sysmgr(1M) sysmgr(1M)
sysmgr - System Manager - Access to Desktop System Administration
/usr/sysadm/bin/sysmgr
The sysmgr command is available from the Desktop Toolchest and allows the
user to access Desktop System Administration Managers and Active Guides.
This document provides an overview of the Desktop System Administration
model and describes how to use the System Manager.
IRIX 6.5.14 updates the System Manager appearance to adhere to modern SGI
branding guidelines (layout, colors, and font), but System Manager
functionality is the same.
Graphical Components [Toc] [Back]
Desktop System Administration is made up of several graphical components:
Manager [Toc] [Back]
Displays the icons for a set of similar objects on the system. For
example, the Disk Manager displays one icon for each disk on the
system. These icons may be dragged onto the Desktop for future
access. Each Manager also provides access to the common tasks that
can be performed on the icons it displays. For example, from the
User Manager the user can add a new user account, change an account
password, or delete a user account. These tasks appear in the row of
buttons below the item icons as well as in the Task menu of the
Manager.
Active Guide [Toc] [Back]
A graphical interface that steps the user through a specific System
Administration task. For example, the Add a Modem Guide assists the
user in setting up the system to recognize and use a modem that has
been attached to this system. No changes will be made to the system
until the user has filled in all of the required information and
pressed the "OK" button. All changes to the system made through
Desktop System Administration software will be logged to
/var/sysadm/salog and can be viewed by the System Administration Log
Viewer viewlog(1M). See below for information about privileges and
system security.
Status Panel [Toc] [Back]
Displays detailed information about a specific object on this
system. For example, if the user selects a disk icon in the Disk
Manager and press the "Get Info..." button, a Status Panel will be
displayed that provides additional information about the disk. (The
user can also select an icon on the Desktop and select "Get Info"
from the right-mouse-button menu to display the Status Panel). Each
Status Panel also provides access to common tasks that can be
performed on the selected item.
Page 1
sysmgr(1M) sysmgr(1M)
Privileges [Toc] [Back]
The Privileges mechanism gives the system administrator fine-grain
control over which users can access the System Administration tasks. root
is the Administrator account of the system. root has the ability to grant
specific privileges to users so that they can perform a limited set of
System Administration tasks, or root can designate a user as privileged
which allows that user to perform any System Administration task. If
there is no root password on the system, all users are considered to be
privileged users.
When a user attempts to launch a Manager or Active Guide which requires
privileges and the user has been granted that specific privilege or is a
privileged user, the item is launched. If the user is not privileged, a
dialog will appear. The user must enter the root password to proceed,
and has the option of permanently gaining privileges for this item (if
the root password entered is correct).
The graphical components of the Desktop System Administration software do
not administer the system directly. Instead, they use runpriv(1M) to
execute the desired commands. This eliminates the need for the graphical
components to be setuid root and thus eliminates a class of possible
attacks on the system.
The following setuid root programs implement the privilege mechanism.
runpriv(1M)
Runs privileged operations on behalf of a non-root privileged user.
checkpriv(1M)
Checks the privileged database to see if a non-root user has a
particular privilege. This needs to bet setuid root because it
needs to be able to determine whether there is a root password on
the system, and on systems this means consulting /etc/shadow which
is typically not readable by non-root users.
The following setuid root programs maintain the privilege database. They
are setuid root so they can do their work when a non-root user runs them
and supplies the root password. This allows a non-root user to use the
graphical user interface PrivilegeManager(1M) to add and remove
privileges if that user can supply the root password. The ability to
change the privilege database is not a privilege; root cannot assign
privilege database capabilities to non-root users.
addpriv(1M)
Adds privileges to a user.
rmpriv(1M)
Removes privileges from a user.
addprivuser(1M)
Makes a user fully privileged. A fully privileged user has all
system administration privileges.
Page 2
sysmgr(1M) sysmgr(1M)
rmprivuser(1M)
Removes a user's fully privileged status.
adddefpriv(1M)
Makes a privilege a default privilege, which means that any user can
use it. The system comes configured with several default privileges
which enable non-root users to find out information such as what
filesystems are on what disks. See PrivilegeManager(1M) for the
list of default privileges on the system.
rmdefpriv(1M)
Remove a privilege's default privilege status.
For example, if the administrator wishes to allow user "pat" to add and
remove modems on the system, the administrator could use the command:
'/usr/sysadm/bin/addpriv pat addmodem deletemodem'. The administrator
could also use the PrivilegeManager(1M) graphical interface. See the
above referenced man pages for more details.
