“About This Guide” includes brief descriptions of the contents of this guide and an explanation of typographical conventions used, and refers you to additional sources of information you might find helpful.
This guide explains how to use the Trusted IRIX™/CMW (Compartmented Mode Workstation) operating system with Silicon Graphics® workstations and servers. It provides descriptions of those user tasks that are specific to this version of the operating system.
If you have a graphics workstation, you will need to be familiar with the user documentation of the standard IRIX operating system, on which this product is based. See the SGI_EndUser bookshelf in your IRIS InSight® Online Documentation system.
You should read this guide if you have never used a secure system before or if you are encountering Trusted IRIX/CMW for the first time.
You must acquire the entire set of standard IRIX documentation in addition to this release. In addition to this manual the following documents are included:
| Security Administration Guide |
| |
| Security Features Release Notes |
|
This guide contains the following chapters:
| Chapter 1, “Introduction to Trusted IRIX/CMW” |
| |
| Chapter 2, “Getting Acquainted with Trusted IRIX/CMW” |
| |
| Chapter 3, “Understanding Access Control” |
| |
| Chapter 4, “Understanding System Access” |
| |
| Chapter 5, “Importing and Exporting Data” | | |
| Chapter 6, “Understanding Auditing” |
| |
| Chapter 7, “Programming in a Trusted Environment” |
| |
| Appendix H, “Glossary Of Computer Security Terms” |
|
These type conventions and symbols are used in this guide:
| Bold | C++ class names, C++ member functions, C++ data members, function names, language keywords and data types, literal command-line arguments (options/flags), nonalphabetic data types, operators, and subroutines. | |
| Helvetica Bold | Hardware labels | |
| Italics | Backus-Naur Form entries, command monitor commands, executable names, filenames, glossary entries (online, these show up as underlined), IRIX commands, manual/book titles, new terms, onscreen button names, program variables, tools, utilities, variable command-line arguments, variable coordinates, and variables to be supplied by the user in examples, code, and syntax statements | |
| Fixed-width type |
| |
| Bold fixed-width type |
| |
| ALL CAPS | Environment variables, operator names, directives, defined constants, macros in C programs | |
| “” | (Double quotation marks) Onscreen menu items and references in text to document section titles | |
| () | (Parentheses) Following function names—surround function arguments or are empty if the function has no arguments; following IRIX commands—surround reference page (man page) section numbers | |
| [] | (Brackets) Surrounding optional syntax statement arguments | |
| <> | (Angle brackets) Surrounding nonprinting keyboard keys, for example, <Esc>, <Ctrl-D> | |
| # | IRIX shell prompt for the superuser (root) | |
| % | IRIX shell prompt for users other than superuser | |
| >> | Command Monitor prompt |
This guide uses the standard UNIX convention for referring to entries in IRIX documentation. The entry name is followed by the section number in parentheses. For example, rcp(1C) refers to the rcp online reference page.
The Trusted IRIX/CMW Security Features User's Guide is written for ``end users'' on Trusted IRIX/CMW systems. Frequently, people who would consider themselves end users find themselves performing advanced administrative tasks. For those individuals, the Trusted IRIX/CMW Security Administration Guide has been prepared to help both the new and experienced administrator successfully perform all operations necessary to configure and maintain CMW security on Trusted IRIX/CMW systems.
For easy reference, here is a list of the guides and resources provided with your system and the specific focus and scope of each. You can see the guides by invoking the InSight library on your desktop or through the system toolchest, or through the iiv(1) command from a shell window.
Your IRIS InSight documentation library contains a bookshelf titled SGI_EndUser. This bookshelf contains the end user documentation for your system. Some of these books include:
IRIS Essentials or Desktop User's Guide
IRIS Glossary of Terms
IRIS Utilities Guide
Personal System Administration Guide
Media Control Panels User's Guide
These books have been written for standard IRIX. Where they differ from information in this book and in the Trusted IRIX/CMW Security Administration Guide, the Trusted IRIX/CMW books should be considered authoritative.
