HPlogo HP-UX Reference > S

sam(1M)

HP-UX 11i Version 2: December 2007 Update
» 

Technical documentation

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

sam — system administration manager

SYNOPSIS

/usr/sbin/sam [-display display] [-f login] [-r]

DESCRIPTION

The sam command starts a menu-driven System Administration Manager program (SAM) for performing system administration tasks with only limited, specialized knowledge of the HP-UX operating system. SAM discovers many aspects of a system's configuration through automated inquiries and tests. Help menus describe how to use SAM and perform various management tasks. Press the F1 function key for help on a currently highlighted field and for more information not covered in this man page. Status messages and a log file monitor keep the user informed of what SAM is doing.

Running SAM

SAM has been tuned to run in the Motif environment, but it can be run on text terminals as well. To run SAM in the Motif environment, be sure that Motif has been installed on your system, and that the DISPLAY environment variable is set to the system name on which the SAM screens should be displayed (or use the -display command line option).

Generally, SAM requires superuser (user root) privileges to execute successfully. However, SAM can be configured (through the use of "Restricted SAM"; see below) to allow subsets of its capabilities to be used by non-root users. When Restricted SAM is used, non-root users are promoted as root users when necessary to enable them to execute successfully.

By default, Restricted SAM executes all applications as superuser. However, certain applications like software distributor have their own security mechanism (swacl) and do not follow the Restricted SAM security model. In such cases, the application launched through Restricted SAM will be executed with the login id of the user, who invokes it.

Options

SAM recognizes the following options.

-display display

Set the DISPLAY value for the duration of the SAM session.

-f login

Execute SAM with the privileges associated with the specified login. When used in conjunction with -r, the Restricted SAM Builder is invoked and initialized with the privileges associated with the specified login. You must be a superuser to use this option. See "Restricted SAM" below for more information.

-r

Invoke the Restricted SAM Builder. This enables the system administrator to provide limited non-superuser access to SAM functionality. You must be a superuser to use this option. See "Restricted SAM" below for more information.

SAM Functional Areas

SAM performs these system administration tasks:

Auditing and Security (Trusted Systems)

  • Set global system security policies - Add, modify and remove commands from the list of authenticated commands.

  • Turn the Auditing system ON or OFF.

  • Set the parameters for the Audit Logs and Size Monitor.

  • View all or selected parts of the audit logs.

  • Modify (or view) which users, events, and/or system calls get audited.

  • Convert your system to a Trusted System.

  • Convert your system to a non-Trusted System.

Backup and Recovery

  • Interactively back up files to a valid backup device (cartridge tape, cartridge tape autochanger, magnetic tape, DAT, magneto-optical disk, or magneto-optical disk autochanger). The SAM interface is suspended so that you can read and/or respond to the interactive messages produced by fbackup (see fbackup(1M)).

  • Recover files online from a valid backup device. The SAM interface is suspended so that you can read/respond to the interactive messages produced by frecover (see frecover(1M)).

  • Add to, delete from, or view the automated backup schedule.

  • Obtain a list of files from a backup tape.

  • View various backup and recovery log files.

Disk and File Systems Management

  • Add, configure, or unconfigure disk devices, including hard drives, floppy drives, CD-ROMs, magneto-optical devices and disk arrays.

  • Add, modify, or remove local file systems, or convert them to long file names.

  • Configure HFS or VxFS file systems.

  • Remote (NFS) file systems configuration, including:

    • Add, modify, or remove remote (NFS) file systems.

    • Allow or disallow access by remote systems to local file systems.

    • Modify RPC (Remote Procedure Call) services' security.

  • Add, remove, or modify device or file system swap.

  • Change the primary swap device.

  • Examine, create, extend, or reduce a volume-group pool of disks.

  • Create, extend or change number of mirrored copies of a logical volume and associated file system.

  • Remove a logical volume or increase its size.

  • Split or merge mirrored copies of a logical volume.

  • Share or unshare volume groups (only on MC/ServiceGuard clusters running MC/ServiceGuard OPS Edition ).

Kernel Configuration

You can configure the kernel from the Web-based HP-UX Kernel Configuration tool (kcweb) or from the HP-UX kernel Configuration tool in Terminal User Interface (TUI) mode.

These tools help to diagnose problems related to certain kernel parameters. Alarms can also be set to proactively tune the kernel.

  • Add/remove static drivers and DLKM modules to/from a kernel.

  • Modify static and dynamic tunable parameter values in the kernel.

  • Reboot the system to make the static tunable values effective.

Networking and Communication

  • Configure one or more LAN cards.

  • Configure ARPA services.

  • Configure the Network File System (NFS).

  • Configure X.25 card or cards, and PAD (Packet Assembler/Disassembler) services (if X.25 has been purchased).

  • Configure DHCPv6 Server.

  • Configure default routes for the system.

  • Configure system clock and NTP server.

