unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 sam(1M)							     sam(1M)




 NAME
      sam - system administration manager

 SYNOPSIS
      /usr/sbin/sam [-display display] [-f login] [-r]

 DESCRIPTION
      The sam command starts a menu-driven System Administration Manager
      program (SAM) for performing system administration tasks with only
      limited, specialized knowledge of the HP-UX operating system.  SAM
      discovers most aspects of a system's configuration through automated
      inquiries and tests.  Help menus describe how to use SAM and perform
      the various management tasks.  Press the F1 function key for help on a
      currently highlighted field and for more information not covered in
      this manpage.  Status messages and a log file monitor keep the user
      informed of what SAM is doing.

    Running SAM
      SAM has been tuned to run in the Motif environment, but it can be run
      on text terminals as well.  To run SAM in the Motif environment, be
      sure that Motif has been installed on your system, and that the
      DISPLAY environment variable is set to the system name on which the
      SAM screens should be displayed (or use the -display command line
      option).

      Generally, SAM requires superuser (user root) privileges to execute
      successfully.  However, SAM can be configured (through the use of
      "Restricted SAM"; see below) to allow subsets of its capabilities to
      be used by non-root users. When Restricted SAM is used, non-root users
      are promoted to root when necessary to enable them to execute
      successfully.

      By default, Restricted SAM executes all applications as superuser.
      However, certain applications like software distributor have their own
      security mechanism (swacl) and do not follow the Restricted SAM
      security model.  In such cases, the application launched through
      Restricted SAM will be executed with the login id of the user, who
      invokes it.

    Options
      SAM recognizes the following options.

	   -display display    Set the DISPLAY value for the duration of the
			       SAM session.

	   -f login	       Execute SAM with the privileges associated
			       with the specified login.  When used in
			       conjunction with -r, the Restricted SAM
			       Builder is invoked and initialized with the
			       privileges associated with the specified
			       login.  You must be a superuser to use this



 Hewlett-Packard Company	    - 1 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




			       option.	See "Restricted SAM" below for more
			       information.

	   -r		       Invoke the Restricted SAM Builder.  This
			       enables the system administrator to provide
			       limited non-superuser access to SAM
			       functionality.  You must be a superuser to
			       use this option.	 See "Restricted SAM" below
			       for more information.

    SAM Functional Areas
      SAM performs these system administration tasks:

      Auditing and Security (Trusted Systems)

	   +  Set global system security policies - Add, modify and remove
	      commands from the list of Authenticated commands.

	   +  Turn the Auditing system on or off.

	   +  Set the parameters for the Audit Logs and Size Monitor.

	   +  View all or selected parts of the audit logs.

	   +  Modify (or view) which users, events, and/or system calls get
	      audited.

	   +  Convert your system to a Trusted System.

	   +  Convert your system to a non-Trusted System.

      Backup and Recovery

	   +  Interactively back up files to a valid backup device
	      (cartridge tape, cartridge tape autochanger, magnetic tape,
	      DAT, magneto-optical disk, or magneto-optical disk
	      autochanger).  The SAM interface is suspended so that you can
	      read and/or respond to the interactive messages produced by
	      fbackup (see fbackup(1M)).

	   +  Recover files online from a valid backup device.	The SAM
	      interface is suspended so that you can read/respond to the
	      interactive messages produced by frecover (see frecover(1M)).

	   +  Add to, delete from, or view the automated backup schedule.

	   +  Obtain a list of files from a backup tape.

	   +  View various backup and recovery log files.





 Hewlett-Packard Company	    - 2 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




      Disk and File Systems Management

	   +  Add, configure, or unconfigure disk devices,  including hard
	      drives, floppy drives, CD-ROMs, magneto-optical devices and
	      disk arrays.

	   +  Add, modify, or remove local file systems, or convert them to
	      long file names.

	   +  Configure HFS or VxFS file systems.

	   +  Remote (NFS) file systems configuration, including:

		   +  Add, modify, or remove remote (NFS) file systems.

		   +  Allow or disallow access by remote systems to local
		      file systems.

		   +  Modify RPC (Remote Procedure Call) services' security.