The IRIX Admin suite is intended for administrators: those who are responsible for servers, multiple systems, and file structures outside the user's home directory and immediate working directories. If you find yourself in the position of maintaining
systems for others or if you require more information about IRIX than is in the end-user manuals, these guides are for you. The IRIX Admin guides are available through the IRIS InSight™ online viewing system. The set comprises these volumes:
IRIX Admin: Software Installation and Licensing —Explains how to install and license software that runs under IRIX, the Silicon Graphics implementation of the UNIX® operating system. Contains instructions for performing miniroot and live installations using Inst, the command line interface to the IRIX installation utility. Identifies the licensing products that control access to restricted applications running under IRIX and refers readers to licensing product documentation.
IRIX Admin: System Configuration and Operation —Lists good general system administration practices and describes system administration tasks, including configuring the operating system; managing user accounts, user processes, and disk resources; interacting with the system while in the PROM monitor; and tuning system performance.
IRIX Admin: Disks and Filesystems —Describes how to add, maintain, and use disks and filesystems. Discusses how they work, their organization, and how to optimize their performance.
IRIX Admin: Networking and Mail —Describes how to plan, set up, use, and maintain the networking and mail systems, including discussions of sendmail, UUCP, SLIP, and PPP.
IRIX Admin: Backup, Security, and Accounting —Describes how to back up and restore files, how to protect your system's and network's security, and how to track system usage on a per-user basis.
IRIX Admin: Peripheral Devices —Describes how to set up and maintain the software for peripheral devices such as terminals, modems, printers, and CD-ROM and tape drives. Also includes specifications for the associated cables for these devices.
IRIX Admin: Selected Reference Pages —Provides concise reference page (manual page) information on the use of commands that may be needed while the system is down. Generally, each reference page covers one command, although some reference pages cover several closely related commands. Reference pages are available online through the man(1) command.
The IRIX reference pages (often called “man” or “manual” pages) provide concise reference information on the use of IRIX commands, subroutines, and other elements that make up the IRIX operating system. This collection of entries is one of the most important references for an administrator. Generally, each reference page covers one command, although some reference pages cover several closely related commands.
The IRIX reference pages are available online through the man command. To view a reference page, use the man command at the shell prompt. For example, to see the reference page for diff, enter:
man diff |
It is a good practice to print those reference pages you consistently use for reference and those you are likely to need before major administrative operations and keep them in a notebook of some kind.
Each command, system file, or other system object is described on a separate page. The reference pages are divided into seven sections, as shown in Table i. When referring to reference pages, this document follows a standard UNIX convention: the name of the command is followed by its section number in parentheses. For example, cc(1) refers to the cc reference page in Section 1.
Table i shows the reference page sections and the types of reference pages that they contain.
Table 1. Outline of Reference Page Organization
Type of Reference Page | Section Number |
|---|---|
General Commands | (1) |
System Calls and Error Numbers | (2) |
Library Subroutines | (3) |
File Formats | (4) |
Miscellaneous | (5) |
Demos and Games | (6) |
Special Files | (7) |
Provide specific information about the current release. Exceptions to the administration guides are found in this document. Release Notes are available online through the relnotes command. Each optional product or application has its own set of release notes. The grelnotes command provides a graphical interface to the release notes of all products installed on your system.
Your IRIX system comes with a help system. This system provides help cards for commonly-asked questions about basic system setup and usage. The command to initiate a help session is desktophelp.
The Silicon Graphics World-Wide Web (WWW) presence has been established to provide current information of interest to Silicon Graphics customers. The following URL addresses are accessible to most commercially available web browsers on the internet:
| http://www.sgi.com |
| |
| http://www.mips.com |
| |
| http://www.studio.sgi.com |
| |
| http://www.ids.sgi.com |
| |
| http://www.alias.com |
| |
| http://www.sgi.com/Technology/TechPubs |
|
From these sites you can find all the Silicon Graphics web-published information, including the Technical Publications Library.