COSmanager User Man pages

From Documentation

Revision as of 09:12, 2 May 2006; view current revision
←Older revision | Newer revision→

Jump to: navigation, search

1 asgroup
2 asuser
3 audcycle
4 audit
5 audview
6 browser
7 cos
8 daemon
9 fs_tools
10 Menu(1)
11 methtool
12 page
13 root
14 runopt
15 scroll

asgroup

NAME

asgroup — Run a program with another group's permissions

SYNOPSIS

asgroup <group> [<command>]

DESCRIPTION

Asgroup changes the effective group ID of the user to the specified group while running command. If no command was specified, an interactive Shell will be started, either using the program defined by the SHELL environment variable, or /bin/sh if SHELL is not defined. Asgroup will only permit execution to proceed if either:

The user is part of the specified group; or
The command's group is the one specified, and it has the set group ID bit enabled [see chmod(1)], and the user has execute access to the command.
All attempts (both successful and not) are logged to an audit trail.

FILES

/usr/spool/log/asgroup

Audit log file. Every execution of asgroup is logged here detailing the user, terminal, date andtime, the command and whether it was successful.

SEE ALSO

fs_tools(1).

COPYRIGHT

asuser

NAME

asuser - Run a program as another user

SYNOPSIS

asuser [-12cdosu] <user> <command>

DESCRIPTION

Asuser runs a command in the context of another user. It is normally only run by a process with the effective user ID of the superuser.

Switching to the specified user causes the process to switch to that user's ID and Groups, plus the following environment variables to be set: LOGNAME, USER, HOME and FULLNAME.

OPTIONS

-c

Check that the caller's effective ID is superuser before running the command. By default, if the caller is not superuser, the command is still run, but without switching users.

-d

Change into the user's home directory before running the command, and before creating any output files (see the -o, -1 and -2 options). Normally the command is run in the current working directory.

-s

Run the command using the shell. This allows arbitrary shell syntax to be used in the command. Normally the command must be a single program name, optionally followed by its parameters.

-u <ulimit>

Set the ulimit to the specified value prior to running the command.

-o <file>

Redirect both STDOUT and STDERR to the given file after switching to the new user. If the file does not exist, it will be created with the ownership of the given user. Note that if you use:

asuser <user> <command> > <file>

the file will be opened by the shell prior to running asuser, causing it to be created with "root" ownership.

-1 <file>

Redirect STDOUT to the given file after switching to the new user. Please refer to the discussion under -o.

-2 <file>

Redirect STDERR to the given file after switching to the new user. Please refer to the discussion under -o.

EXAMPLE

asuser mike weekly_report -d prodn

Runs the command "weekly_report -d prodn" as user "mike".

WARNINGS

This program must not be installed with the SETUID flag set, otherwise system security would be compromised.

COPYRIGHT

audcycle

NAME

audcycle - age and recycle audit trails and log files

SYNOPSIS

audcycle [-v] [-D]

DESCRIPTION

COSmanager provides support for maintenance and viewing of Audit Trails and Log files. Audcycle is the command used by COSmanager to age and recycle audit trails and log files.

Audcycle checks each audit trail defined in COSmanager and, if it is due to be archived, copies it to an archive directory according to the appropriate archive method. Audcycle also removes old archived audit trails if they have expired.

Audcycle should only be invoked once per day, usually by adding an entry to the root crontab. The following fragment from the root crontab sets audcycle running at five minutes to midnight each day.

55 23 * * * FShome=<COS-dir>; export FShome; $FShome/bin/cos -u cosmos cosmos -c audcycle -v

You should substitute the COSmanager home directory for <COS-dir>, for example, /usr/cosmos/COS_4.2.

OPTIONS

-D: Debug mode. The commands to cycle the audit trail (from the audit method table) are displayed but not executed.

-v: Verbose mode - displays messages as the audit trail cycling is performed.

