating on a local database 5operating on a remote database 5selang 198, 202TACF 4tcsh 198

command shortcuts 202command syntax 6, 116commandName parameter

alias command 9help command 74help command in UNIX 127

commandsalias 9alias, syntax and description 9authorize

syntax and description 11authorize–

syntax and description 17check 21

arguments 21checklogin 22

454 Version 3.7

commands (continued)arguments 23

chfilesyntax and description 24syntax and description, UNIX 118

chgrpsyntax and description 32syntax and description, UNIX 120

chressyntax and description 42

chusrsyntax and description 55syntax and descriptions, UNIX 122

editfilesyntax and description 24syntax and description, UNIX 118

editgrpsyntax and description 32syntax and description, UNIX 120

editressyntax and description 42

editusrsyntax and description 55syntax and description, UNIX 122

environmentsyntax and description 71syntax and description, UNIX 124

findsyntax and description, UNIX 72, 125

helpsyntax and description 74syntax and description, UNIX 127

historysyntax and description 75syntax and description, UNIX 128

hosts, syntax and description 77join


join–syntax and description 82, 84syntax and description, UNIX 132

newfilesyntax and description 24

newgrpsyntax and description 32

commands (continued)newgrp (continued)

syntax and description, UNIX 120newres

syntax and description 42newusr


rename 84rmfile

syntax and description 85rmgrp


rmressyntax and description 88

rmusrsyntax and description 90syntax and description, UNIX 135

ruler, syntax and description 92setoptions

syntax and description 94showfile


showgrpsyntax and description 103syntax and description, UNIX 137

showres, syntax and description 105showuser

arguments 107, 108showusr


source, syntax and description 109unalias, syntax and description 110

comment– parameterchfile command 27chgrp command 33, 34, 35, 36chres command 46chusr command 58editfile command 27editgrp command 33, 34, 35, 36editres command 46editusr command 58


Ind

ex

comment parameterchfile command 26chgrp command 33chres command 46chusr command 58editfile command 26editgrp command 33editres command 46editusr command 58newfile command 26newgrp command 33newres command 46newusr command 58

config_file token 274, 275, 430connect access authority 46CONNECT class

administering 43deleting records from 88displaying properties of 105properties 303support for access control lists 12

control access authority 27, 46, 174country parameter

chusr command 59editusr command 59newusr command 59

create access authority 13, 46, 174creating

aliases 9lookaside databases 167

Ddaemons

agent 151checking if daemons are running 194collector daemon 207collector daemon, relevant tokens 208configuring to run in background 221emitter (transmitter) 210list of daemon utilities 142listing startup and shutdown messages 153loading TACF extensions 205, 263log routing 210

daemons (continued)protecting 332seagent 151selogrcd 221, 418selogrd 221, 418seosd 237, 421seoswd 249, 428, 429serevu 274, 430shutting down TACF deamons 179specifying whether to execute or not 409starting up TACF daemons 205, 263TACF authorization 237, 421TACF watchdog 429warning about using 173watchdog 249

daemons section 206, 409daemons tokens, token=text 206DataFile token 419day of week restrictions 435, 436dbdir token 237, 421dbdump utility 143dbutil utility 146debug_mode_for_user token 415def_diff_time token 275, 430def_disable_time token 275, 430def_fail_count token 275, 430def_sleep_time token 275, 430defaccess parameter

chfile command 27chres command 46editfile command 27editres command 46newfile command 27newres command 46viewing authority options 74, 127

DefaultAudit token 435DefaultDay token 435, 436DefaultExpire token 436DefaultHome token 203, 416, 440DefaultLocation token 436DefaultNotify token 435, 436DefaultOrg token 436DefaultOrgUnit token 436DefaultPasswdCmd token 416DefaultPgroup token 416DefaultPGroup token 440

