sam(1M) sam(1M)
NAME [Toc] [Back]
sam - system administration manager
SYNOPSIS [Toc] [Back]
/usr/sbin/sam [-display display] [-f login] [-r]
DESCRIPTION [Toc] [Back]
The sam command starts a menu-driven System Administration Manager
program (SAM) for performing system administration tasks with only
limited, specialized knowledge of the HP-UX operating system. SAM
discovers many aspects of a system's configuration through automated
inquiries and tests. Help menus describe how to use SAM and perform
various management tasks. Press the F1 function key for help on a
currently highlighted field and for more information not covered in
this man page. Status messages and a log file monitor keep the user
informed of what SAM is doing.
Running SAM [Toc] [Back]
SAM has been tuned to run in the Motif environment, but it can be run
on text terminals as well. To run SAM in the Motif environment, be
sure that Motif has been installed on your system, and that the
DISPLAY environment variable is set to the system name on which the
SAM screens should be displayed (or use the -display command line
option).
Generally, SAM requires superuser (user root) privileges to execute
successfully. However, SAM can be configured (through the use of
"Restricted SAM"; see below) to allow subsets of its capabilities to
be used by non-root users. When Restricted SAM is used, non-root users
are promoted as root users when necessary to enable them to execute
successfully.
By default, Restricted SAM executes all applications as superuser.
However, certain applications like software distributor have their own
security mechanism (swacl) and do not follow the Restricted SAM
security model. In such cases, the application launched through
Restricted SAM will be executed with the login id of the user, who
invokes it.
Options [Toc] [Back]
SAM recognizes the following options.
-display display Set the DISPLAY value for the duration of the
SAM session.
-f login Execute SAM with the privileges associated
with the specified login. When used in
conjunction with -r, the Restricted SAM
Builder is invoked and initialized with the
privileges associated with the specified
login. You must be a superuser to use this
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
option. See "Restricted SAM" below for more
information.
-r Invoke the Restricted SAM Builder. This
enables the system administrator to provide
limited non-superuser access to SAM
functionality. You must be a superuser to
use this option. See "Restricted SAM" below
for more information.
SAM Functional Areas [Toc] [Back]
SAM performs these system administration tasks:
Auditing and Security (Trusted Systems) [Toc] [Back]
+ Set global system security policies - Add, modify and remove
commands from the list of authenticated commands.
+ Turn the Auditing system ON or OFF.
+ Set the parameters for the Audit Logs and Size Monitor.
+ View all or selected parts of the audit logs.
+ Modify (or view) which users, events, and/or system calls get
audited.
+ Convert your system to a Trusted System.
+ Convert your system to a non-Trusted System.
Backup and Recovery [Toc] [Back]
+ Interactively back up files to a valid backup device
(cartridge tape, cartridge tape autochanger, magnetic tape,
DAT, magneto-optical disk, or magneto-optical disk
autochanger). The SAM interface is suspended so that you can
read and/or respond to the interactive messages produced by
fbackup (see fbackup(1M)).
+ Recover files online from a valid backup device. The SAM
interface is suspended so that you can read/respond to the
interactive messages produced by frecover (see frecover(1M)).
+ Add to, delete from, or view the automated backup schedule.
+ Obtain a list of files from a backup tape.
+ View various backup and recovery log files.
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
Disk and File Systems Management [Toc] [Back]
+ Add, configure, or unconfigure disk devices, including hard
drives, floppy drives, CD-ROMs, magneto-optical devices and
disk arrays.
+ Add, modify, or remove local file systems, or convert them to
long file names.
+ Configure HFS or VxFS file systems.
+ Remote (NFS) file systems configuration, including:
+ Add, modify, or remove remote (NFS) file systems.
+ Allow or disallow access by remote systems to local
file systems.
+ Modify RPC (Remote Procedure Call) services' security.
+ Add, remove, or modify device or file system swap.
+ Change the primary swap device.