SEE ALSO

crontab(1)

COPYRIGHT

audit

NAME

audit - write audit trail

SYNOPSIS

audit [-d <directory>] <auditname> [<text>]

DESCRIPTION

COSmanager provides support for maintenance and viewing of Audit Trails and Log files. Audit is the command used to write a time-stamped message to an audit trail. It is documented here to allow System Managers to add auditing to the duty lists.

Audit writes a single line to the specified audit trail comprising a timestamp, the user's Login Name, Fullname, the current terminal line or workstation IP address, and the optional text message.

By default, the audit trail is stored in the directory /usr/spool/log in the file named auditname.

If audit trail cycling is enabled (see the audcycle(1) command) then there may be several addition versions of the audit trail. These are usually stored in the directory /usr/spool/log/archive/auditname.

OPTIONS

-d <directory>: Store the audit trail in the named directory.

<auditname>: The name of the audit trail.

COPYRIGHT

audview

NAME

audview - view audit trail

SYNOPSIS

audview [-l] [-f <filename>] [<auditname>]

DESCRIPTION

COSmanager provides support for maintenance and viewing of Audit Trails and Log files. Audview is the command used by COSmanager to display an audit trail. It is documented here to allow System Managers to customise the duty list to include reviewing of specific audit trails.

Audview allows the user to choose between different versions of the audit trail, displayed most recent first.

Some audit trails have Functional Database table definitions (eg: FSadmin, root) and these will be displayed with column headings, etc. Other audit trails are displayed with a heading indicating the version and date of the audit trail.

OPTIONS

-l: Display the latest version of the audit trail.

-f <filename>: Displays the audit trail contained in filename.

<auditname>: Display the named audit trail. If more than one version exists the user will able to choose the one to view. If auditname is not specified then the user is able to choose one of the audit trails defined to COSmanager.

COPYRIGHT

browser

NAME

browser - Display HTML or simple text documents

SYNOPSIS

browser [-n <msg>] [<file>]

DESCRIPTION

Browser is a simple HTML rendering program, displaying an HTML or simple text document in a window. It supports a subset of full HTML, in particular a link to another document cannot be a full URL, rather a simple filename which must be found on the local host.

If <file> is omitted or is "-", data read from standard input is displayed.

If <file> is not a full pathname, then browser will search for it in the doc or local/doc directory of the current application.

If the -n option is specified, then should the file (or standard input) be empty, the given message will be displayed on standard error, and browser will terminate with an exit status of 1, with no window being displayed.

Note that browser only functions under the GUI version of the Functional Toolset, not under the CUI (Character User Interface).

SEE ALSO

scroll(1)

COPYRIGHT

cos

NAME

cos - Invoke COSmanager

SYNOPSIS

cos [-apD] [-d <db>] [-u <user>] [-v <version>] [<appl> [-C] [-v <version>] [-c <command> | <table> [<method>]]]

DESCRIPTION

Cos is the command that invokes COSmanager and COSmanager applications.

Cos performs security checks on the invoking user, asking for passwords if necessary, sets up the appropriate security profile and environment for the user, and then invokes either the main COSmanager menu, a COSmanager application, a method or a command.

OPTIONS

-D: Invoke the demonstration mode of COSmanager. (See below for more details).

-d <database>: Specifies a database holding the Functional Database table data. If the name specified does not end with .db, then this suffix will be appended to form a directory name, which must be located under both the $FShome and $APPL_HOME directories. If not specified, the default database (db) is used.

-v <version>: Specifies an alternate version of the COSmanager framework to invoke. The directory of the specified COSmanager version determines the value of the FShome variable, the base directory of the COSmanager framework.

The following three options are only available if the user is super-user or cosmos:

-a: Ask "Who are you?". Normally cos automatically determines the ID of the invoking user, which in turn determines their security profile. If this option is specified, the user is prompted to enter his or her login ID, and password. If this is validated correctly, the user will be allowed into COSmanager with that user's security profile.