456 Version 3.7

DefaultShell token 203, 416, 440DefaultTime token 435, 436DefaultWarning token 435defining

administrators 55auditors 55file records 24GROUP authorities 79groups 32groups in UNIX 120resources 42users 55users in UNIX 122

delete access authority 13, 27, 46, 174deleting

an alias 110classes 174GROUP authorities 79

Dictionary of passwords 256Dictionary token 257, 416displaying properties

setting rules for 92showfile 101showgrp 103showres 105showusr 107

DNS 167domain_name 421

Eecho_command token 282, 432editfile command


editgrp commandsyntax and description 32

editgrp command, syntax and description,UNIX 120

editres commandsyntax and description 42

editusr commandsyntax and description 55syntax and description, UNIX 122

emitter daemon 210encryption 171environment command


environment variablesnotation for xv

error_back token 165, 413error_group token 191, 414error log file

displaying contents of 190error_log token 165, 191, 414error_size token 165, 414exec access authority 174execute access authority 13, 46exit_timeout token 203, 410exits_dir token 410exits_source_dir token 410expire– parameter


expire parameterchusr command 59editusr command 59newusr command 59

Ffailed_login_file token 415fgroup parameter

chfile command 119editfile command 119

FILE classaccess authority 13, 20, 47adding records 24administering 43changing records 24defining records 24deleting records from 88displaying properties of 105properties 305removing records from the TACF

database 85support for access control lists 12


Ind

ex

FILE class (continued)using with the authorize command 13using with the authorize– command 20

file name patterns 8fileName parameter

chfile command 27chfile command in UNIX 118editfile command 27editfile command in UNIX 118newfile command 27rmfile command 85showfile command 101showfile command in UNIX 136source command 109

filename token 165, 415files

access permissions 24access permissions in UNIX 118displaying properties of 101setting ownership 24setting ownership in UNIX 118setting properties in UNIX 118setting properties of 24

filescan access authority 174FilterEnv token 431find

attributes 72find command

syntax and description, UNIX 72syntax and description in UNIX 125

firewall 222fother parameter

chfile command 119editfile command 119

fowner parameterchfile command 118editfile command 118

full_year token 420

Ggecos parameter

chusr command 68chusr command in UNIX 122

gecos parameter (continued)editusr command 68editusr command in UNIX 122newusr command 68newusr command in UNIX 122

general file tokendefaultOwner 434

general resource checks stage codes 370GHOST class

access authority 13, 18, 47administering 43deleting records from 88displaying properties of 105properties 308, 310support for access control lists 12using with the authorize command 13, 47

ghost parameterauthorize– command 18

gid parameterauthorize command 13authorize– command 18

grace– parameterchusr command 60, 61editusr command 60, 61

grace parameterchusr command 60editusr command 60newusr command 60setoptions command 98

GROUP authorities, setting 79GROUP class, properties 312group parameter

chfile command 118editfile command 118join command 80join command in UNIX 130join– command 82join– command in UNIX 132

groupid parameterchgrp command 39chgrp command in UNIX 120editgrp command 39editgrp command in UNIX 120newgrp command 39newgrp command in UNIX 120

GroupidResolution token 237, 422

458 Version 3.7

groupName parameterchgrp command 34chgrp command in UNIX 120editgrp command 34editgrp command in UNIX 120newgrp command 34newgrp command in UNIX 120rmgrp command 86rmgrp command in UNIX 134showgrp command 103showgrp command in UNIX 137

groupsaccumulating group rights 94adding 32adding in UNIX 120changing 32changing in UNIX 120defining 32defining in UNIX 120displaying properties of 103displaying properties of, in UNIX 137in UNIX, joining users to 130in UNIX, removing groups 134in UNIX, removing users from 132joining users to 79removing 86removing users from 82replacing user properties in 79

GSUDO classaccess authority 13, 47administering 43deleting records from 88displaying properties of 105properties 316support for access control lists 12using with the authorize command 13

GTERMINAL classaccess authority 13, 47administering 43deleting records from 88displaying properties of 105properties 317support for access control lists 12using with the authorize command 13

Hhelp command, syntax and description 74help command, syntax and description,

UNIX 127help_path token 203, 410HistFile token 434history

list of commands 75, 201previous passwords 97

history commandsyntax and description 75syntax and description, UNIX 128

history mechanism 201, 434history– parameter, setoptions command 97history parameter, setoptions command 97history tokens

HistFile 434HistSize 434

HistSize token 434homedir parameter

chusr command 69chusr command in UNIX 122editusr command 69editusr command in UNIX 122newusr command 69newusr command in UNIX 122

HOST classaccess authority 13, 18, 47administering 43deleting records from 88displaying properties of 105properties 319, 321support for access control lists 12using with the authorize command 13, 47using with the authorize– command 18

host parameterauthorize command 14authorize– command 18

host token 410HOSTNET class

access authority 13, 18, 47administering 43deleting records from 88displaying properties of 105properties 323


