Y L F M A E T Team-Fly® AIX® 5L Administration Randal K. Michael McGraw-Hill/Osborne New York Chicago San Francisco Lisbon Londo Madri Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright ©2002 by The McGraw-Hill Companies, Inc. All rights reserved. Manufactured in the United States of America. Except as permitted under the United States Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of the publisher. 0-07-222841-5 The material in this eBook also appears in the print version of this title: 0-07-222255-7 All trademarks are trademarks of their respective owners. Rather than put a trademark symbol after every occur- rence of a trademarked name, we use names in an editorial fashion only, and to the benefit of the trademark owner, with no intention of infringement of the trademark. Where such designations appear in this book, they have been printed with initial caps. McGraw-Hill eBooks are available at special quantity discounts to use as premiums and sales promotions, or for use in corporate training programs. For more information, please contact George Hoare, Special Sales, at [email protected] or (212) 904-4069. TERMSOFUSE This is a copyrighted work and The McGraw-Hill Companies, Inc. (“McGraw-Hill”) and its licensors reserve all rights in and to the work. Use of this work is subject to these terms. Except as permitted under the Copyright Act of 1976 and the right to store and retrieve one copy of the work, you may not decompile, disassemble, reverse engineer, reproduce, modify, create derivative works based upon, transmit, distribute, disseminate, sell, publish or sublicense the work or any part of it without McGraw-Hill’s prior consent. You may use the work for your own noncommercial and personal use; any other use of the work is strictly prohibited. Your right to use the work may be terminated if you fail to comply with these terms. THE WORK IS PROVIDED “AS IS”. McGRAW-HILLAND ITS LICENSORS MAKE NO GUARANTEES OR WARRANTIES AS TO THE ACCURACY, ADEQUACYOR COMPLETENESS OF OR RESULTS TO BE OBTAINED FROM USING THE WORK, INCLUDING ANYINFORMATION THATCAN BE ACCESSED THROUGH THE WORK VIAHYPERLINK OR OTHERWISE, AND EXPRESSLYDISCLAIM ANYWAR- RANTY, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITYOR FITNESS FOR APARTICULAR PURPOSE. McGraw-Hill and its licensors do not warrant or guarantee that the functions contained in the work will meet your requirements or that its operation will be uninterrupted or error free. Neither McGraw-Hill nor its licensors shall be liable to you or anyone else for any inaccuracy, error or omission, regardless of cause, in the work or for any damages resulting therefrom. McGraw-Hill has no responsibility for the content of any information accessed through the work. Under no cir- cumstances shall McGraw-Hill and/or its licensors be liable for any indirect, incidental, special, punitive, conse- quential or similar damages that result from the use of or inability to use the work, even if any of them has been advised of the possibility of such damages. This limitation of liability shall apply to any claim or cause whatso- ever whether such claim or cause arises in contract, tort or otherwise. DOI: 10.1036/0072228415 This book is dedicated to my Wife Robin and the girls Andrea and Ana ABOUT THE AUTHOR: Randal K. Michaelis a Certified AIX Specialist who has worked in the technology sector for 25 years focusing on computer systems support; he has also been a UNIX Systems Administrator for the last ten years, concentrating on AIX. Randal holds a Bachelor of Science degree in Computer Science with a MathematicsminorfromtheUniversityofAlabama,SchoolofEngineering.Hisbroadbaseofexperiencestems fromworkingwithbusinesseswhoperformmissilesystemsresearchanddevelopment,automotiveelectronics and control systems design, development and manufacturing, computer-aided design (both mechanical and electronic), computer-aided manufacturing, telecommunications, hospital computer support, finance, wireless communications, and beverage manufacturing. Randal has worked as a Systems Administrator for companies such as Chrysler Motors, IBM, BellSouth, Egleston Children’s Hospital, Equifax, and Glenayre Electronics. Over the years Randal has worked mainly as a contract consultant. He currently works for Coca-Cola Enterprises, Incorporated, in Atlanta, Georgia. ABOUT THE CONTRIBUTING AUTHORS: TerryGreenleehasbeenanindependentAIXconsultantsince1992.HefoundedtheSanJoseAIXUserGroupin 1994andchairedituntil1999.TerrycanbecontactedatTerry.Greenlee@AIXadm.org. CharlesRitterisaUnixSystemsAdministratorandinformationtechnologyconsultantspecializinginIBM's AIXoperatingsystem.Charleshaseightyearsofexperienceintheindustry,workingfortopsystemvendorsand Fortune500companies,includingHitachiData Systems, Shared Medical Systems, and Charles Schwab. He can be reached [email protected]. Sandor W. Sklaris a Unix Systems Administrator at Stanford University, Information Technology Systems and Services, and is an IBM Certified Specialist in AIX System Administration. ToddSmithisanIBMCertifiedAIXSpecialistwithover20yearsofexperienceintheDataProcessingfield. HehasheldpositionswithCiba-Visionasaprogrammer/analyst;withCoca-ColaEnterprisesasaSystems AdministratoronbothiSeries(AS/400)andpSeries(RS/6000)platforms;andasManagerofCorporateUNIX Infrastructure.HecurrentlyownsA.ToddSmithConsulting(www.atoddsmith.com). Joey Neilsonis a Principal Education Specialist with Availant, Inc. (formerly known as CLAM Associates), specializing in AIX and HACMP instruction. He has more than 30 years of computer experience in hardware/software support and computer training. He is currently certified as an AIX Advanced Technical Expert and Cisco Certified Network Associate. He can be reached at [email protected]. Sandy Larsonis a Principal Technical Writer on the HACMP project at Availant,Inc.Shehasbeen documentingHACMPandotherhighavailabilityproductsatAvailantsince 1998. She may be reached at [email protected]. Roger Fisheris a Senior Education Specialist with Availant, Inc., specializing in AIX and HACMP instruction. He has more than 30 years of computer experience inhardware/softwaresupportandcomputer [email protected]. Judy Camposis Documentation Manager at Availant, Inc. She has been with Availant for nine years and has documented every release of