About This Guide

“About This Guide” includes brief descriptions of the contents of this guide and an explanation of typographical conventions used, and refers you to additional sources of information you might find helpful.

This guide explains how to administer the special security features provided in the IRIX Commercial Security Pak with Silicon Graphics® workstations and servers.

If you have a graphics workstation, you may find it convenient to use the System Manager, which is described in the Personal System Administration Guide. That guide should be your first resource for administering graphics workstations. Regardless of whether you use the System Manager or the IRIX command-line interface, the results are the same. The System Manager does not create any new files on your system.

If you have a server, the IRIX Admin manual set is your primary guide to system administration, since without graphics you cannot use the System Manager.

This guide describes only those special features contained in the Commercial Security Pak software option.

What This Guide Contains

This guide contains the following chapters:

Chapter 1, “Introduction to the Commercial Security Pak” 

Provides an overview of the Commercial Security Pak features.

Chapter 2, “Planning Your System Security Policy” 

Provides a comprehensive discussion of the planning necessary to set up your security policies.

Chapter 3, “Administering Login Accounts”  

Provides information on the creation, maintenance, and removal of login accounts under your security policy.

Chapter 4, “Administering Access Control”  

Provides information on administering Discretionary Access Control (including Access Control Lists).

Chapter 5, “Administering the System Audit Trail”  

Provides information on the System Audit Trail.

Chapter 6, “Administering Identification and Authentication”  

Describes the Identification and Authentication procedures specific to the Commercial Security Pak.

Chapter 7, “Administering CSP-Kerberos” 

Describes the CSP-Kerberos package, distributed with the Commercial Security Pak.

Chapter 8, “System Data Files” 

Describes the system files added by the Commercial Security Pak.

Conventions Used in This Guide

These type conventions and symbols are used in this guide:


Literal command-line arguments (options/flags), nonalphabetic data types, operators, and subroutines.


Executable names, filenames, glossary entries (online, these show up as underlined), IRIX commands, manual/book titles, new terms, onscreen button names, program variables, tools, utilities, variable command-line arguments, variable coordinates, and variables to be supplied by the user in examples, code, and syntax statements.

Fixed-width type 

Error messages, prompts, and onscreen text.

Bold fixed-width type 

User input, including keyboard keys (printing and nonprinting); literals supplied by the user in examples, code, and syntax statements (see also <>)


Environment variables, operator names, directives, defined constants, macros in C programs


(Double quotation marks) Onscreen menu items and references in text to document section titles


(Brackets) Surrounding optional syntax statement arguments

This guide uses the standard UNIX convention for citing reference pages in the IRIX documentation. The page name is followed by the section number in parentheses. For example, rcp(1C) refers to the rcp online reference page.

How to Use This Guide

This guide is written for administrators who are responsible for performing tasks beyond the reasonable scope of “end users” on IRIX systems that include the Commercial Security Pak. Frequently, people who would consider themselves end users find themselves performing advanced administrative tasks. This book has been prepared to help both the new and experienced administrator successfully perform all operations necessary to configure and maintain IRIX systems. It is hoped that people who considered themselves end users in the past will, by using this book, gain experience and confidence in successfully performing advanced system administration tasks.

Target Audience of This Guide

This guide is intended for administrators who are responsible for one or more systems running the IRIX operating system with Commercial Security Pak extensions, beyond the usual user responsibility for the user's home directory structure and immediate working directories. This guide and its companion administration guides have been written to provide directions for those who find themselves in the position of maintaining IRIX systems for themselves and others and who require more information about IRIX commands and system and network expertise.

Additional Resources

For easy reference, here is a list of the guides and resources provided with your system and the specific focus and scope of each:

IRIX Admin Manual Set

This guide is an supplemental resource to the IRIX Admin manual set. This guide differs from the IRIX Admin documentation in certain areas and should be considered the authoritative guide for IRIX operating systems with the Commercial Security Pak extensions.

The IRIX Admin suite is intended for administrators: those responsible for servers, multiple systems, and file structures outside the user's home directory and immediate working directories. If you maintain systems for others or if you require more information about IRIX than is in the end-user manuals, these guides are for you. The IRIX Admin guides are available through the IRIS InSight™ online viewing system. They are also available on the World Wide Web at http://www.sgi.com/Technology/TechPubs. The set comprises these volumes:

  • IRIX Admin: Software Installation and Licensing —Explains how to install and license software that runs under IRIX, the Silicon Graphics implementation of the UNIX operating system. Contains instructions for performing miniroot and live installations using Inst, the command line interface to the IRIX installation utility. Identifies the licensing products that control access to restricted applications running under IRIX and refers readers to licensing product documentation.

  • IRIX Admin: System Configuration and Operation —Lists good general system administration practices and describes system administration tasks, including configuring the operating system; managing user accounts, user processes, and disk resources; interacting with the system while in the PROM monitor; and tuning system performance.

  • IRIX Admin: Disks and Filesystems —Describes how to add, maintain, and use disks and filesystems. Discusses how they work, their organization, and how to optimize their performance.

  • IRIX Admin: Networking and Mail —Describes how to plan, set up, use, and maintain the networking and mail systems, including discussions of sendmail, UUCP, SLIP, and PPP.

  • RIX Admin: Backup, Security, and Accounting

  • IRIX Admin: Peripheral Devices —Describes how to set up and maintain the software for peripheral devices such as terminals, modems, printers, and CD-ROM and tape drives. Also includes specifications for the associated cables for these devices.

  • IRIX Admin: Selected Reference Pages—Provides concise reference page (manual page) information on the use of commands that may be needed while the system is down. Generally, each reference page covers one command, although some reference pages cover several closely related commands. Reference pages are available online through the man(1) command.

Reference Pages

The IRIX reference pages (often called “man” or “manual” pages) provide concise reference information on the use of IRIX commands, subroutines, and other elements that make up the IRIX operating system. This collection of entries is one of the most important references for an administrator. Generally, each reference page covers one command, although some reference pages cover several closely related commands.

The IRIX reference pages are available online through the man command. To view a reference page, use the man command at the shell prompt. For example, to see the reference page for diff, enter

man diff 

It is a good practice to print reference pages that you use frequently for reference and those you are likely to need before major administrative operations and keep them in a notebook.

Each command, system file, or other system object is described on a separate page. The reference pages are divided into seven sections, as shown in Table i. When referring to reference pages, this document follows a standard UNIX convention: the name of the command is followed by its section number in parentheses. For example, cc(1) refers to the cc reference page in Section 1.

Table i liststhe reference page sections and the types of reference pages that they contain.

Table 1. Outline of Reference Page Organization

Type of Reference Page

Section Number

General Commands


System Calls and Error Numbers


Library Subroutines


File Formats




Demos and Games


Special Files


Release Notes

Release notes provide release-specific information about a product. Exceptions to the information in the administration guides are found in this document. Release notes are available online through the relnotes command. Each product or application has its own set of release notes. The grelnotes command provides a graphical interface to the release notes of all products installed on your system.

IRIX Help System

Your system comes with an online help system. This system provides help cards for commonly asked questions about basic system setup and usage. The command to initiate a help session is desktophelp.

Silicon Graphics World Wide Web Site

The Silicon Graphics World Wide Web (WWW) presence has been established to provide current information of interest to Silicon Graphics customers. The following URL addresses are accessible to most commercially available Web browsers on the Internet:

http://www.sgi.co m 

The Silicon Graphics general web server, Silicon Surf.


The Silicon Graphics MIPS division server.


The Silicon Studio server.


The InterActive Digital Solutions server.


The Alias server.


The Silicon Graphics Technical Publications Library.