Ind

ex

HOSTNET class (continued)support for access control lists 12using with the authorize command 13, 47using with the authorize– command 18

hostnet parameterauthorize command 14authorize– command 18

HOSTNP classaccess authority 18administering 43deleting records from 88displaying properties of 105properties 325support for access control lists 12using with the authorize– command 18

hostnp parameterauthorize command 14authorize– command 18

HostResolution token 238, 423hosts command, syntax and description 77

Iinactive– parameter

setoptions command 96inactive parameter

setoptions command 96INET class codes 372INETACL, See access control list (ACL) 12init files

trcfilter 243, 244initialization files, See init files 243inode 268installation test mode 42interval– parameter

chusr command 61editusr command 61setoptions command 98

interval parameterchusr command 60, 61editusr command 60, 61newusr command 60, 61setoptions command 97

Interval token 419

issec utility 148

Jjoin access authority 13join command

setting GROUP authorities 79syntax and description 79syntax and description, UNIX 130

join– commandsyntax and description 82syntax and description, UNIX 132

joiningusers to a group 79users to a UNIX group 130

Kkey for encryption 171kill_ignore token 239, 423

Llabel– parameter

chfile command 28chres command 48chusr command 62editfile command 28editres command 48editusr command 62

label parameterchfile command 28chres command 47, 48chusr command 62editfile command 28editres command 47, 48editusr command 62newfile command 28newres command 47, 48

460 Version 3.7

label parameter (continued)newusr command 62

lang.iniproperties

attributes file 439token UserDefinedTokensFile 436

properties sectionDefinition Files 437Tokens File 438User Defined Properties 437User Defined Tokens File 438

properties tokensUserDefinedAttributesFile 436

tokensgeneral 434

lang.ini filedefault parameters 434

lang.ini tokensDefaultAudit 435DefaultDay 435, 436DefaultExpire 436DefaultHome 440DefaultLocation 436DefaultNotify 435, 436DefaultOrg 436DefaultOrgUnit 436DefaultPGroup 440DefaultShell 440DefaultTime 435, 436DefaultWarning 435HistFile 434HistSize 434

lang section 203, 410lang tokens

exit_timeout 203, 410exits_dir 410exits_source_dir 410help_path 203, 410logfile 410logfile_append 411logfile_group 411logfile_name 411post_group_exit 203, 411post_user_exit 203, 411pre_group_exit 203, 411pre_user_exit 203, 411

lang tokens (continued)query_size 203, 411timeout 203, 411use_unix_file_owner 203, 412

length parameter, setoptions command 98level– parameter


level parameterchfile command 28chres command 48chusr command 62editfile command 28editres command 48editusr command 62newfile command 28newres command 48newusr command 62

lineEdit parameterhelp command 74help command in UNIX 127

list parameter, setoptions command 96local host 271location parameter

chusr command 62editusr command 62newusr command 62

log record creation return codes 374log routing daemons 207, 210, 222, 418logfile_append token 411logfile_group token 411logfile_name token 411logfile token 410login interception stage codes 369login_timeout token 239logmgr tokens

audit_back 165, 412audit_group 165, 413audit_log 165, 413audit_size 165, 413error_back 165, 413error_group 191, 414


Ind

ex

logmgr tokens (continued)error_log 165, 191, 414error_size 165, 414

Logroute API 210lookaside databases

creating 167listing contents of 167updating 167

lookaside_path token 169, 239, 423lowercase parameter, setoptions command 99

MMailer token 419mask parameter

chres command 48editres command 48newres command 48

match parameterchres command 48editres command 48newres command 48

max_rep parameter, setoptions command 99maxlogins– parameter

chusr command 62editusr command 62setoptions command 96

maxlogins parameterchusr command 62editusr command 62newusr command 62setoptions command 96

MaxSeqNoSleep token 419mem– parameter

chres command 49, 52editres command 49, 52

mem parameterchres command 48editres command 48newres command 48

message file 228message tokens, filename 165, 415min_life– parameter

chusr command 63

min_life– parameter (continued)editusr command 63setoptions command 98

min_life parameterchusr command 63editusr command 63newusr command 63setoptions command 98

mode parameterchfile command 118editfile command 118

modify access authority 13, 46

Nname parameter

chgrp command 36chusr command 63editgrp command 36editusr command 63newgrp command 36newusr command 63

namechk– parameter, setoptions command 99namechk parameter, setoptions command 99newfile command

