Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

secconfig(8) [osf1 man page]

secconfig(8)						      System Manager's Manual						      secconfig(8)

NAME

       secconfig, secsetup - Security features setup graphical interface (Enhanced Security)

SYNOPSIS

       /usr/sbin/sysman secconfig

       NOTE:  The secsetup utility has been replaced by the secconfig graphical interface.

DESCRIPTION

       The  utility  is  a  graphical interface used to select the level of system security needed.  It can convert from Base to enhanced security
       mode, and configure base and enhanced security features.  If you are using secconfig to enable  Enhanced  security,  you  must  first  have
       loaded the enhanced security subsets.

       You can run while the system is in multiuser mode.  However, if you change the security level, the change is not completed until you reboot
       the system.

       For both base and enhanced security, the secconfig utility allows you to enable segment sharing, to enable access control lists (ACLs), and
       to restrict the setting of the execute bit to root only.

       For enhanced security, the secconfig utility additionally allows you to configure security support from simple shadow passwords all the way
       to a strict C2 level of security.  Shadow password support is an easy method for system administrators, who do not wish to use all  of  the
       extended  security features, to move each user's password out of /etc/passwd and into the extended user profile database (auth.db.  You can
       use the Custom mode if you wish to select additional security features, such as breakin detection and evasion, automatic database trimming,
       and password controls.

       When  converting from base to enhanced security, secconfig updates the system default database (/etc/auth/system/default) and uses the con-
       vuser utility to migrate user accounts.

       While it is possible to convert user accounts from enhanced back to base, the default encryption algorithms and supported password  lengths
       differ between base and enhanced security, and thus user account conversions do not succeed without a password change.

       NOTE: Because of the page table sharing mechanism used for shared libraries, the normal file system permissions are not adequate to protect
       against unauthorized reading.  The secconfig interface allows you to disable segment sharing.  The change in segment sharing  takes  effect
       at the next reboot.

FILES

RELATED INFORMATION

       acl(4), authcap(4), default(4), convuser(8),
       Security delim off

																      secconfig(8)

Check Out this Related Man Page

dxsetacl(8X)															      dxsetacl(8X)

NAME

       dxsetacl - Graphical interface for setting the ACL on a file or directory

SYNOPSIS

       /usr/bin/X11/dxsetacl [arguments...]

OPTIONS

       The name of the file or directory to operate on.  The regular X resources can be supplied to dxsetacl on the command line.

DESCRIPTION

       The dxsetacl command provides a graphical interface for examining and setting file access control lists (ACLs).

       If  a  path is specified on the command line, the file system object represented by path is used as the target of the command. In addition,
       there is a Find Object area on the main dialog box. A path may be typed in, or located by browsing the file system. A file reference may be
       dragged	from  a  CDE application, such as the File Manager, and dropped on the Find Object area. Once an object is selected, its full path
       name, object type, owner, and group are displayed along with the ACL.

       The ACL is displayed, one entry per line, in a list widget. Clicking on an entry selects it.  Double clicking on an entry or selecting  the
       Change Entry button brings up a dialog that allows the fields of the entry to be modified.  Clicking on the Delete Entry button removes the
       entry.  The owning user, owning group, and other user entries may be modified but not deleted.  (See acl(4) for more information.)  The New
       Entry button may be used to create a new group or user entry.

       If  the	object	is a regular file, device special file, or UNIX domain socket, it only has an access ACL. If the object is a directory, it
       has an access ACL, a default access ACL, and a default directory ACL. Which ACL of a directory is being edited may be selected with a radio
       button.

									  Note

       The dxsetacl command will show and set ACLs on file system objects, regardless of whether ACLs are used by the system for access decisions.
       The sysman secconfig utility is used to enable ACL checking.

SEE ALSO

       Commands: X(1X), secconfig(8)

       Files: acl(4)

																      dxsetacl(8X)
Man Page