“About This Guide” includes brief descriptions of the contents of this guide and an explanation of typographical conventions used, and refers you to additional sources of information you might find helpful.
This guide explains how to perform general system configuration and operation tasks under the Trusted IRIX/CMW (Compartmented Mode Workstation) operating system used with SGI workstations and servers. It provides descriptions of those tasks that are specific to this version of the operating system.
If you have a graphics workstation, you may find it convenient to use the System Manager, which is described in the Personal System Administration Guide. That guide should be your first resource for administering graphics workstations. Regardless of whether you use the System Manager or the IRIX command-line interface, the results are the same. The System Manager does not create any new files on your system.
If you have a server, the IRIX Admin manual set (of which this guide is part) is your primary guide to system administration, because without graphics you cannot use the System Manager. This guide does not describe the System Manager in great detail. Instead, it covers the traditional shell command approach to administering an IRIX operating system.
This guide contains the following chapters:
| Chapter 1, “Introduction to Trusted IRIX/CMW” | Provides an overview of Trusted IRIX/CMW. | |
| Chapter 2, “Planning Your Trusted IRIX/CMW System” | Provides a comprehensive discussion of the planning necessary to set up a properly functioning Trusted IRIX/CMW system or network of systems. | |
| Chapter 3, “Administering Login Accounts” | Provides information on the creation, maintenance, and removal of login accounts under Trusted IRIX/CMW. | |
| Chapter 4, “Networking with Trusted IRIX/CMW” | Describes the tasks and procedures necessary to administer a network of Trusted IRIX/CMW systems. | |
| Chapter 5, “Administering Access Control” | Provides information on administering both Mandatory and Discretionary Access Control (including Access Control Lists) under Trusted IRIX/CMW. | |
| Chapter 6, “Administering the System Audit Trail” | Describes the audit records and methods specific to Trusted IRIX/CMW. | |
| Chapter 7, “Administering Identification and Authentication” | Describes the Identification and Authentication procedures specific to Trusted IRIX/CMW. | |
| Chapter 8, “Trusted IRIX/CMW System Data Files” | Describes the system files specific to Trusted IRIX/CMW. | |
| Chapter 9, “Administering Printing and Tape Devices” | Describes the special actions required to use printers, tape drives, and other media with Trusted IRIX/CMW. | |
| Chapter 10, “Maintaining an Evaluated Configuration” | Provides information on maintaining security precautions at your site. |
The following conventions are used throughout this guide:
| command | This fixed-space font denotes literal items such as commands, files, routines, pathnames, signals, messages, and programming language structures. | |
| variable | Italic typeface denotes variable entries and words or concepts being defined. | |
| user input | This bold, fixed-space font denotes literal items that the user enters in interactive sessions. Output is shown in nonbold, fixed-space font. | |
| [] | Brackets enclose optional portions of a command or directive line. | |
| manpage(x) | Man page section identifiers appear in parentheses after man page names. | |
| “” | (Double quotation marks) References in text to document section titles | |
| # | IRIX shell prompt for the superuser (root) | |
| % |
The Trusted IRIX/CMW Security Administration Guide is written for administrators who are responsible for one or more systems running the Trusted IRIX/CMW operating system and for performing tasks beyond the usual scope of user responsibility for the user's home directory structure and immediate working directories. Frequently, people who would consider themselves “end users” find themselves performing advanced administrative tasks. This book has been prepared to help both new and experienced administrators successfully perform all operations necessary to configure and maintain CMW security on Trusted IRIX/CMW systems.
This section describes the guides and resources provided with your system and the specific focus and scope of each.
This guide is an additional resource to the IRIX Admin manual set. This guide differs from the IRIX Admin documentation in certain areas, and this guide should be considered the authoritative guide for the Trusted IRIX/CMW operating system.
The IRIX Admin suite is intended for administrators: those who are responsible for servers, multiple systems, and file structures outside the user's home directory and immediate working directories. If you find yourself in the position of maintaining systems for others or if you require more information about IRIX than is in the end-user manuals, these guides are for you. The IRIX Admin guides are available through the InfoSearch online viewing system. They are also available on the World Wide Web at http://docs.sgi.com . The set comprises these volumes:
IRIX Admin: Software Installation and Licensing—Explains how to install and license software that runs under IRIX, the SGI implementation of the UNIX operating system. Contains instructions for performing miniroot and live installations using Inst, the command-line interface to the IRIX installation utility. Identifies the licensing products that control access to restricted applications running under IRIX and refers readers to licensing product documentation.