+ Examine, create, extend, or reduce a volume-group pool of
disks.
+ Create, extend or change number of mirrored copies of a
logical volume and associated file system.
+ Remove a logical volume or increase its size.
+ Split or merge mirrored copies of a logical volume.
+ Share or unshare volume groups (only on MC/ServiceGuard
clusters running MC/ServiceGuard OPS Edition ).
Kernel Configuration [Toc] [Back]
You can configure the kernel from the Web-based HP-UX Kernel
Configuration tool (kcweb) or from the HP-UX kernel Configuration tool
in Terminal User Interface (TUI) mode.
These tools help to diagnose problems related to certain kernel
parameters. Alarms can also be set to proactively tune the kernel.
+ Add/remove static drivers and DLKM modules to/from a kernel.
+ Modify static and dynamic tunable parameter values in the
kernel.
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
+ Reboot the system to make the static tunable values effective.
Networking and Communication [Toc] [Back]
+ Configure one or more LAN cards.
+ Configure ARPA services.
+ Configure the Network File System (NFS).
+ Configure X.25 card or cards, and PAD (Packet
Assembler/Disassembler) services (if X.25 has been purchased).
+ Configure DHCPv6 Server.
+ Configure default routes for the system.
+ Configure system clock and NTP server.
Peripheral Devices Management [Toc] [Back]
You can configure cards and devices from the Web-based HP-UX
Peripheral Device tool (pdweb) or from the HP-UX Peripheral Device
tool in Terminal User Interface (TUI) mode. The following activities
can be performed from this functional area:
+ Administer the LP spooler, associated printers, and plotters
(see "Printer and Plotter Management" below).
+ Add, modify, or remove the configuration of disk devices.
+ Add or remove terminals and modems.
+ Configure terminal security policies (Trusted Systems only).
+ Lock and unlock terminals (Trusted Systems only).
+ Add or remove tape drives.
+ View disk space information.
+ Add or replace some PCI cards online.
Printer and Plotter Management [Toc] [Back]
+ LP Spooler - Manage local, remote, and networked printers and
plotters.
Process Management [Toc] [Back]
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
+ Kill, stop or continue processes.
+ Change the nice priority of processes.
+ View the current status of processes.
+ Schedule periodic tasks via cron.
+ View current periodic (cron) tasks.
+ Run performance monitors.
+ Display system properties such as machine model and ID; number
of installed processors, their version and speed; operating
system release version; swap statistics, real, physical, and
virtual memory statistics; network connection information.
Remote Administration [Toc] [Back]
+ Configure remote systems for remote administration.
+ Execute SAM on systems configured for remote administration.
Routine Tasks [Toc] [Back]
+ Shut down the system.
+ View and remove large files. Specify size and time-sinceaccessed
of large files to display or remove.
+ View and remove unowned files. Specify size and time-sinceaccessed
of unowned files to display or remove.
+ View and remove core files.
+ View and trim ASCII or non-ASCII log files. Add or remove
files from the list of files to monitor. Set recommended size
for trimming.
User and Group Account Management [Toc] [Back]
+ Add, remove, view, and modify user accounts. SAM supports
shadow mode only for password aging. A standard HP-UX system
is converted to a shadow mode system by running the pwcon
man page and SAM's "Users
and Groups" subarea online help for more information.
Note: SAM does not support shadow mode on an NIS or NIS+
configuration.
Hewlett-Packard Company - 5 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
+ Modify a user account's group membership.
+ Set up password aging for a user account.
+ Add, remove, view, and modify groups.
+ Deactivate and reactivate user accounts.
+ Manage trusted system security policies on a per-user basis.
Adding New Functionality to SAM [Toc] [Back]
You can easily add stand-alone commands, programs, and scripts to SAM.