-p: Forces the user to enter the appropriate COSmanager application passwords. Normally when cos is invoked as super-user, password checking is bypassed.

-u <user>: Use the security profile of the specified user rather than that of the invoking user.

<appl> specifies the COSmanager application to invoke. If omitted, the main COSmanager menu (or buttonbar) is invoked. After the application name the following options can appear:

-C: Invoke the application in configuration mode. This may cause further security checks and authentication to occur.

-v <version>: Specifies an alternate version of the application to run. The directory of the specified version of the application determines the value of the APPL_HOME variable. Normally the default version of the application is run.

-c <command>: Specifies the command to run under the given application.

<table> [<method> [<params>]]: If a table is specified with no subsequent parameters, db_methtool(1) is invoked upon that table. This provides an interactive, user-friendly interface to the methods defined for the table. If a method and optionally parameters to that method are given, then that method is invoked directly. See db_meth(1) for details of the format of the parameters.

APPLICATION INVOCATION

When cos invokes an application, it first searches the applictn table in the COSmanager framework, looking for the specified application. If no version was specified by the user, the entry with the Default column set to yes will be used. This entry determines the base directory (APPL_HOME) of the application, the capabilities required by the user to access it, how the application is to appear in the COSmanager menu or buttonbar, and the commands to invoke the application itself.

Once the entry is found, the user's capabilities are checked to ensure that he or she has access to the application. The application's environment variables (see below) are then set, and if $APPL_HOME/profile exists, it is sourced as a Bourne shell script. Finally the command to invoke the application is executed.

DEMONSTRATION MODE

In this mode, any modification to tables which are not under the specified database directory, will cause them to be copied there, and the modification performed on the copy. Thus real system tables (eg: passwd, group, hosts, networks) will not be modified directly, rather the user will operate on copies of them.

Although most COSmanager applications normally run as root or cosmos, demonstration mode forces them to be run as the normal UID of the invoking user. In addition, certain system commands are replaced with scripts that enable the demonstration or training to be run without needing special privileges.

It is possible to create a self contained demonstration of a COSmanager application by copying the tables from the COSmanager framework database directory ($FShome/db) and the application's database directory ($APPL_HOME/db) to another directory and using the -d flag to reference the alternate database.

For example, the following commands create a new duty3G database called training:

cos duty -c sh 
  cd $FShome 
  mkdir training.db 
  cd db 
  find . -print | cpio -pdumv ../training.db 
  cd $APPL_HOME 
  mkdir training.db 
  cd db 
  find . -print | cpio -pdumv ../training.db 
  exit

The command:

cos -D -d training duty

would be used to invoke duty3G in demonstration mode using the training database.

Such a scheme could be used for training new operators.

ENVIRONMENT VARIABLES

COSmanager sets and uses the following environment variables:

APPL_HOME: The base directory of the application being run under cos. The application programs, menus, prompt forms and database files etc, are in subdirectories under $APPL_HOME.

FShome: The base directory of the COSmanager framework, which contains the Functional Toolset. By default this is the home directory of the cosmos user.

PATH: Cos automatically includes the directories $APPL_HOME/bin and $FShome/bin in the PATH variable. Furthermore, in demonstration mode, PATH also includes $APPL_HOME/dbin and $FShome/dbin to allow special demonstration versions of programs to be written.

DBTABDIR: This determines the search path used to locate data for database tables within the COSmanager framework and applications. Unless the -d option is used, this variable is not set, thus defaulting the search path to the db and distrib.db directories. If, for example, "-d training" is specified, the search path is changed to the training.db and distrib.db directories.

FS_CUSTOMER: The Customer name to appear at the right side of the title bar on menus, forms, etc under the CUI, and in the "about" box under the GUI. This should be kept fairly short (say 20 characters), or it may be overwritten by the title.