syntax and description 24newgrp command


newres commandsyntax and description 42

newres tokensDefaultAudit 435DefaultDay 435DefaultNotify 435DefaultTime 435DefaultWarning 435

newusr commandsyntax and description 55syntax and description, UNIX 122

newusr tokensDefaultAudit 435DefaultDay 436DefaultExpire 436

462 Version 3.7

newusr tokens (continued)DefaultHome 440DefaultLocation 436DefaultNotify 436DefaultOrg 436DefaultOrgUnit 436DefaultPGroup 440DefaultShell 440DefaultTime 436

nfs_devices token 239, 423NIS 167, 222, 271, 295nis_env token 257, 416NisPlus_server token 257, 417none (type of access authority) 13, 27, 46notify– parameter


notify parameterchfile command 28chres command 49chusr command 63editfile command 28editres command 49editusr command 63newfile command 28newres command 49newusr command 63

numeric parameter, setoptions command 99

OobjName parameter

find command 72find command in UNIX 125

objNamePattern parameterfind command 72find command in UNIX 125

oldpwchk– parameter, setoptions command 99oldpwchk parameter, setoptions command 99OPERATOR 107

OPERATOR, AUDITOR, ADMIN,PWMANAGER 72

operator– parameterchusr command 63editusr command 63join command 80

operator parameterchusr command 63editusr command 63join command 80newusr command 63

org_unit parameterchusr command 64editusr command 64newusr command 64

organization parameterchusr command 64editusr command 64newusr command 64

owner parameterchfile command 29, 119chgrp command 36, 38, 39chres command 50chusr command 64editfile command 29, 119editgrp command 36, 38, 39editres command 50editusr command 64join command 80newfile command 29newgrp command 36, 38, 39newres command 50newusr command 64

ownership limitations 56

Ppam_seos token 415pam_seos tokens

call_segrace 415serevu_use_pam_seos 415

pam_seosr tokensdebug_mode_for_user 415failed_login_file 415


Ind

ex

parent parameterchgrp command 36editgrp command 36newgrp command 36

passwd section 203, 257passwd tokens

AllowableGidRange 416DefaultHome 203, 416DefaultPasswdCmd 416DefaultPgroup 416DefaultShell 203, 416Dictionary 416nis_env 257, 416NisPlus_server 257, 417quiet_mode 417SaveGroupAttrs 417SavePasswdAttrs 417UntouchableGid 203UntouchableUid 203, 416UseDict 256, 417YpGrpCmd 203, 417YpMakeDir 203, 417YpPassCmd 203, 417YpServerGroup 203, 417YpServerPasswd 203, 417YpServerSecure 203, 275, 417YpTimeOut 418

password access authority 13, 46password parameter

chusr command 64chusr command in UNIX 123editusr command 64editusr command in UNIX 123newusr command 64newusr command in UNIX 123setoptions command 97

passwordsactivating quality checks 94changing 55, 251checking 256comparing TACF and UNIX passwords 176deactivating quality checks 94defining a password dictionary 256disabling password quality checking 100granting authority to administer 11managing users 55, 251

passwords (continued)prompting users to replace 192, 252return codes 375rules for 98setting 55, 251setting history options 97setting rules for 55, 254updating the passwd NIS map 115utilities for managing 142viewing 254

past token 410Path token 280, 431permit 11PgmRest token 250, 429PgmTestInterval token 250, 429pgroup parameter


phone parameterchusr command 64editusr command 64newusr command 64

port token 410portmapper 151, 222, 419ports 151post_group_exit token 203, 411post_user_exit token 203, 411pre_group_exit token 203, 411pre_user_exit token 203, 411PROCESS class

administering 43deleting records from 88displaying properties of 105properties 327, 332support for access control lists 12

PROGRAM classaccess authority 13, 20, 47administering 43deleting records from 88displaying properties of 105monitoring 249properties 336

464 Version 3.7

PROGRAM class (continued)specific codes 374support for access control lists 12using with the authorize command 13using with the authorize– command 20

propertiesADMIN class 300CATEGORY class 302CONNECT class 303displaying with showfile 101, 136displaying with showgrp 103displaying with showgrp in UNIX 137displaying with showres 105displaying with showusr 107displaying with showusr in UNIX 138FILE class 305GHOST class 308, 310GROUP class 312GSUDO class 316GTERMINAL class 317HOST class 319, 321HOSTNET class 323HOSTNP class 325PROCESS class 327, 332PROGRAM class 336SECFILE class 340SECLABEL class 341SEOS class 342, 346setting rules for display properties 92SUDO class 348SURROGATE class 351TCP class 354TERMINAL class 357UACC class 360USER class 361UserDefinedTokensFile 436

properties tokensUserDefinedAttributesFile 436

props parameter, ruler command 93protect_bin token 239, 424PWMANAGER 107pwmanager– parameter

chusr command 65editusr command 65join command 80

pwmanager parameterchusr command 65editusr command 65join command 80newusr command 65

