db_archive - displays security database log files no longer involved in
active transactions (Enhanced Security)
/usr/tcb/bin/db_archive [-alsv] [-h home]
-a Write all pathnames as absolute pathnames, instead of relative to the
database home directories.
Specify a home directory for the database. The correct directory for
enhanced security is /var/tcb/files.
-l Write out the pathnames of all of the database log files, whether or
not they are involved in active transactions.
-s Write the pathnames of all of the database files that need to be
archived in order to recover the database from catastrophic failure.
If any of the database files have not been accessed during the lifetime
of the current log files, db_archive does not include them in this out-
It is possible that some of the files referenced in the log have since
been deleted from the system. In this case, db_archive ignores them.
When db_recover is run, any files referenced in the log that are not
present during recovery are assumed to have been deleted and are not be
-v Run in verbose mode, listing the checkpoints in the log files as they
A customized version of the Berkeley Database (Berkeley DB) is embedded in
the operating system to provide high-performance database support for crit-
ical security files. The DB includes full transactional support and data-
base recovery, using write-ahead logging and checkpointing to record
The db_archive utility is provided for maintenance of the log files associ-
ated with the security database. It writes the pathnames of log files that
are no longer in use (that is, no longer involved in active transactions),
to the standard output, one pathname per line. These log files should be
written to backup media to provide for recovery in the case of catastrophic
failure (which also requires a snapshot of the database files), but they
may then be deleted from the system to reclaim disk space. You should per-
form a db_checkpoint -1 before using db_archive.
The secconfig utility can create a cron job that periodically checks the
security log files and deletes those no longer in use, as determined by
db_archive. Be sure to coordinate this with the site backup schedule.
The db_archive utility attaches to one or more of the Berkeley DB shared
memory regions. In order to avoid region corruption, it should always be
given the chance to detach and exit gracefully. To cause db_archive to
clean up after itself and exit, send it an interrupt signal (SIGINT).
The db_archive utility exits 0 on success, and >0 if an error occurs.
DB_HOME If the -h option is not specified and the environment variable
DB_HOME is set, it is used as the path of the database home. The
home directory for security is /var/tcb/files.
Commands: db_checkpoint(8), db_dump(8), db_load(8), db_printlog(8),
db_recover(8), db_stat(8), secconfig(8)