PRINTCMD: A command which is used to send output to a printer. It must be able to read its input from standard input, and should not write anything to standard output (or standard error), unless there is an error condition. Using the System V spooler as an example, PRINTCMD should be set to "lp -s", which is the default.

DBPRINT: A command that takes (as standard input) output from the Functional Database and send it to a printer. This allows pre-formatting of database tables before printing. One utility that provides this is page(1). This will take the header line and repeat it at the top of each printed page and place the page number on the bottom line. An example of the setting of this variable would be:; DBPRINT="page -C | lp -s"

PRINTYPE: The printer type to be used by the page(1) command. This is only necessary if the DBPRINT variable is set to use the page command. A terminfo(4) entry must exist for this printer type.

PAGER: The name of the pagination program used when display manual pages, etc. This would typically be more(1), pg(1), or even the less(1) public domain pager. If not specified then the scroll(1) command will be used.

These variables are automatically set when the cos command is run. Most can be changed by using the "Global Parameters" menu under "COSmanager Configuration".

SEE ALSO

db(1), db_methtool(1), db_meth(1).

WARNINGS

COSmanager runs most of the time with root privileges. The startup scripts and profiles as supplied are written extremely carefully to eliminate the possibility of "trapdoors" or other means of compromising system security. If the files $FShome/bin/COSstartup, $FShome/bin/APstartup or $APPL_HOME/profile are modified, be very careful not to introduce such "trapdoors". In particular, always use full pathnames when specifying directories, especially within PATH variables. Also make sure that the file permissions on such scripts are not changed which may allow access by "hostile" users.

COPYRIGHT

daemon

NAME

daemon - Run a command as a daemon

SYNOPSIS

daemon [-fps] <command>

DESCRIPTION

Daemon executes an arbitrary operating system command as a daemon process, in other words, it initiates the command and runs it in the background, in its own process group or session ID, and disconnected from the current TTY. In addition it also closes any open files which are not regular files (ie: those that are not files on disk).

This means that daemon programs started under the Functional Toolset will not hold dialog windows open, and will not be killed when the user exits.

OPTIONS

-f: Run the command in the foreground, rather than the background. This is useful if the command forks and runs in the background itself.
-p: Do not create the new process in its own process group or session ID.
-s: Run the command using the shell. This allows arbitrary shell syntax to be used in the command. Normally the command must be a single program name, optionally followed by its parameters. Note that when using this option, an extra "sh" process will be created, and you may have to use "exec" in the command to prevent it from staying around.

EXAMPLES

daemon test_service -l > /tmp/log

Run the command "test_service -l" as a daemon, with its standard output redirected to the file /tmp/log.

daemon -s "cd /usr/spool; exec test_service -l > test_log"

Because this command is more than a simple program invocation, you need to use the -s option. The "exec" prevents the "sh" process from staying around while the daemon is running. Note that if the "cd" was done before calling daemon, the "-s" flag could be avoided in this example.

WARNINGS

Because all non-regular files are closed, you cannot pipe data into the daemon command.

Messages from the command written to STDOUT or STDERR may be lost unless these file descriptors are redirected to a file on disk.

COPYRIGHT

fs_tools

NAME

fs_tools - the Functional Toolset

SYNOPSIS

The Functional Toolset is a suite of tools, to enable sophisticated applications to be built quickly and easily. It consists of a suite of user interface tools, database access tools, and various miscellaneous tools. The Functional Database tools are described under db(1). This manual page describes the user interface tools, the environment variables that the toolset uses, and some common facilities which the toolset uses (such as path lists).

USER INTERFACE TOOLS

These are full-screen, interactive programs, each with a distinct function and they support both a Graphical User Interface (GUI) and a Character User Interface (CUI), the latter can run on virtually any terminal.

These functions include:

Picking an item from a menu
Filling in a form
Browsing through output, and optionally printing sections
Choosing one or more items from a list
Hitting one of a number of function keys in answer to a request

Although these functions are implemented as separate programs, the "look and feel" of each of the tools is the same, so the user interface remains uniform throughout an application built with these tools.