Peripheral Devices Management

You can configure cards and devices from the Web-based HP-UX Peripheral Device tool (pdweb) or from the HP-UX Peripheral Device tool in Terminal User Interface (TUI) mode. The following activities can be performed from this functional area:

  • Administer the LP spooler, associated printers, and plotters (see "Printer and Plotter Management" below).

  • Add, modify, or remove the configuration of disk devices.

  • Add or remove terminals and modems.

  • Configure terminal security policies (Trusted Systems only).

  • Lock and unlock terminals (Trusted Systems only).

  • Add or remove tape drives.

  • View disk space information.

  • Add or replace some PCI cards online.

Printer and Plotter Management

  • LP Spooler - Manage local, remote, and networked printers and plotters.

Process Management

  • Kill, stop or continue processes.

  • Change the nice priority of processes.

  • View the current status of processes.

  • Schedule periodic tasks via cron.

  • View current periodic (cron) tasks.

  • Run performance monitors.

  • Display system properties such as machine model and ID; number of installed processors, their version and speed; operating system release version; swap statistics, real, physical, and virtual memory statistics; network connection information.

Remote Administration

  • Configure remote systems for remote administration.

  • Execute SAM on systems configured for remote administration.

Routine Tasks

  • Shut down the system.

  • View and remove large files. Specify size and time-since-accessed of large files to display or remove.

  • View and remove unowned files. Specify size and time-since-accessed of unowned files to display or remove.

  • View and remove core files.

  • View and trim ASCII or non-ASCII log files. Add or remove files from the list of files to monitor. Set recommended size for trimming.

User and Group Account Management

  • Add, remove, view, and modify user accounts. SAM supports shadow mode only for password aging. A standard HP-UX system is converted to a shadow mode system by running the pwconv(1M) command. Refer to the pwconv(1M) man page and SAM's "Users and Groups" subarea online help for more information.

    Note: SAM does not support shadow mode on an NIS or NIS+ configuration.

  • Modify a user account's group membership.

  • Set up password aging for a user account.

  • Add, remove, view, and modify groups.

  • Deactivate and reactivate user accounts.

  • Manage trusted system security policies on a per-user basis.

Adding New Functionality to SAM

You can easily add stand-alone commands, programs, and scripts to SAM. SAM is suspended while the executable program is running. When it finishes, the SAM interface is restored. You can also write your own help screen for each menu item you create. To add functionality to SAM, select the "Add Custom Menu Item" or "Add Custom Menu Group" action items from the SAM Areas menu. (Note that the new item is added to the hierarchy that is currently displayed, so you need to navigate to the desired hierarchy before adding the item.)

Restricted SAM

SAM can be configured to provide a subset of its functionality to certain users or groups of users. It can also be used to build a template file for assigning SAM access restrictions on multiple systems. This is done through the Restricted SAM Builder. System administrators access the Restricted SAM Builder by invoking SAM with the -r option (see "Options" above). In the Builder, system administrators may assign subsets of SAM functionality on a per-user or per-group basis. Once set up, the -f option (see "Options" above) can then be used by system administrators to verify that the appropriate SAM functional areas, and only those areas, are available to the specified user.

A non-root user who has been given Restricted SAM privileges simply executes the /usr/sbin/sam command and sees only those areas the user is privileged to access. For security reasons, the "List" and "Shell Escape" choices are not provided. (Note that some SAM functional areas require the user to be promoted to root in order to execute successfully. SAM does this automatically as needed.)

SAM provides a default set of SAM functional areas that the system administrator can assign to other users. Of course, system administrators are able to assign custom lists of SAM functional areas to users as necessary.

SAM Logging

All actions taken by SAM are logged into the SAM log file /var/sam/log/samlog. The log entries in this file can be viewed via the SAM utility samlog_viewer (see samlog_viewer(1)). samlog_viewer can filter the log file by user name, by time of log entry creation, and by level of detail.

The "Options" menu in the SAM Areas menu enables you to start a log file viewer and to control certain logging options. These options include whether SAM should automatically invoke the log file viewer whenever SAM is executed, whether SAM should trim the log file automatically, and what is the maximum log file size that should be enforced if automatic log file trimming is selected.

VT320 Terminal Support

Because the VT320 terminal has predefined local functions for keys labeled as F1, F2, F3 and F4, users should use following mapping when they desire to use function keys:

HP or Wyse60

VT320 or HP 700/60 in VT320 mode

F1

PF2 (1)

F2

PF1 (1)

F3

spacebar

F4

PF3 (1)

F5

F10, [EXIT], F5 (2)

F6

none

F7

F18, first unlabeled key to right of Pause/Break (2)

F8

F19, second unlabeled key to right of Pause/Break (2)

(1)

See the "Configuration: HP 700/60 in DEC mode, or DEC terminals with PC-AT-type keyboard" subsection below.