There is also a chkconfig(1M) option that controls whether privileges are
enabled. If root runs chkconfig privileges off, non-root users will not
be able to perform system adminstration tasks unless they can provide the
root password. If the administrator wishes to disable that functionality
as well, the setuid bits can be removed from the six programs described
above and the privilege mechanism will be completely disabled.
addpriv and rmpriv support the -chkconfig option for running chkconfig to
turn privileges on or off.
Using System Manager
sysmgr displays a window divided into two vertical columns. The column
on the left is the Table of Contents, listing the categories of System
Administration Managers and Active Guides available to the user. To
display a category in the right-hand column, click on the hypertext name
of the category.
The right-hand column of System Manager displays the current category.
It contains a brief description of the category, and lists each Manager
and Active Guide. To launch a Manager or Active Guide, use the mouse to
click on the hypertext title or icon of the item. You may also drag the
icon for the item onto the Desktop for future use.
sysmgr uses runcatalog(1M) to launch Managers and runtask(1M) to launch
Active Guides. The items are launched in the background as separate
processes, so it is possible to interact with System Manager while a
Manager or Active Guide is up and running. Only one copy of a particular
Manager or Active Guide will run on the system at any given time. If you
attempt to launch an item that is already running, it will be opened and
raised to the top of the window hierarchy.
Page 3
sysmgr(1M) sysmgr(1M)
sysmgr comprises several categories:
Overview [Toc] [Back]
The Overview describes the set of categories available in System
Manager.
About This System
The document for this category is generated by the system at the
time the user requests it. The document is generated by the cgi-bin
script /var/www/cgi-bin/ghinv/ghinvMain, which enhances and adds to
the output from the hinv(1) command.
Search [Toc] [Back]
This section allows the user to do a keyword search on the Managers
and Active Guides that can be launched via System Manager. The
search looks at a pre-defined set of keywords that has been defined
for each Manager or Active Guide rather than looking at the text in
System Manager. If a match is found, the title of the System
Manager page where the item resides is displayed along with the item
icon and title so that the item can be launched directly from the
search results.
Software [Toc] [Back]
This category displays the set of Managers and Active Guides that
allow the user to install software and obtain software licenses.
For more information, see swmgr(1M) and LicenseManager(1M).
Hardware and Devices [Toc] [Back]
This category displays the set of Managers and Active Guides that
allow the user to add or remove devices on this system. Devices
include modems, MIDI devices, printers, mouse pointers, and tablets.
For more information, see printers(1M), SerialDeviceManager(1M),
addSerialDevice(1M), deleteSerialDevice(1M), addModem(1M),
deleteModem(1M), DiskManager(1M), initDisk(1M), mountfs(1M),
umountfs(1M), verifyDisk(1M), xlvCreateLV(1M), xlvExtend(1M),
xlvDelete(1M), xlvShow(1M), mkfsXfs(1M), getDiskInfo(1M),
RemovableMediaManager(1M), formatRMedia(1M),
shareRemovableMedia(1M), unshareRemovableMedia(1M),
monitorRemovableMedia(1M), unmonitorRemovableMedia(1M)
Security and Access Control [Toc] [Back]
This category displays the set of Managers and Active Guides that
allow the user to add and remove user accounts and set the level of
security on this system. For more information, see
SecureSystem(1M), UserManager(1M), addUserAccount(1M),
checkPassword(1M), deleteUserAccount(1M), modifyUserAccount(1M),
configAutoLogin(1M), updateclogin(1M), permissions(1M),
modifyPermissionsAndOwnership(1M), sharemgr(1M), sharefs(1M),
unsharefs(1M), shareRemovableMedia(1M), unshareRemovableMedia(1M),
sharePrinters(1M), unsharePrinters(1M), PrivilegeManager(1M),
addpriv(1M), addprivuser(1M), rmpriv(1M), rmprivuser(1M)
Page 4
sysmgr(1M) sysmgr(1M)
Network and Connectivity [Toc] [Back]
This category displays the set of Managers and Active Guides that
allow the user to set up connections to the local network and to the
Internet. For more information, see NetIfManager(1M),
configNetIf(1M), configec0state(1M), configdefaultRoute(1M),
configipforwardstate(1M), setNameServers(1M), nisSetup(1M),
configResolver(1M), nfsSetup(1M), ypfiles(4), filesystems(4),
sharefinder(1M), getExportList(1M), listPrinters(1M),
FilesystemManager(1M), listAllDiskFS(1M), mountfs(1M), umountfs(1M),
setFsNotifyLevel(1M), xlvShow(1M), HostManager(1M), addHost(1M),
deleteHost(1M), ISDNManager(1M), execisdnconf(1M), execisdnstat(1M),