Below are brief descriptions of the functions and features of each user interface tool. Further details can be found in the appropriate manual entry for each.

MENU

Menu implements a hierarchical menu structure. The user simply arrows down to the desired item, and hits Enter or Accept. If that item is an action then the program corresponding to that action is executed. If it is a submenu, then that menu will be entered. Hitting Exit will take the user up a level in the menu hierarchy, or exit Menu completely if it was the Main or Top-level menu.

Other features of Menu are:

Conditional menu items. If the condition is not true, the user will not see that item.
"Self-modifying" menu text. The menu description can contain references to Shell environment variables. If these variables change, so will the text of the menu.
A full hierarchy of every menu in the system is available by hitting the Index key. The user can then search through the hierarchy, and jump directly to any menu.

PROMPT

Prompt allows a user to fill in a form and when complete, it outputs Shell commands to set environment variables to the values entered in each field. Optionally, prompt can also load default values for each field from environment variables of the same names. This association of Shell variables to fields on a form, and the association between database column values and Shell variables [see db(1)], means that prompt can be readily used to input and manipulate database column values.

Prompt is also capable of doing extensive validation of user input, and of doing database "lookups" to ensure consistency, and to provide useful feedback to the user.

SCROLL

Scroll is a sophisticated version of more(1) or pg(1). It provides up and down, left and right scrolling through any output data. The user can search for arbitrary patterns, and can spool any range of pages to a printer. Scroll can also interpret print control codes for the Epson LQ printer range.

CHOOSE

Choose is a "pick-and-point" selection utility. It displays lines of data to the user and allows him or her to choose one (or more) lines, which it then writes to standard output. The user has similar features to move within the data as Scroll provides.

CONFIRM

Confirm displays a message (which may consist of a number of lines) on the screen, and asks the user to make a decision. The user is presented with a fixed number of alternatives, each is selectable by a different function key, which is labelled accordingly.

METHTOOL

Db_methtool provides an interface to perform actions (or methods) upon data in a database table. It allows the user to select one or more items, then to choose a method to perform. When the method has completed, control is returned so that the whole process can be repeated. It can be considered similar to a combination of choose and menu.

CHARACTER INTERFACE

Each of these tools presents a uniform user interface. This consists of:

A title bar on the top line of the screen, with a title in the middle, the customer name at the right, and the tool name, or menu name at the left.
A row of 8 function key labels on the bottom line of the screen, with F1 being Help, F2 Extended Help, F3 Exit, and F8 Accept. Other function keys may change depending on the particular tool.
A message line on the second bottom screen line. Error or informative messages appear on this line.

If the keyboard supports them, the following keys can also be used:

PAGE DOWN or ^F: On tools that support scrolling, scroll forward to the next page.
PAGE UP or ^B: On tools that support scrolling, scroll back to the previous page.
HOME: Move the cursor to the "home" position on the screen.
ARROW KEYS: Move the cursor or scroll in the direction indicated.
^L or ^R: Redraw the screen.
^D: Exit the tool. Same as F3. This can always be used to exit any tool, and is useful if the terminfo(4) definition of the function keys is incorrect.

GRAPHICAL INTERFACE

The graphical interface provides extra flexibility in that several actions can be executed simultaneously, and run in different windows. Where possible the interface is similar to the character interface in terms of the actions of the function and other keys. Selection of items and scrolling of data, however, is achieved by use of the mouse and scrollbars, rather than using keystrokes.

From the programming point of view, the use of the character and graphical interfaces is identical.

ENVIRONMENT VARIABLES

The following list of environment variables is used by the Functional Toolset. Note that these are generally set in the file $FShome/profile.