	   +  Add, remove, or modify device or file system swap.

	   +  Change the primary swap device.

	   +  Add, modify, or remove dump devices.

	   +  Examine, create, extend, or reduce a volume-group pool of
	      disks.

	   +  Create, extend or change number of mirrored copies of a
	      logical volume and associated file system.

	   +  Remove a logical volume or increase its size.

	   +  Split or merge mirrored copies of a logical volume.

	   +  Share or unshare volume groups (only on ServiceGuard clusters
	      running MC/LockManager distributed lock-manager software).

      Kernel and Device Configuration

	   +  Add/remove static drivers and DLKM modules to/from a kernel.

	   +  Modify static and dynamic tunable parameter values in the
	      kernel.

	   +  Modify dump device configuration in the kernel.

	   +  Add or remove optional subsystems such as NFS, LAN, NS, CD-
	      ROM, etc.




 Hewlett-Packard Company	    - 3 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




	   +  Generate a new kernel.

      Networks/Communications

	   +  Configure one or more LAN cards.

	   +  Configure ARPA services.

	   +  Configure the Network File System (NFS).

	   +  Configure X.25 card or cards and PAD (Packet
	      Assembler/Disassembler) services (if X.25 has been purchased).

      Peripheral Devices Management

	   +  Administer the LP spooler or Distributed Print Services and
	      associated printers and plotters (see "Printer and Plotter
	      Management" below).

	   +  Add, modify, or remove the configuration of disk devices.

	   +  Add or remove terminals and modems.

	   +  Configure terminal security policies (Trusted Systems only).

	   +  Lock and unlock terminals (Trusted Systems only).

	   +  Add or remove tape drives.

	   +  Add or remove hardware interface cards.

	   +  View current configuration of peripherals and disk space
	      information.

      Printer and Plotter Management
      SAM supports two methods for managing printers and plotters:

	   +  LP Spooler - Manage local, remote, and networked printers and
	      plotters.

	   +  HP Distributed Print Service (HPDPS) - Manage physical
	      printers (parallel, serial, or network interface and remote
	      printers), logical printers, print queues, spoolers, and
	      supervisors.

      Process Management

	   +  Kill, stop or continue processes.

	   +  Change the nice priority of processes.




 Hewlett-Packard Company	    - 4 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




	   +  View the current status of processes.

	   +  Schedule periodic tasks via cron.

	   +  View current periodic (cron) tasks.

	   +  Run performance monitors.

	   +  Display system properties such as:  machine model and ID;
	      number of installed processors, their version and speed;
	      operating-system release version; swap statistics, real,
	      physical, and virtual memory statistics; network connection
	      information.

      Remote Administration

	   +  Configure remote systems for remote administration.

	   +  Execute SAM on systems configured for remote administration.

      Routine Tasks

	   +  Shut down the system.

	   +  View and remove large files.  Specify size and time-since-
	      accessed of large files to display or remove.

	   +  View and remove unowned files.  Specify size and time-since-
	      accessed of unowned files to display or remove.

	   +  View and remove core files.

	   +  View and trim ASCII or non-ASCII log files.  Add or remove
	      files from the list of files to monitor.	Set recommended size
	      for trimming.

      User and Group Account Management

	   +  Add, remove, view, and modify user accounts.

	   +  Modify a user account's group membership.

	   +  Set up password aging for a user account.

	   +  Add, remove, view, and modify groups.

	   +  Deactivate and reactivate user accounts.

	   +  Manage trusted system security policies on a per-user basis.





 Hewlett-Packard Company	    - 5 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




    Adding New Functionality to SAM
      You can easily add stand-alone commands, programs, and scripts to SAM.
      SAM is suspended while the executable program is running.	 When it
      finishes, the SAM interface is restored.	You can also write your own
      help screen for each menu item you create.  To add functionality to
      SAM, select the "Add Custom Menu Item" or "Add Custom Menu Group"
      action items from the SAM Areas menu.  (Note that the new item is
      added to the hierarchy that is currently displayed, so you need to
      navigate to the desired hierarchy before adding the item.)

