This manual describes how to use, administer, and write programs for the Digital UNIX® operating system with the optional enhanced security subsets installed. It also provides information about traditional UNIX security.
Part 1 is directed toward general users. It is not intended for users of secure programs, because such programs typically hide the secure interface after the login has been completed.
Part 2 is directed toward experienced system administrators and is not appropriate for novice administrators. System administrators should be familiar with security concepts and procedures.
Part 3 is intended for programmers who are modifying or creating security-relevant programs (trusted programs) and anyone who modifies or adds to the trusted computing base. You should be familiar with programming in C on UNIX systems.
This release of Digital UNIX adds access control lists (ACLs) to improve the security capabilities of the operating system. Chapters in the User, Administration, and Programming sections are added to document this new feature. Several reference pages that document the ACL commands and routines are also available on line. Use the man -k acl command to get a listing of the ACL-specific reference pages.
Object selection and deselection features are added to the audit subsystem. See Section 10.3.2 for more information.
Several authentication programming interfaces are added and changed in this release. The new APIs allow the authentication data structures to be extended. See Section 18.1 for more information.
The manual is divided into three parts as follows:
Part 1: User's Guide to Security
This part describes the enhanced security features of the Digital UNIX system that relate to the general user. It also includes general information about connecting to other systems and using a windows environment.
Part 2: Administrator's Guide to Security
This part explains concepts that are fundamental to administering a trusted Digital UNIX operating system and describes tools and procedures for administrative tasks. It is both task-oriented and conceptual.
Part 3: Programmer's Guide to Security
This part describes the Digital UNIX security features to those who must modify or add security-relevant programs (trusted programs). It presents guidelines and practices for writing these programs and describes specific Digital UNIX interfaces. This part also describes the use of the Digital UNIX security facilities: system calls, libraries, and databases.
This manual has 21 chapters, 5 appendixes, a glossary, and an index:
The following documents provide additional information about security issues in the Digital UNIX system:
Command and Shell User's Guide
Common Desktop Environment documentation
Installation Guide
System Administration
Programmer's Guide
Reference Pages
The following are documents available from O'Reilly and Associates, Inc. that will help you understand security concepts and procedures:
Computer Security Basics
Practical UNIX Security
The following are reference documents available from the United States Department of Defense that you may find useful:
Trusted Computer System Evaluation Criteria (TCSEC or Orange Book)
Password Management Guideline (Green Book)
A Guide to Understanding Audit in Trusted Systems
The following document may be of interest to users outside the U.S.
Information Technology Security Evaluation Criteria (ITSEC).
The printed version of the Digital UNIX documentation set is color coded to help specific audiences quickly find the books that meet their needs. (You can order the printed documentation from Digital.) This color coding is reinforced with the use of an icon on the spines of books. The following list describes this convention:
Audience | Icon | Color Code |
General users | G | Blue |
System and network administrators | S | Red |
Programmers | P | Purple |
Device driver writers | D | Orange |
Reference page users | R | Green |
Some books in the documentation set help meet the needs of several audiences. For example, the information in some system books is also used by programmers. Keep this in mind when searching for information on specific topics.
The Documentation Overview, Glossary, and Master Index provides information on all of the books in the Digital UNIX documentation set.
Digital welcomes any comments and suggestions you have on this and other Digital UNIX manuals.
You can send your comments in the following ways:
A Reader's Comment form is located on your system in the following location:
/usr/doc/readers_comment.txt
Digital Equipment Corporation
UEG Publications Manager
ZK03-3/Y32
110 Spit Brook Road
Nashua, NH 03062-9987
A Reader's Comment form is located in the back of each printed manual. The form is postage paid if you mail it in the United States.
Please include the following information along with your comments:
The Digital UNIX Publications group cannot respond to system problems or technical support inquiries. Please address technical questions to your local system vendor or to the appropriate Digital technical support office. Information provided with the software media explains how to send problem reports to Digital.
This document uses the following typographic conventions:
%
$ |
A percent sign represents the C shell system prompt. A dollar sign represents the system prompt for the Bourne and Korn shells. |
# | A number sign represents the superuser prompt. |
% cat | Boldface type in interactive examples indicates typed user input. |
file | Italic (slanted) type indicates variable values, placeholders, and function argument names. |
[ | ]
{ | } |
In syntax definitions, brackets indicate items that are optional and braces indicate items that are required. Vertical bars separating items inside brackets or braces indicate that you choose one item from among those listed. |
. . . | In syntax definitions, a horizontal ellipsis indicates that the preceding item can be repeated one or more times. |
cat(1) | A cross-reference to a reference page includes the appropriate section number in parentheses. For example, cat(1) indicates that you can find information on the cat command in Section 1 of the reference pages. |
[Return] | In an example, a key name enclosed in a box indicates that you press that key. |
Ctrl/x | This symbol indicates that you hold down the first named key while pressing the key or mouse button that follows the slash. In examples, this key combination is enclosed in a box (for example, [Ctrl/C]). |
Alt x | Multiple key or mouse button names separated by spaces indicate that you press and release each in sequence. In examples, each key in the sequence is enclosed in a box (for example, [Alt] [Q]). |
Menu->Option->
Submenu Option |
The right arrow indicates an abbreviated instruction for choosing a menu
option or submenu option. The following example means pulldown the
Modify menu, move the pointer to pull down the Image submenu, and choose
the Clear option:
Choose Modify->Image->Clear |