Qquery_size token 203, 411question mark wildcard 8, 441quiet_mode token 417

Rrdbdump utility 143read access authority 13, 27, 46, 174RebuildProgram token 429records

adding file records 24audit 157changing 84changing file records 24changing in UNIX 118collecting audit log records 207defining file records 24removing 85trace 160

RefreshParams token 250, 429removing

administrators 55an alias 110auditors 55GROUP authorities 79groups 86groups from UNIX 134records 85resources 88users 90users from a group 82users from a UNIX group 132users from UNIX 135


Ind

ex

rename access authority 13, 27, 46, 174rename– command

syntax and description 84resolve_rebind 424resolve_timeout token 240, 424resource record

resourceName 21resource testfile 21resourceName parameter

authorize command 14authorize– command 18chres command 50editres command 50newres command 50rmres command 88showres command 106

resourcesadding 42changing 42defining 42displaying properties of 105removing 88

restrictions–chfile command 31editfile command 31

restrictions– parameterchres command 52chusr command 67editres command 52editusr command 67

restrictions parameterchfile command 29chres command 51chusr command 65editfile command 29editres command 51editusr command 65newfile command 29newres command 51newusr command 65

resume– parameterchusr command 67editusr command 67

resume parameterchusr command 67editusr command 67

resume parameter (continued)newusr command 67

return codesclass INET codes 372class PROGRAM specific codes 374class SURROGATE special codes 372log record creation 374password quality return codes 375performing TACF commands 376stage codes for _default checks 371stage codes for general resource checks 370stage codes for login interception 369watchdog untrust logging 375

rmfile commandsyntax and description 85

rmgrp commandsyntax and description 86syntax and description, UNIX 134

rmres commandsyntax and description 88

rmusr commandsyntax and description 90syntax and description, UNIX 135

root directory 289RouteFile token 419RPC 222RPC mechanism 151, 419ruler command, syntax and description 92rules

disabling password quality checking 100setting display properties 92setting for passwords 98setting password quality rules 254

rules– parametersetoptions command 100

rules parametersetoptions command 98

SS58SEOS utility 149S68SEOS utility 150sav_disable_path token 232save_disable_path token 272, 275, 431

466 Version 3.7

SavePasswdAttrs token 417SavePeriod token 419seagent utility (daemon) 151search command, See find command 72seaudit utility 153sebuildla utility 167sec access authority 13, 27, 46SECFILE class

administering 43deleting records from 88displaying properties of 105monitoring secured files 249properties 340

SecFileRest token 250, 429SecFileTestInterval token 250, 429sechkey utility 171SECLABEL class

administering 43deleting records from 88displaying properties of 105properties 341

seclassadm utilitysyntax and description 173warning about TACF daemons 173

secompas utility 176secons utility 179secredb utility 184sections

daemons 206, 409history 434, 436lang 203, 410logmgr 165, 412message 165, 410, 414, 415newres 435newusr 435passwd 203, 257, 415segrace 418selogrd 418seos 206, 250, 420seosd 237, 421seoswd 250, 428, 429sepass 257serevu 274, 430sesu 280, 431sesudo 282, 432unix 440

security access authority 174security level checking, enabling and

disabling 94sedb2scr

arguments-–c className(s) 189-–l 189-–r 189

sedb2scr utility 188seerr utility 228seerrlog utility 190segrace tokens, sepass_command 193, 418segrace utility 192sehostinf utility 194seini utility 195selang

command shellreplacing arguments 9

selang utilitycommand line options 5history mechanism 201, 434invoking selang to view passwords 254syntax and description 198word completion 202

seload utility 205, 263selogrcd utility (daemon) 207selogrd tokens

ChangeLogFactor 418CollectFile 418CollectFileBackup 418DataFile 419Interval 419Mailer 419MaxSeqNoSleep 419RouteFile 419SavePeriod 419ServicePort 419

selogrd utility (daemon) 210semigrate utility 225semsgtool utility 228senable utility 231senone utility 233SEOS class properties 342, 346seos.ini file 407