    Restricted SAM
      SAM can be configured to provide a subset of its functionality to
      certain users or groups of users.	 It can also be used to build a
      template file for assigning SAM access restrictions on multiple
      systems.	This is done through the Restricted SAM Builder.  System
      administrators access the Restricted SAM Builder by invoking SAM with
      the -r option (see "Options" above).  In the Builder, system
      administrators may assign subsets of SAM functionality on a per-user
      or per-group basis.  Once set up, the -f option (see "Options" above)
      can then be used by system administrators to verify that the
      appropriate SAM functional areas, and only those areas, are available
      to the specified user.

      A nonroot user that has been given Restricted SAM privileges simply
      executes /usr/sbin/sam and sees only those areas the user is
      privileged to access.  For security reasons, the "List" and "Shell
      Escape" choices are not provided.	 (Note that some SAM functional
      areas require the user to be promoted to root in order to execute
      successfully.  SAM does this automatically as needed.)

      SAM provides a default set of SAM functional areas that the system
      administrator can assign to other users.	Of course, system
      administrators are able to assign custom lists of SAM functional areas
      to users as necessary.

    SAM Logging
      All actions taken by SAM are logged into the SAM log file
      /var/sam/log/samlog.  The log entries in this file can be viewed via
      the SAM utility samlog_viewer (see samlog_viewer(1)).  samlog_viewer
      can filter the log file by user name, by time of log entry creation,
      and by level of detail.

      The "Options" menu in the SAM Areas Menu enables you to start a log
      file viewer and to control certain logging options.  These options
      include whether or not SAM should automatically start a log file
      viewer whenever SAM is executed, whether or not SAM should trim the
      log file automatically, and what maximum log file size should be
      enforced if automatic log file trimming is selected.

    VT320 Terminal Support
      Because the VT320 terminal has predefined local functions for keys



 Hewlett-Packard Company	    - 6 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




      labeled as F1, F2, F3 and F4, users should use following mapping when
      they desire to use function keys:

	   HP or Wyse60	       VT320 or HP 700/60 in VT320 mode

	   F1		       PF2 (1)
	   F2		       PF1 (1)
	   F3		       spacebar
	   F4		       PF3 (1)
	   F5		       F10, [EXIT], F5 (2)
	   F6		       none
	   F7		       F18, first unlabeled key to right of
			       Pause/Break (2)
	   F8		       F19, second unlabeled key to right of
			       Pause/Break (2)

		(1)  See the "Configuration: HP 700/60 in DEC mode, or DEC
		     terminals with PC-AT-type keyboard" subsection below.

		(2)  When using PC-AT keyboard with HP 700/60 in VT320 mode.

      Since DEC terminals do not support the softkey menu, that menu is not
      displayed on those terminals.

      Many applications use TAB for forward navigation (moving from one
      field to another) and shift-TAB for backward navigation.	Users having
      DEC terminals or using terminals in DEC emulation modes such as VT100
      or VT320 may note that these terminals/emulators may produce the same
      character for TAB and shift-TAB.	As such, it is impossible for an
      application to distinguish between the two and both of them are
      treated as if the TAB key was pressed.  This presents an inconvenience
      to users if they want to go backward.  In most cases, they should
      complete rest of the input fields and get back to the desired field
      later.

    VT100 Terminal Support
      VT100 does not allow the F1-F8 function keys to be configured.
      Therefore, the following keyboard mappings apply to VT100 terminals:

	   HP or Wyse60	       VT100 or HP 700/60 in VT100 mode

	   F1		       PF2 (1)
	   F2		       PF1 (1)
	   F3		       spacebar
	   F4		       PF3, spacebar or PF3, = (1)
	   F5		       Return
	   F6		       none
	   F7		       none
	   F8		       none





 Hewlett-Packard Company	    - 7 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




		(1)  See the "Configuration: HP 700/60 in DEC mode, or DEC
		     terminals with PC-AT-type keyboard" subsection below.

      See the comments on softkeys and TAB keys in the "VT320 Terminal
      Support" subsection above.

    Configuration: HP 700/60 Terminal in DEC Mode, or DEC Terminal with PC-
      AT-Type Keyboard
      Customers using the following configuration may want to be aware of
      the following keyboard difference.