setisdnparm(1M), stopisdnd(1M), PPPManager(1M), addpppin(1M),
addpppout(1M), deleteppp(1M), execppp(1M), getallpppinisdn(1M),
getallpppinmodem(1M), getallpppoutisdn(1M), getallpppoutmodem(1M),
getpppin(1M), getpppout(1M), removepppin(1M), removepppout(1M),
stopppp(1M)
Files and Data [Toc] [Back]
This category displays the set of Managers and Active Guides that
allow the user to backup and restore the data on this system. For
more information, see FilesystemManager(1M), listAllDiskFS(1M),
mountfs(1M), umountfs(1M), setFsNotifyLevel(1M), xlvCreateLV(1M),
xlvDelete(1M), xlvShow(1M), BackupAndRestoreManager(1M), backup(1M),
restore(1M), unschedBackup(1M)
System Performance [Toc] [Back]
This category displays the set of Managers and Active Guides that
allow the user to monitor and tune System Performance. For more
information, see SwapManager(1M), addLocalFileSwap(1M),
addVirtualSwap(1M), removeSwap(1M), ProcessManager(1M),
listProc(1M), gmemusage(1), gr_osview(1), gr_top(1), sysmon(1M), and
viewlog(1M)
The Restart System and Shut Down System tasks are not available from
System Manager but instead can be accessed from the System tile of the
Toolchest. For more information on these tasks, see dtshutdown(1M)
/usr/sysadm/
Root directory for sysadmdesktop executables and dso's
/usr/sysadm/adminclass/
Contains the set of dso's for each admin class. An admin class
monitors and administers a set of system administration objects.
For example, SaUserAccountClass.so is responsible for monitoring,
creating, modifying, and removing user account objects on the
system.
/usr/sysadm/authdso/
Contains the set of dso's used for each type of authentication. At
this time, only UNIX authentication (in other words, request root
Page 5
sysmgr(1M) sysmgr(1M)
password) is implemented.
/usr/sysadm/bin/
Contains the set of commands that implement the sysadmdesktop
product. These commands do not make changes to the target system,
but collectively allow the user to access the tasks, managers,
status panels, and privileged commands. See the individual man
pages for each command for more details.
/usr/sysdm/privbin/
Contains the set of privileged commands that make changes to the
target system. The user must be privileged (in other words, be root
or be assigned the designated privilege) to run these commands. See
runpriv(1M), privileges(4), and the man pages for each privileged
command for more details.
/usr/sysadm/catalogdso/*.so
Contains the dso's for each manager in the sysadmdesktop product.
For example, SaUserAccountCatalog.so implements the User Manager.
/usr/sysadm/catalogdf/*.cdf
Contains a descriptor file for each manager in the sysadmdesktop
product. The descriptor file defines information about a manager,
including dso name, manager name, and keywords without requiring the
manager code itself to be loaded into memory. For example,
SaUserAccountCatalog.cdf contains information about the User
Manager.
/usr/sysadm/paneldso/*.so
Contains the dso's for each status panel in the sysadmdesktop
product. A status panel shows detailed information about a specific
system object. For example, SaUserAccountPanel.so implements the
user account status panel and will display information about a
specific user account. Status panels do not have a corresponding
descriptor file. The information describing a status panel is
included in the relevant manager descriptor file. For example,
/usr/sysadm/catalogdf/SaUserAccountCatalog.cdf contains the path of
the user account status panel dso.
/usr/sysadm/taskdso/*.so
Contains the dso's for each task in the sysadmdesktop product. For
example, SaAddUserTask.so implements the Add User Account task.
/usr/sysadm/taskdf/*.tdf
Contains a descriptor file for each task in the sysadmdesktop
product. The descriptor file defines information about a task,
including dso name, task name, and keywords without requiring the
task code itself to be loaded into memory. For example,
SaAddUserTask.tdf contains information about the Add User Account
task.
Page 6
sysmgr(1M) sysmgr(1M)
/usr/sysadm/taskdf/*.edf, /usr/sysadm/catalogdf/*.edf
Contains a descriptor file for generic executable programs. The
descriptor file defines information about an executable, including
icon type, executable name, and keywords without requiring the
executable code itself to be loaded into memory. For example,
SaViewCPUUsageTask.edf allows sysadmdesktop components to launch
gr_top, which is not part of the sysadmdesktop product.
/var/sysadm/
Root directory for sysadmdesktop configuration files.
/var/sysadm/backups/
Contains a list of scheduled backups. These may be viewed with the
Backup and Restore Manager BackupAndRestoreManager(1M).
/var/sysadm/config/clogin.conf
Read by clogin to determine which accounts to show or hide. Values
are set by the Configure Clogin task.