Ind

ex

seos.ini filesdaemons

HostResolution 238seos.ini tokens

AllowableGidRange 416AlwaysTargetShell 280, 431audit_back 165, 412audit_group 165, 413audit_log 165, 413audit_size 165, 413ChangeLogFactor 418CollectFile 418CollectFileBackup 418config_file 274, 275, 430DataFile 419dbdir 237, 421def_diff_time 275, 430def_disable_time 275, 430def_fail_count 275, 430def_sleep_time 275, 430DefaultHome 203, 416DefaultPasswdCmd 416DefaultPgroup 416DefaultShell 203, 416Dictionary 257, 416displaying tokens 197domain_name 421echo_command 282, 432error_back 165, 413error_group 191, 414error_log 165, 191, 414error_size 165, 414exit_timeout 203, 410exits_dir 410exits_source_dir 410filename 165, 415FilterEnv 431full_year 420GroupidResolution 237, 422help_path 203, 410HostResolution 238, 423Interval 419kill_ignore 239, 423logfile 410logfile_append 411logfile_group 411

seos.ini tokens (continued)logfile_name 411login_timeout 239lookaside_path 169, 239, 423Mailer 419MaxSeqNoSleep 419nfs_devices 239, 423nis_env 257, 416NisPlus_server 257, 417Path 280, 431PgmRest 250, 429PgmTestInterval 250, 429post_group_exit 203, 411post_user_exit 203, 411pre_group_exit 203, 411pre_user_exit 203, 411protect_bin 239, 424query_size 203, 411quiet_mode 417RefreshParams 250, 429resolve_rebind 424resolve_timeout 240, 424RouteFile 419sav_disable_path 232save_disable_path 272, 275, 431SavePasswdAttrs 417SavePeriod 419SecFileRest 250, 429SecFileTestInterval 250, 429SeosAYT 429SEOSPATH 206, 250, 420SeosTimer 250, 430sepass_command 193, 418ServicePort 222, 419ServiceResolution 240, 425SynchUnixFilePerms 420Sys_env_file 431SystemSu 280, 431timeout 203, 411token=text 206trace_file 183, 241, 425trace_file_type 183, 241, 425trace_filter 241, 425trace_space_saver 241, 426trace_to 183, 241, 246, 426under_NIS_server 242, 426

468 Version 3.7

seos.ini tokens (continued)UntouchableGid 203UntouchableUid 203, 416UnTrustMissing 430use_lookaside 242, 427use.rpc.protocol 420use_seauxd 428use_unix_file_owner 203, 412UseDict 256, 257, 417UseInvokerPassword 280, 432UseridResolution 243, 428UseSnefru 250, 430YpGrpCmd 203, 417YpMakeDir 203, 417YpPassCmd 203, 417YpServerGroup 203, 417YpServerPasswd 115, 203, 417YpServerSecure 115, 203, 275, 417YpTimeOut 418

SEOS_load utility 235seos parameter, environment command 71, 124seos section 206, 250SEOS_syscall utility 236seos tokens

SEOSPATH 206, 250, 420SynchUnixFilePerms 420

SeosAYT token 429seosd section 237seosd tokens

dbdir 237, 421domain_name 421full_year 420GroupidResolution 237, 422HostResolution 238, 423kill_ignore 239, 423login_timeout 239lookaside_path 169, 239, 423nfs_devices 239, 423protect_bin 239, 424resolve_rebind 424resolve_timeout 240, 424ServiceResolution 240, 425Sys_env_file 431trace_file 183, 241, 425trace_file_type 183, 241, 425trace_filter 241, 425

seosd tokens (continued)trace_space_saver 241, 426trace_to 183, 241, 246, 426under_NIS_server 242, 426UnTrustMissing 430use_lookaside 242, 427use.rpc.protocol 420use_seauxd 428UseridResolution 243, 428

seosd utility (daemon) 237SEOSPATH token 206, 250, 420SeosTimer token 250, 430seoswd section 250seoswd tokens

PgmRest 250, 429PgmTestInterval 250, 429RefreshParams 250, 429SecFileRest 250, 429SecFileTestInterval 250, 429SeosAYT 429SeosTimer 250, 430UseSnefru 250, 430

seoswd utility (daemon) 249sepass_command token 193, 418sepass section 257sepass tokens