      It may be possible for a user with the "HP 700/60 terminal in DEC
      mode, or DEC terminal with PC-AT-type keyboard" configuration to be
      told to press function key F1 through F4 to achieve some desired
      result.  For an HP 700/60 terminal in DEC mode or DEC terminals, these
      functions keys may be mapped onto PF1-PF4 keys.  However, the PC-AT-
      type keyboard does not provide PF1-PF4 keys, as does the DEC/ANSI
      keyboard.

	   Key		       Maps to

	   Num Lock	       PF1
	   /		       PF2
	   *		       PF3
	   -		       PF4

      These keys are above the number pad on the right side of the keyboard.
      Please note that although this keyboard is called a PC AT-type
      keyboard, it is supplied by HP.  A PC AT-type keyboard can be
      recognized by location of Esc key at the left-top of the keyboard.

    Wyse60 Terminal Support
      On Wyse60, use the DEL key (located next to Backspace) to backspace.
      On an HP 700/60 with a PC AT-type keyboard in Wyse60 mode, the DEL key
      is located in the bottom row on the number pad.

      Wyse60 terminals provide a single line to display softkey labels
      unlike HP terminals which provide two lines.  Sometimes this may
      result in truncated softkey labels.  For example, the Help on Context
      label for F1 may appear as Help on C.  Some standard labels for
      screen-oriented applications, such as SAM and swinstall are as
      follows:

	   The SAM label:	    May appear on the Wyse60 as:

	   Help On Context	    Help On C
	   Select/Deselect	    Select/D
	   Menubar on/off	    Menubar

 DEPENDENCIES
      SAM runs in an X Window environment as well as on the following kinds



 Hewlett-Packard Company	    - 8 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




      of terminals or terminal emulators:

	   +  HP-compatible terminal with programmable function keys and
	      on-screen display of function key labels.

	   +  VT-100 and VT-320

	   +  WY30 and WY60

      Depending on what other applications are running concurrently with
      SAM, more swap space may be required.  SAM requires the following
      amounts of internal memory:

	   8 MB	     If using terminal based version of SAM.
	   16 MB     If using Motif X Window version of SAM.

      For more detailed information about how to use SAM on a terminal, see
      the Managing Systems and Workgroups manual.

 AUTHOR
      sam was developed by HP.

 FILES
      /etc/sam/custom	       Directory where SAM stores user privileges.

      /etc/sam/rmfiles.excl    File containing a list of files and
			       directories that are excluded from removal by
			       SAM.

      /etc/sam/rmuser.excl     File containing a list of users that are
			       excluded from removal by SAM.

      /usr/sam/bin	       Directory containing executable files, which
			       can be used outside of any SAM session.

      /usr/sam/help/$LANG      Directory containing SAM language specific
			       online help files.

      /usr/sam/lbin	       Directory containing SAM executables, which
			       are intended only for use by SAM and are not
			       supported in any other context.

      /usr/sam/lib	       Directory for internal configuration files.

      /var/sam		       Directory for working space, including lock
			       files (if a SAM session dies, it may leave
			       behind a spurious lock file), preferences,
			       logging, and temporary files.

      /var/sam/log/samlog      File containing unformatted SAM logging
			       messages.  This file should not be modified



 Hewlett-Packard Company	    - 9 -HP-UX Release 11.11: September 2002






 sam(1M)							     sam(1M)




			       by users.  Use samlog_viewer to view the
			       contents of this file (see samlog_viewer(1)).

      /var/sam/log/samlog.old  Previous SAM log file. This file is created
			       by SAM when /var/sam/log/samlog is larger
			       than the user specified limit. Use
			       samlog_viewer with its -f option to view the
			       contents of this file (see samlog_viewer(1)).

 SEE ALSO
      samlog_viewer(1), parmgr(1M).

      These manuals are available on the Web at docs.hp.com:

      +	 Managing Systems and Workgroups

      +	 Installing and Administering Internet Services

      +	 Installing and Administering LAN/9000

      +	 Installing and Administering NFS Services

      +	 X.25/9000 User's Manual































 Hewlett-Packard Company	   - 10 -HP-UX Release 11.11: September 2002