FShome: The parent directory of all Functional Software files. The toolset executable programs live in $FShome/bin, which should be included in the user's PATH.
TITLE: The title to place at the centre of the title bar which is on the top line of the screens of all the tools. This variable is overridden by the -t option, or by any other mechanism that each tool may have to specify a title.
FS_CUSTOMER: The Customer name to appear at the right side of the title bar. This should be kept fairly short (say 15 characters), or it may be overwritten by the title.
PRINTCMD: A command which is used by the tools to send output to a printer. It must be able to read its input from standard input, and should not write anything to standard output (or standard error), unless there is an error condition. Using the System V spooler as an example, PRINTCMD should be set to "lp -s". Note that the db(1) tools also use another similar variable, DBPRINT. There is also an associated variable, PRINTYPE, which is the terminfo name for the type of printer used by the page(1) command.
PAGER: The name of a program through which large streams of terminal output (such as manual pages) are sent. This could be pg(1) or more(1) or preferably:; scroll -p66 -H1 -s; which will give the user a print capability, and similar "look-and-feel" to the other tools.
LOGNAME: Should always be set to the login name of the user. This is done automatically on most systems.
TERM: Should be set to the terminfo name for the type of terminal being used.
TERMINFO: See below.

PATH LISTS

A number of tools access files either to control their operation, or to read or update data. The tools which do this can search for the file(s) in a search path, similar to the standard PATH variable.

Path lists are a list of directories separated by colons, each of which is searched in turn. If the path begins with "+:", this search algorithm is extended as follows: the directories pecified in the path are then relative to the application directory path (specified by the APPL_PATH variable). If APPL_PATH is not set, then APPL_HOME is used, and if this is not set, HOME is used.

Consider the example of searching for the file "media" and the path list is specified as "+:db:distrib.db", and APPL_PATH is "/usr/fs1:/usr/fs2". The following directories would be searched in order:

/usr/fs1/db 
  /usr/fs1/distrib.db 
  /usr/fs2/db 
  /usr/fs2/distrib.db

The path list variables all have reasonable default values, so in most circumstances they will not need to be set.

The following is a list of path lists used by the Functional Toolset:

DBDIR: Used by the database tools to locate the data dictionary file (.dc) for the table. Default: "+:dict"
DBTABDIR: Used by the database tools to locate the data file for the table. Default: "+:db:distrib.db"
MENUDIR: Used by Menu to find the menu description files. Default: "+:menu"
METHDIR: Used by the database method tools to locate the list of methods for the table. Default: "+:method"
PROMPTDIR: Used by prompt to find the prompt description file. Default: "+:prompt"
REPDIR: Used by the report generation tools to locate the report description file. Default: "+:report"

TERMINFO

Because the character interface tools of the Functional Toolset uses the facilities of terminfo(4) in a far more extensive way than most of the standard utilities like vi(1), often the distributed terminfo definitions are inadequate. Therefore the Functional Toolset comes with its own terminfo directory, $FShome/lib/terminfo, which contains source of tested definitions for several common terminals.

In order to use these supplied definitions, it is preferable to set the TERMINFO environment variable to $FShome/lib/terminfo so that the standard system definitions are not lost, when the new ones are compiled with tic(1).

COPYRIGHT

Menu(1)

COPYRIGHT

methtool

COPYRIGHT

page

NAME

page - paginate output for a printer

SYNOPSIS

page [-C] [-h] [-P <printype>] [-H <headlines>] [-t <title>] [-l <lines>] [-c <columns>] [<filename>]

DESCRIPTION

Page is part of the Functional Toolset and is documented here to assist Systems Managers to customise the printing functions of COSmanager. Page is typically used to paginate the output from the Functional Database tools prior to printing.

Page prints a title line followed by a number of header lines, which are read from the start of the input file. The title and header lines are then repeated at the top of each printed page. The page number is also printed, centred at the bottom of each page.

Page uses the terminfo(5) terminal information database to support features of various printers.