Dictionary 257UseDict 257

sepass utilityinvoked by segrace 252syntax and description 251

sepropadm utilitysyntax and description 259warnings about 259

sepurgdb utilitysyntax and description 261warnings about 261

seretrust utility 268serevu section 274serevu tokens

config_file 274, 275, 430def_diff_time 275, 430def_disable_time 275, 430def_fail_count 275, 430def_sleep_time 275, 430save_disable_path 272, 275, 431


Ind

ex

serevu_use_pam_seos token 415serevu utility (daemon) 271server– parameter


server parameterchusr command 67editusr command 67newusr command 67

service parameterauthorize command 14authorize– command 19

serviceName parameterauthorize command 14authorize– command 18

ServicePort token 222, 419ServiceResolution token 240, 425sesu section 280sesu tokens

AlwaysTargetShell 280, 431FilterEnv 431Path 280, 431SystemSu 280, 431UseInvokerPassword 280, 432

sesu utility 279sesudo section 282sesudo tokens, echo_command 282, 432sesudo utility 282setoptions command

syntax and description 94setting TACF options 94seuidpgm utility 288seversion utility 292sewhoami utility 294shadow password file 115shellprog parameter


shellsinvoking seaudit from UNIX shells 153scripts, accessing resources 15, 20selang 198, 202

shells (continued)tcsh 198

shortcuts in typing 8, 202showfile command


showgrp commandsyntax and description 103syntax and description, UNIX 137

showres command, syntax and description 105showusr

attrtibutes 107showusr command


source command, syntax and description 109special parameter, setoptions command 99stage codes

_default checks 371general resource checks 370login interception 369

stationName parameterauthorize command 15authorize– command 19

string matching 441SUDO class

access authority 13, 47administering 43deleting records from 88displaying properties of 105executing commands as superuser 282properties 348support for access control lists 12using with the authorize command 13

superuser authority 282SURROGATE class

administering 43deleting records from 88displaying properties of 105properties 351special codes 372support for access control lists 12

suspend– parameterchusr command 68editusr command 68

470 Version 3.7

suspend parameterchusr command 67editusr command 67newusr command 67

SynchUnixFilePerms token 420syntax, See command syntax and individual

command names 6Sys_env_file 431system defaults 114systemIds parameter, hosts command 78SystemSu token 280, 431

TTACF

administering database properties 259API 171authorization daemon 421command language 4command return codes 376command syntax 6command syntax in UNIX 116control console 179displaying a user ID 294displaying database information 195displaying initialization file information 195displaying TACF database information 143displaying version numbers 292duplicating a database 188maintaining the message file 228performance considerations 245ports 151purging undefined records 261selang command shell 198seosd authorization daemon 237setting token values 195warnings about seproadm 259warnings about sepurgdb 261watchdog daemon 429

TCP classaccess authority 13, 18, 47administering 43deleting records from 88displaying properties of 105

TCP class (continued)properties 354support for access control lists 12using with the authorize command 13, 47using with the authorize– command 18

tcsh shell 198TERMINAL class

access authority 13, 47administering 43deleting records from 88displaying properties of 105properties 357support for access control lists 12using with the authorize command 13

test mode 42testing access to resources, See warning

parameter, chres, editres, newres 42timeout token 203, 411token=text token 206tokens

daemons section 409for lang.ini 433for seos.ini 407history section 434, 436lang section 410logmgr 191logmgr section 165, 412message section 165, 410, 414, 415newres section 435newusr section 435passwd section 203, 415See also lang.ini tokens, seos.ini tokens, and

individual token names 407segrace section 418selogrd section 418seos section 420seosd section 421seoswd section 428, 429serevu section 430sesu section 431sesudo section 432unix section 440

trace file 425trace_file token 183, 241, 425trace_file_type token 183, 241, 425trace_filter token 241, 425