HACMP since version 2.1. She may be reached at [email protected]. Julia Malkinis a Technical Writer on the HACMP project at Availant, Inc. She has been documenting HACMP since 2000. She may be reached at [email protected]. ABOUT THE TECHNICAL REVIEWERS: Frances Auis currently a senior technical analyst for INTRIA-HP. She has been involved in Unix Systems Administration since 1995. Apart from her extensive knowledge in legacy systems, she has in-depth working knowledge of the following Unix platforms: AIX, HP-UX, and SUN Solaris. In her spare time, she enjoys reading and travelling. Terry Greenleehas been an independent AIX consultant since 1992. He founded the San Jose AIX User Group in 1994 and chaired it until 1999. Terry can be contacted at [email protected]. For more information about this title, click here. CONTENTS Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Part I System Administration Tasks and Tools ❖ 1 Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 AIX and UNIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 New Features of AIX with Version 5L. . . . . . . . . . . . . . . . . . . . . . . . 5 System Administration Activities . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 ❖ 2 DocSearch and the Online Manual Pages: Getting Help from the System . . . . . . 15 AIX Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 DocSearch Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 DocSearch Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Using DocSearch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Part II Systems and System Architecture ❖ 3 POWER Processors and Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 The History of the POWER Processor . . . . . . . . . . . . . . . . . . . . . . . . 41 Code Name Regatta: the p690 . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46 pSeries Machines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 ❖ 4 AIX 5L Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Kernel Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 More About the Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 v Copyright 2002 by The McGraw-Hill Companies, Inc. Click Here for Terms of Use. vi AIX 5L Administration Part III System Installation and Management ❖ 5 System Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 Using SMIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Web-Based System Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Distributed Systems Management . . . . . . . . . . . . . . . . . . . . . . . . . 72 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 ❖ 6 AIX Installation and Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Installation and Maintenance Planning . . . . . . . . . . . . . . . . . . . . . . . 78 Installing AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 Installing Licensed Program Products (LPP) . . . . . . . . . . . . . . . . . . . . 100 Installing Non-LPP Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Removing Installed Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Applying Maintenance Level (ML) Patches . . . . . . . . . . . . . . . . . . . . 104 Post Installation and Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . 107 Distributed System Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . 109 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 ❖ 7 AIX System Boot and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Booting the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Creating Bootable Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Boot Sequence of Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 The AIX Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Fast Boot on MP Machines with mpcfg Command Option . . . . . . . . . . . 125 Stopping the System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Itanium-Based System Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 Part IV System Configuration and Customization ❖ 8 AIX Runtime Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 System Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 PTY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 ❖ 9 AIX Device Configuration Manager (cfgmgr)and the Object Data Manager (ODM) . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 ODM Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 ODM Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Device Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 Predefined and Customized Devices . . . . . . . . . . . . . . . . . . . . . . . . 155 Device States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Boot Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160 Small Computer System Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Using smitty cfgmgr to AutoConfigure Your System . . . . . . . . . . . . . . . 164 Updating the Product Topology Diskette . . . . . . . . . . . . . . . . . . . . . 164 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Contents vii ❖ 10 Tape Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Tape Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Linear Open Tape (LTO) Ultrium Tape Drives . . . . . . . . . . . . . . . . . . 174 IBM 3494 Enterprise Tape Library . . . . . . . . . . . . . . . . . . . . . . . . . 175 Linux Tape Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Public Domain Tape Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 ❖ 11 The AIX Logical Volume Manager (LVM) . . . . . . . . . . . . . . . . . . . . . . . . 179 Disk Evolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Disks Are Doubling Every Six Months . . . . . . . . . . . . . . . . . . . . . . . 180 Disk Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180 Disk Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Introducing the LVM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Configuring Volume Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Configuring Logical Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Filesystems (JFS and JFS2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Paging Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Volume Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 ❖ 12 Printers and the Print Subsystem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 233 Data Flow of a Print Job. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Configuring AIX Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 lpd Daemon. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 Testing and Modifying Printer Configuration . . . . . . . . . . . . . . . . . . . 251 Managing AIX Printers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Highly Available Print Queues. . . . . . . . . . . . . . . . . . . . . . . . . . . . 255 ASCII Terminal Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 X Station Printers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258 Configuring and Using the System V Printer Subsystem . . . . . . . . . . . . . 259 Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270 Part V Network Configuration and Customization ❖ 13 TCP/IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 TCP/IP Network Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276 Network Devices and Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283 Network Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Domain Name System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 TCP/IP Subsystems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 DHCP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 SLIP and PPP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 TCP/IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 TCP/IP Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308 viii AIX 5L Administration Part VI Networked Filesystems ❖ 14 Networked Filesystems: NFS, NIS, and NIS+ . . . . . . . . . . . . . . . . . . . . . . 311 Network File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 NFS Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 NFS Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Network Information Services: NIS and NIS+ . . . . . . . . . . . . . . . . . . . 320 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326 Highly Available Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 ❖ 15 Distributed File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 DFS Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336 Installation and Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 Operation and Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 Starting DFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Fileset Replication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350 DFS Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Part VII Linux Affinity ❖ 16 LinuxAffinitywithAIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355 Running Linux Applications on AIX 5L . . . . . . . . . . . . . . . . . . . . . . 356 Strong Linux Affinity with AIX . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 Part VIII Distributed Services ❖ 17 Mail and Sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Sendmail Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 Starting and Stopping Sendmail . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Mail Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Configuration Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376 Delivery Agents and Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Mail Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Managing Mail Queues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 387 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388 ❖ 18 Apache Web Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389 Creating Web Content . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Web Browsers and Helper Applications . . . . . . . . . . . . . . . . . . . . . . 405 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405 ❖ 19 X11 Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 408 Contents ix Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Start and Stop Display Managers . . . . . . . . . . . . . . . . . . . . . . . . . . 419 The Desktop Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 Desktop Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421 Desktop Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 IBM X Station Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429 Part IX Managing Users and Resources ❖ 20 Managing the User Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 Physical Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 UID Space and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 Resource Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 User Account Access Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442 User Account Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 442 Managing User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448 Password Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457 ❖ 21 Process Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 Process Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 Parent Child Inheritance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465 Controlling Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466 The /procFilesystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468 Scheduled Processes (cron) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 System Resource Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 478 ❖ 22 System Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479 Data Collection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480 Accounting Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 Accounting Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486 Periodic Housecleaning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490 Checklist. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 Part X Security ❖ 23 Auditing and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497 Alternative Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . 499 Controlling Superuser Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Securing Network Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504 Securing File Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504 Trusted Computing Base . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 508 The Auditing Subsystem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512 Additional Security Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 Sources of Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517 Checklist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517