“About This Guide” includes brief descriptions of the contents of this guide and an explanation of the typographical conventions used, and refers you to additional sources of information you might find helpful.
This guide explains how to use the Trusted IRIX/CMW (Compartmented Mode Workstation) operating system with SGI workstations and servers. It provides descriptions of those user tasks that are specific to this version of the operating system.
If you have a graphics workstation, you should be familiar with the user documentation of the standard IRIX operating system, on which this product is based. See the SGI_EndUser bookshelf in your online documentation system.
You should read this guide if you have never used a secure system before or if you are using Trusted IRIX/CMW for the first time.
To administer and use the Trusted IRIX/CMW operating system, you must have the set of standard IRIX documentation in addition to the Trusted IRIX/CMW release. In addition to this manual the following documentation is included:
| Trusted IRIX/CMW Security Administration Guide | This manual describes how to administer your Trusted IRIX/CMW site. | |
| Release Notes | This document describes how to install the release and any known problems with the implementation. |
This guide contains the following chapters:
| Chapter 1, “Introduction to Trusted IRIX/CMW” | Provides an overview of Trusted IRIX/CMW. | |
| Chapter 2, “Understanding Access Control” | Provides information on the mandatory and discretionary access control features of Trusted IRIX/CMW. | |
| Chapter 3, “Understanding System Access” | Describes the tasks and procedures necessary to successfully log in and keep passwords current. | |
| Chapter 4, “Importing and Exporting Data” | Provides information on the security requirements and features relating to media and data import and export generally. | |
| Chapter 5, “Understanding Auditing” | Describes the auditing features and the user's responsibilities with respect to an audited environment. | |
| Chapter 6, “Programming in a Trusted Environment” | Provides information on programming practices in a trusted environment. | |
| Appendix A, “Glossary of Computer Security Terms”, | Provides a glossary of computer security terms and concepts used in these guides and elsewhere. |
The Trusted IRIX/CMW Security Features User's Guide is written for end users of Trusted IRIX/CMW systems. Frequently, people who would consider themselves end users find themselves performing advanced administrative tasks. For those individuals, the Trusted IRIX/CMW Security Administration Guide has been prepared to help both new and experienced administrators successfully perform all operations necessary to configure and maintain CMW security on Trusted IRIX/CMW systems.
The following documents contain additional information that may be helpful:
IRIX Admin: Software Installation and Licensing—Explains how to install and license software that runs under the IRIX operating system, the SGI implementation of the UNIX operating system. Contains instructions for performing miniroot and live installations using the inst command. Identifies the licensing products that control access to restricted applications running under IRIX and refers readers to licensing product documentation.
IRIX Admin: Disks and Filesystems—Explains disk, filesystem, and logical volume concepts. Provides system administration procedures for SCSI disks, XFS and EFS filesystems, XLV logical volumes, and guaranteed-rate I/O.
IRIX Admin: Networking and Mail—Describes how to plan, set up, use, and maintain the networking and mail systems, including discussions of sendmail, UUCP, SLIP, and PPP.
IRIX Admin: Backup, Security, and Accounting—Describes how to back up and restore files, how to protect your system's and network's security, and how to track system usage on a per-user basis.
IRIX Admin: Resource Administration—Provides an introduction to system resource administration and describes how to use and administer various IRIX resource management features, such as IRIX process limits, IRIX job limits, the Miser Batch Processing System, the Cpuset System, Comprehensive System Accounting (CSA), IRIX memory usage, and Array Services.
IRIX Admin: Peripheral Devices—Describes how to set up and maintain the software for peripheral devices such as terminals, modems, printers, and CD-ROM and tape drives. Also includes specifications for the associated cables for these devices.
Desktop User's Guide—Provides step-by-step instructions for completing essential tasks, such as printing files, finding files, and running applications; describes techniques and shortcuts; and serves as a general reference for commands and menus.
IRIX Checkpoint and Restart Operation Guide—Describes how to use and administer IRIX Checkpoint and Restart (CPR) and how to develop applications that can be safely checkpointed and restarted.
MIPSpro Compiling and Performance Tuning Guide—Describes the MIPSpro compiler system, other programming tools and interfaces, and ways to improve program performance.
NIS Administrator's Guide—Documents the SGI implementation of the network information service NIS, which provides location information about network entities to other network services, such as NFS.