Ind

ex

trace messagesACTION 380ALARM 380APIAUTH 380CONNECT 384ERROR 384EXEC 388, 389EXECARGS 390EXECsg 388EXECsu 388EXECsusg 389EXIT 390FATAL 390FILE 390FORK 391GPEERNAM 391INET 392INFO 392KILL 396LOGIN 397MESSAGE 398NEWPASS 398RESTART 398SCONSOLE 398SETGRPS 399SGID 400SHUTDOWN 400START-UP 401STREAMc 401STREAMo 401SUID 401VERPASS 402WAKE_UP 402WARNING 403WATCHDOG 405

trace records 160trace_space_saver token 241, 426trace_to token 183, 241, 246, 426transmitter daemon, See emitter daemon 210trcfilter.init file 243trust– parameter

chres command 52editres command 52

trust parameterchres command 52editres command 52

trust parameter (continued)newres command 52

trusted programs 268typing with shortcuts 8, 202

UUACC class

administering 43deleting records from 88displaying properties of 105properties 360support for access control lists 12

uid parameterauthorize command 15authorize– command 19

unalias command 110unalias command, syntax and description 110under_NIS_server token 242, 426UNIX environment

adding a group 120adding a user 122automatic backup copies 115backup files used 115changing a group 120changing a user 122changing file attributes 118default user file 114displaying group properties 137displaying user settings 138extracting users, groups, and hosts 295getting help 114invoking seaudit from UNIX shells 153joining users to a group 130listing file settings 136listing previously entered commands 128removing groups 134removing users 135removing users from a group 132setting system defaults 114setting the security environment 124shadow password file 115working in 113

472 Version 3.7

unix parameterauthorize command 15authorize– command 20chgrp command 39chusr command 68editgrp command 39editusr command 68environment command 71, 124join command 80newgrp command 39newusr command 68rmgrp command 86rmusr command 91showfile command 102showgrp command 104showusr command 108

UntouchableGid token 203UntouchableUid token 203, 416UnTrustMissing 430update access authority 13, 27, 46, 174updating lookaside databases 167uppercase parameter, setoptions command 99use_lookaside token 242, 427use.rpc.protocol token 420use_seauxd 428use_unix_file_owner token 203, 412UseDict token 256, 257, 417UseInvokerPassword token 280, 432USER class, properties 361userid parameter


UseridResolution token 243, 428userlist parameter

chgrp command 40chgrp command in UNIX 120editgrp command 40editgrp command in UNIX 120newgrp command 40newgrp command in UNIX 120

userName parameterchusr command 69

userName parameter (continued)chusr command in UNIX 123editusr command 69editusr command in UNIX 123join command 80join command in UNIX 130join– command 82join– command in UNIX 132newusr command 69newusr command in UNIX 123rmusr command 90rmusr command in UNIX 135showusr command 108showusr command in UNIX 138

usersadding 55adding in UNIX 122changing 55changing in UNIX 122defining 55defining in UNIX 122disabling 271displaying properties of 107displaying settings in UNIX 138enabling disabled 231joining to a group 79joining to a UNIX group 130removing 90removing from a group 82removing from a UNIX group 132removing from UNIX 135replacing properties in a group 79

UseSnefru token 250, 430utilities

by categoryadministration utilities 140daemons 142installation utilities 141password utilities 142support utilities 141TACF 139user utilities 140

dbdump 143dbutil 146issec 148rdbdump 143


Ind

ex

utilities (continued)S58SEOS 149S68SEOS 150seagent 151seaudit 153sebuildla 167sechkey 171seclassadm 173secompas 176secons 179secredb 184sedb2scr 188seerr 228seerrlog 190segrace 192sehostinf 194seini 195selang 198seload 205, 263selogrcd 207selogrd 210semigrate 225semsgtool 228senable 231senone 233SEOS_load 235SEOS_syscall 236seosd 237seoswd 249sepass 251sepropadm 259sepurgdb 261seretrust 268serevu 271sesu 279sesudo 282seuidpgm 288seversion 292sewhoami 294UxImport 295

utime access authority 13, 27, 46, 174UxImport utility 295

Vvariables

environment variablesnotation for xv

via parameterauthorize command 15authorize– command 20

Wwarning– parameter

chfile command 31chres command 53editfile command 31editres command 53

warning parameterchfile command 31chres command 53editfile command 31editres command 53newfile command 31newres command 53setting test mode 53

watchdogdaemon 249return codes 375

wildcard matching 441wildcards 8, 25, 441write access authority 13, 27, 46, 174

YYpGrpCmd token 203, 417YpMakeCmd token 115YpMakeDir token 115, 203, 417YpPassCmd token 203, 417YpServerGroup token 115, 203, 417YpServerPasswd token 115, 203, 417YpServerSecure token 115, 203, 275, 417YpTimeOut token 418

474 Version 3.7

Printed in the United States of Americaon recycled paper containing 10%recovered post-consumer fiber.

GC32-0707-00