OPTIONS

-C: print in compressed mode. If the printer supports a compressed mode, the escape sequence defined in terminfo to initiate compressed printing (see below) is output before printing commences and the sequence to restore normal printing after printing finishes. Printers supporting both a normal and compressed mode should define 2 terminfo entries, the one for compressed printing should end in -c. This option will automatically append a -c to the printype (see below).

-h: do not output a title line. The header line(s), if any, are still printed.

-P <printype>: use the terminfo entry for printype. Usually the environment variable PRINTYPE is used.

-H <headlines>: Used to specify an alternate number of lines for the input header. Normally the first line only is used as a heading. Use -H0 to disable the header lines.

-t <title>: Used to specify a title to appear centred on the title line. Normally the environment variable TITLE is used. At the left of the title line is the date, and to the right the contents of the FS_CUSTOMER environment variable, which would normally contain the name of the user's organisation.

-l <lines>: Used to specify the number of lines on a page. Normally this is obtained from the terminfo entry for the printer.

-c <columns>: Used to specify the number of columns in a line. Normally this is obtained from the terminfo entry for the printer.

<filename>: Specifies the file to read. Normally standard input (stdin) is used.

TERMINFO REQUIREMENTS

In order to support attributes such as emboldening and underline in a device independent manner page makes use of the terminfo database. A definition for each printer should (at least) contain the following variables:

    Capname        Description
 
    cols           number of columns in a line 
 
    lines          number of lines on a page
 
    smso           Start standout mode
 
    rmso           End standout mode
 
    smul           Start underline mode 
 
    rmso           End underline mode
 
    is1            Initialise the printer to compress mode
 
    rs1            Reset the printer to normal mode

For further information refer to the terminfo(5) manual page.

EXAMPLES

Typically, page is used in the specification of the print command for the Functional Database, as shown in the following extract from a user profile.

PRINTYPE=dumb_132 
  PRINTCMD="page -C | lp -s" 
  export PRINTYPE PRINTCMD

The -C flag tells page to use the dumb_132-c terminfo entry if it exists. If not, it will default to the non-compressed dumb_132 entry.

COPYRIGHT

root

NAME

root - Super User access with extra security

SYNOPSIS

root [command]

DESCRIPTION

Root enables a user to become Super User or execute a command as Super User, but with more stringent security controls than su(1). Root ensures that the user attempting to become Super User is in a list of secure users. Also all attempts (both successful and not) are logged to an audit trail.

If the user is on the list of secure users, then root will prompt for the Root Password. If this is entered successfully, the command specified will be executed. If no command was specified, an interactive Shell will be started, either using the program defined by the SHELL environment variable, or /bin/sh if SHELL is not defined.

Should the user not be in the list of secure users, root will prompt:

Who are you:

To this a user name in the secure list must be given. The user will then be prompted for that user's password as well as the root password, before gaining Super User access. This facility allows a user to become Super User from another user's session. This is sometimes required when the Administrator or System Manager is assisting a user and needs Super User access to complete a task on behalf of that user.

RECOMMENDATION

In order to ensure that all Super User accesses are controlled and logged, it is highly recommended to remove general access to the su(1) command, by removing all Public permissions, using chmod(1):

chmod o-rwx /bin/su

DO NOT REMOVE /bin/su as it is required by some Systems Programs.

FILES

/etc/sulist: List of secure users, one per line.

/var/spool/log/root: Audit log file. Every execution of root is logged here detailing the user, terminal, date and time, the secure user and whether it was successful.

SEE ALSO

fs_tools(1).

COPYRIGHT

runopt

COPYRIGHT

scroll

COPYRIGHT

Retrieved from "https://documentation.fs.com.au/index.php/COSmanager_User_Man_pages"

Search

COSmanager User Man pages

From Documentation

Contents

asgroup

asuser

audcycle

audit

audview

browser

cos

daemon

fs_tools

Menu(1)

methtool

page

root

runopt

scroll