/var/sysadm/config/default.cshrc, /var/sysadm/config/default.login,
/var/sysadm/config/default.profile These are the default .cshrc,
.login, and .profile files that are copied into a new home
directory, as specified by /var/sysadm/config/newaccount.config and
/var/sysadm/config/newhomedir.config.
/var/sysadm/config/deleteaccount.config
Determines what actions are taken when a user is deleted from the
system by the Remove User Account task. As shipped, the only action
is to run the script /var/sysadm/config/deleteaccount.script (as
root). See file comments for details.
/var/sysadm/config/deleteaccount.script
Default script invoked by /var/sysadm/config/deleteaccount.config
when a user account is deleted from the system by the Remove User
Account task. As shipped, this script takes no action. Note that
this script will be run as root. See file comments for details.
/var/sysadm/config/files.config
Lists the system files that are considered "critical" to system
functioning and which are normally not available to sysadmdesktop
components. For example, the Permissions Manager will not change
the ownership or permissions of files listed here.
/var/sysadm/config/groups.config
Lists default groups in /etc/group and controls how the
sysadmdesktop product will display them. See file comments for
details.
/var/sysadm/config/newaccount.config
Determines what actions are taken when a new user account is created
by the Add User Account task. As shipped, the files
/var/sysadm/config/default.* are copied into the new home directory
Page 7
sysmgr(1M) sysmgr(1M)
(if they don't already exist) and
/var/sysadm/config/newaccount.script is run (as root). See file
comments for details.
/var/sysadm/config/newaccount.script
Default script invoked by /var/sysadm/config/newaccount.config when
a new user account is added to the system by the Add User Account
task. This script is shipped with the default action of creating
the new user's .lang file. Note that this script is run as root.
See file comments for details.
/var/sysadm/config/newhomedir.config
Determines what actions are taken when a new home directory is
created for an existing user by the Modify User Account task. As
shipped, the files /var/sysadm/config/default.* are copied into the
new home directory and /var/sysadm/config/newhomedir.script is run
(as root). See file comments for details.
/var/sysadm/config/newhomedir.script
Performs actions on a new home directory created for an existing
user by the Modify User Account task. As shipped, this script takes
no action. Note that this script is run as root. See file comments
for details.
/var/sysadm/config/useraccounts.config
Lists special user accounts in /etc/passwd (as shipped) and controls
how they are displayed. The sysadmdesktop product will not allow
these accounts to be modified or removed using the Modify User
Account or Remove User Account tasks. See file comments for
details.
/var/sysadm/defaultPrivileges/
Contains one file for each privilege that is automatically granted
to all users. For example, as shipped, all users may list the
available printers using the default privilege listPrinters. See
defaultPrivileges(4) for details.
/var/sysadm/genNewUid
If this user-defined script exists, the Add User Account task will
invoke it to generate the next available UID for a new user.
Otherwise the next UID will be chosen at random.
/var/sysadm/privenviron
List of allowed environment variables when running a privileged
program using runpriv(1m). If a variable is listed with no value,
the value will be inherited from the current environment. If a
variable is not listed, it will not be available to the privileged
program.
/var/sysadm/privhome/
Home directory for all privileged programs.
Page 8
sysmgr(1M) sysmgr(1M)
/var/sysadm/privilege
Database containing a list of all privileges and a list of which
users have been granted those specific privileges. This database
should only be modified with PrivilegeManager(1M).
/var/sysadm/salog
The System Administration Log. Privileged commands write
information about who invoked them, what args were used, what
actions were taken, and what errors were enountered. Use
viewlog(1M) to view this log.
/var/sysadm/salog.conf
System administration log configuration details. These values are
set using the Set System Admin Log Options task.
/var/sysadmdesktop/EZsetup/SysSetup/cgi-bin/SysSetup/
Contains scripts and commands that implement System Setup (EZSetup).
/var/www/cgi-bin/ghinv/
Contains programs that generate the "About this System" page for
sysmgr(1M).
/var/www/cgi-bin/sysmgr/search
The program that implements the sysmgr(1M) search feature.
/var/sysadmdesktop/EZsetup/SysSetup/
Root directory for System Setup documents.
/var/www/htdocs/sysmgr/$LANG/
Root directory for localized HTML documents used by System Manager.
$HOME/.noWarnInittab
This file is used to make sure that the user is only warned once
about the existence of the file /etc/inittab.O after an IRIX
upgrade.
$HOME/.desktop-{host}/SysadmStopNoRootWarnings
If this file exists, sysadmdesktop will not warn the user that there
is no root password on the system. The file is created when the
user is notified that there is no root password and requests that
this warning not be shown again.
addpriv(1M), checkpriv(1M), runpriv(1M), runtask(1M), runcatalog(1M),
chkconfig(1M), shadow(4).
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 9�9�9�9 [ Back ]
|