IRIX Admin: System Configuration and Operation—Lists good general system administration practices and describes system administration tasks, including configuring the operating system; managing user accounts, user processes, and disk resources; interacting with the system while in the PROM monitor; and tuning system performance.
IRIX Admin: Disks and Filesystems—Describes how to add, maintain, and use disks and filesystems. Discusses how they work, their organization, and how to optimize their performance.
IRIX Admin: Networking and Mail—Describes how to plan, set up, use, and maintain the networking and mail systems, including discussions of sendmail, UUCP, SLIP, and PPP.
IRIX Admin: Backup, Security, and Accounting—Describes how to back up and restore files, how to protect your system's and network's security, and how to track system usage on a per-user basis.
IRIX Admin: Resource Administration—Introduces system resource administration and describes how to use and administer various IRIX resource management features such as IRIX process limits, job limits, Comprehensive System Accounting (CSA), the Cpuset System, and Miser.
IRIX Admin: Peripheral Devices—Describes how to set up and maintain the software for peripheral devices such as terminals, modems, printers, and CD-ROM and tape drives. Also includes specifications for the associated cables for these devices.
IRIX Admin: Selected Reference Pages—Provides concise reference page (manual page) information on the use of commands that may be needed while the system is down. Generally, each reference page covers one command, although some reference pages cover several closely related commands. Reference pages are available online through the man command.
The IRIX reference pages (often called “man” or “manual” pages) provide concise reference information on the use of IRIX commands, subroutines, and other elements that make up the IRIX operating system. This collection of entries is one of the most important references for an administrator. Generally, each reference page covers one command, although some reference pages cover several closely related commands.
The IRIX reference pages are available online through the man command. To view a reference page, use the man command at the shell prompt. For example, to see the reference page for diff, enter:
man diff |
It is a good practice to print those man pages you consistently use for reference and those you are likely to need before major administrative operations and keep them in a notebook of some kind.
Each command, system file, or other system object is described on a separate page. The man pages are divided into seven sections, as shown in Table 1. When referring to reference pages, this document follows a standard UNIX convention: the name of the command is followed by its section number in parentheses. For example, cc refers to the cc(1) reference page in Section 1.
Table 1 shows the reference page sections and the types of reference pages that they contain.
Table 1. Outline of Reference Page Organization
Type of Reference Page | Section Number |
|---|---|
General Commands | (1) |
System Calls and Error Numbers | (2) |
Library Subroutines | (3) |
File Formats | (4) |
Miscellaneous | (5) |
Demos and Games | (6) |
Special Files | (7) |
Release notes provide release-specific information about a product. Exceptions to the information in the administration guides are found in this document. Release notes are available online through the relnotes command. Each product or application has its own set of release notes. The grelnotes command provides a graphical interface to the release notes of all products installed on your system.
Your system comes with an online help system. This system provides help cards for commonly asked questions about basic system setup and usage. The command to initiate a help session is desktophelp.
The SGI World Wide Web (WWW) presence has been established to provide current information of interest to SGI customers. The following URL addresses are accessible to most commercially available Web browsers on the Internet:
| http://www.sgi.com | The SGI general Web server | |
| http://docs.sgi.com | The SGI Technical Publications Library |
If you have comments about the technical accuracy, content, or organization of this document, please tell us. Be sure to include the title and document number of the manual with your comments. (Online, the document number is located in the front matter of the manual. In printed manuals, the document number can be found on the back cover.)
You can contact us in any of the following ways:
Send e-mail to the following address:
techpubs@sgi.com |
Use the Feedback option on the Technical Publications Library World Wide Web page:
http://docs.sgi.com |
Contact your customer service representative and ask that an incident be filed in the SGI incident tracking system.
Send mail to the following address:
Technical Publications
SGI
1600 Amphitheatre Pkwy., M/S 535
Mountain View, California 94043-1351
Send a fax to the attention of “Technical Publications” at +1 650 932 0801.
We value your comments and will respond to them promptly.