(2)

When using PC-AT keyboard with HP 700/60 in VT320 mode.

Since DEC terminals do not support the softkey menu, that menu is not displayed on those terminals.

Many applications use TAB for forward navigation (moving from one field to another) and shift-TAB for backward navigation. Users having DEC terminals or using terminals in DEC emulation modes such as VT100 or VT320 may note that these terminals/emulators may produce the same character for TAB and shift-TAB. As such, it is impossible for an application to distinguish between the two and both of them are treated as if the TAB key was pressed. This presents an inconvenience to users if they want to go backward. In most cases, they should complete rest of the input fields and get back to the desired field later.

VT100 Terminal Support

VT100 does not allow the F1-F8 function keys to be configured. Therefore, the following keyboard mappings apply to VT100 terminals:

HP or Wyse60

VT100 or HP 700/60 in VT100 mode

F1

PF2 (1)

F2

PF1 (1)

F3

spacebar

F4

PF3, spacebar or PF3, = (1)

F5

Return

F6

none

F7

none

F8

none

(1)

See the "Configuration: HP 700/60 in DEC mode, or DEC terminals with PC-AT-type keyboard" subsection below.

See the comments on softkeys and TAB keys in the "VT320 Terminal Support" subsection above.

Configuration: HP 700/60 Terminal in DEC Mode, or DEC Terminal with PC-AT-Type Keyboard

Customers using the following configuration may want to be aware of the following keyboard difference.

It may be possible for a user with the "HP 700/60 terminal in DEC mode, or DEC terminal with PC-AT-type keyboard" configuration to be told to press function key F1 through F4 to achieve some desired result. For an HP 700/60 terminal in DEC mode or DEC terminals, these functions keys may be mapped onto PF1-PF4 keys. However, the PC-AT-type keyboard does not provide PF1-PF4 keys, as does the DEC/ANSI keyboard.

Key

Maps to

Num Lock

PF1

/

PF2

*

PF3

-

PF4

These keys are above the number pad on the right side of the keyboard. Please note that although this keyboard is called a PC AT-type keyboard, it is supplied by HP. A PC AT-type keyboard can be recognized by location of Esc key at the left-top of the keyboard.

Wyse60 Terminal Support

On Wyse60, use the DEL key (located next to Backspace) to backspace. On an HP 700/60 with a PC AT-type keyboard in Wyse60 mode, the DEL key is located in the bottom row on the number pad.

Wyse60 terminals provide a single line to display softkey labels unlike HP terminals which provide two lines. Sometimes this may result in truncated softkey labels. For example, the Help on Context label for F1 may appear as Help on C. Some standard labels for screen-oriented applications, such as SAM and swinstall are as follows:

The SAM label:

May appear on the Wyse60 as:

Help On Context

Help On C

Select/Deselect

Select/D

Menubar on/off

Menubar

DEPENDENCIES

SAM runs in an X Window environment as well as on the following kinds of terminals or terminal emulators:

  • HP-compatible terminal with programmable function keys and on-screen display of function key labels.

  • VT-100 and VT-320

  • WY30 and WY60

Depending on what other applications are running concurrently with SAM, more swap space may be required. SAM requires the following amount of internal memory:

8 MB

If using terminal based version of SAM.

16 MB

If using Motif X Window version of SAM.

For more detailed information about how to use SAM on a terminal, see the Managing Systems and Workgroups manual.

AUTHOR

sam was developed by HP.

FILES

/etc/sam/custom

Directory where SAM stores user privileges

/etc/sam/rmfiles.excl

File containing a list of files and directories that are excluded from removal by SAM

/etc/sam/rmuser.excl

File containing a list of users that are excluded from removal by SAM

/usr/sam/bin

Directory containing executable files, which can be used outside of any SAM session

/usr/sam/help/$LANG

Directory containing SAM language specific online help files

/usr/sam/lbin

Directory containing SAM executables, which are intended only for use by SAM and are not supported in any other context

/usr/sam/lib

Directory for internal configuration files

/var/sam

Directory for working space, including lock files (if a SAM session dies, it may leave behind a spurious lock file), preferences, logging, and temporary files

/var/sam/log/samlog

File containing unformatted SAM logging messages. This file should not be modified by users Use samlog_viewer to view the contents of this file (see samlog_viewer(1))

/var/sam/log/samlog.old

Previous SAM log file. This file is created by SAM when /var/sam/log/samlog is larger than the user specified limit. Use samlog_viewer with its -f option to view the contents of this file (see samlog_viewer(1))

SEE ALSO

samlog_viewer(1), parmgr(1M), kcweb(1M), pdweb(1M).

These manuals are available on the Web at docs.hp.com:

  • Managing Systems and Workgroups

  • Installing and Administering Internet Services

  • Installing and Administering LAN/9000

  • Installing and Administering NFS Services

  • X.25/9000 User's Manual



sa1
  		 


sar