Personal System Administration Guide—Describes the responsibilities of the system administrator for an SGI workstation, and provides details on the various tools and utilities available for system administrators.
Performance Co-Pilot for IRIX User's and Administrator's Guide—Describes how to administer the Performance Co-Pilot (PCP) software package.
Performance Co-Pilot for IRIX Advanced User's and Administrator's Guide—Describes the Performance Co-Pilot (PCP) software package of advanced performance tools for the SGI family of graphical workstations and servers.
These books have been written for standard IRIX. Where they differ from information in this book and in the Trusted IRIX/CMW Security Administration Guide, the Trusted IRIX/CMW books should be considered authoritative.
You can obtain SGI documentation in the following ways:
See the SGI Technical Publications Library at http://docs.sgi.com . Various formats are available. This library contains the most recent and most comprehensive set of online books, release notes, man pages, and other information.
If it is installed on your SGI system, you can use InfoSearch, an online tool that provides a more limited set of online books, release notes, and man pages. With an IRIX system, select Help from the Toolchest, and then select InfoSearch. Or you can type infosearch on a command line.
You can also view release notes by typing either grelnotes or relnotes on a command line.
You can also view man pages by typing man <title> on a command line.
The IRIX reference pages (often called “man” or “manual” pages) provide concise reference information on the use of IRIX commands, subroutines, and other elements that make up the IRIX operating system. This collection of entries is one of the most important references for an administrator. Generally, each reference page covers one command, although some reference pages cover several closely related commands.
The IRIX reference pages are available online through the man command. To view a reference page, use the man command at the shell prompt. For example, to see the reference page for diff, enter
man diff |
It is a good practice to print those man pages you consistently use for reference and those you are likely to need before major administrative operations and keep them in a notebook of some kind.
Each command, system file, or other system object is described on a separate page. The reference pages are divided into seven sections, as shown in Table 1. When referring to reference pages, this document follows a standard UNIX convention: the name of the command is followed by its section number in parentheses. For example, cc(1) refers to the cc reference page in Section 1.
Table 1 shows the reference page sections and the types of reference pages that they contain.
Table 1. Outline of Man Page Organization
Type of Man Page | Section Number |
|---|---|
General Commands | (1) |
Administrator Commands | (1M) |
System Calls and Error Numbers | (2) |
Library Subroutines | (3) |
File Formats | (4) |
Miscellaneous | (5) |
Demos and Games | (6) |
Special Files | (7) |
These type conventions and symbols are used in this guide:
| command | This fixed-space font denotes literal items such as commands, files, routines, pathnames, signals, messages, and programming language structures. | |
| variable | Italic typeface denotes variable entries and words or concepts being defined. | |
| user input | This bold, fixed-space font denotes literal items that the user enters in interactive sessions. Output is shown in nonbold, fixed-space font. | |
| [] | Brackets enclose optional portions of a command or directive line. | |
| manpage(x) | Man page section identifiers appear in parentheses after man page names. | |
| "" | (Double quotation marks) References in text to document section titles. | |
| # | IRIX shell prompt for the superuser (root). | |
| % | IRIX shell prompt for users other than superuser. | |
| () | (Parentheses) Following function names, these surround function arguments or are empty if the function has no arguments. | |
| >> | Command Monitor prompt | |
| > | Cascading menu options: File > Delete |
This guide uses the standard UNIX convention for citing man pages in IRIX documentation. The page name is followed by the section number in parentheses. For example, rep(1C) refers to the rcp online man page.
If you have comments about the technical accuracy. content, or organization of this document, please tell us. Be sure to include the title and document number of the manual with your comments. (Online, the document number is located in the front matter of the manual. In printed manuals, the document number can be found on the back cover.)
You can contact SGI in any of the following ways.
Send e-mail to the follow address:
techpubs@sgi.com
Use the Feedback option on the Technical Publications Library World Wide Web page:
Contact your customer service representative and ask that an incident be filed in the SGI incident tracking system.
Send mail to the following address:
Technical Publications
SGI
1600 Amphitheatre Pkwy., M/S 535
Mountain View, California 94043-1351
Send a fax to the attention of “Technical Publications” at +1 650 932 0801.
SGI values your comments and will respond to them promptly.