SAM is suspended while the executable program is running. When it
finishes, the SAM interface is restored. You can also write your own
help screen for each menu item you create. To add functionality to
SAM, select the "Add Custom Menu Item" or "Add Custom Menu Group"
action items from the SAM Areas menu. (Note that the new item is
added to the hierarchy that is currently displayed, so you need to
navigate to the desired hierarchy before adding the item.)
Restricted SAM [Toc] [Back]
SAM can be configured to provide a subset of its functionality to
certain users or groups of users. It can also be used to build a
template file for assigning SAM access restrictions on multiple
systems. This is done through the Restricted SAM Builder. System
administrators access the Restricted SAM Builder by invoking SAM with
the -r option (see "Options" above). In the Builder, system
administrators may assign subsets of SAM functionality on a per-user
or per-group basis. Once set up, the -f option (see "Options" above)
can then be used by system administrators to verify that the
appropriate SAM functional areas, and only those areas, are available
to the specified user.
A non-root user who has been given Restricted SAM privileges simply
executes the /usr/sbin/sam command and sees only those areas the user
is privileged to access. For security reasons, the "List" and "Shell
Escape" choices are not provided. (Note that some SAM functional
areas require the user to be promoted to root in order to execute
successfully. SAM does this automatically as needed.)
SAM provides a default set of SAM functional areas that the system
administrator can assign to other users. Of course, system
administrators are able to assign custom lists of SAM functional areas
to users as necessary.
SAM Logging [Toc] [Back]
All actions taken by SAM are logged into the SAM log file
/var/sam/log/samlog. The log entries in this file can be viewed via
the SAM utility samlog_viewer (see samlog_viewer(1)). samlog_viewer
can filter the log file by user name, by time of log entry creation,
and by level of detail.
Hewlett-Packard Company - 6 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
The "Options" menu in the SAM Areas menu enables you to start a log
file viewer and to control certain logging options. These options
include whether SAM should automatically invoke the log file viewer
whenever SAM is executed, whether SAM should trim the log file
automatically, and what is the maximum log file size that should be
enforced if automatic log file trimming is selected.
VT320 Terminal Support [Toc] [Back]
Because the VT320 terminal has predefined local functions for keys
labeled as F1, F2, F3 and F4, users should use following mapping when
they desire to use function keys:
HP or Wyse60 VT320 or HP 700/60 in VT320 mode
F1 PF2 (1)
F2 PF1 (1)
F3 spacebar
F4 PF3 (1)
F5 F10, [EXIT], F5 (2)
F6 none
F7 F18, first unlabeled key to right of
Pause/Break (2)
F8 F19, second unlabeled key to right of
Pause/Break (2)
(1) See the "Configuration: HP 700/60 in DEC mode, or DEC
terminals with PC-AT-type keyboard" subsection below.
(2) When using PC-AT keyboard with HP 700/60 in VT320 mode.
Since DEC terminals do not support the softkey menu, that menu is not
displayed on those terminals.
Many applications use TAB for forward navigation (moving from one
field to another) and shift-TAB for backward navigation. Users having
DEC terminals or using terminals in DEC emulation modes such as VT100
or VT320 may note that these terminals/emulators may produce the same
character for TAB and shift-TAB. As such, it is impossible for an
application to distinguish between the two and both of them are
treated as if the TAB key was pressed. This presents an inconvenience
to users if they want to go backward. In most cases, they should
complete rest of the input fields and get back to the desired field
later.
VT100 Terminal Support [Toc] [Back]
VT100 does not allow the F1-F8 function keys to be configured.
Therefore, the following keyboard mappings apply to VT100 terminals:
HP or Wyse60 VT100 or HP 700/60 in VT100 mode
Hewlett-Packard Company - 7 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
F1 PF2 (1)
F2 PF1 (1)
F3 spacebar
F4 PF3, spacebar or PF3, = (1)
F5 Return
F6 none
F7 none
F8 none
(1) See the "Configuration: HP 700/60 in DEC mode, or DEC
terminals with PC-AT-type keyboard" subsection below.
See the comments on softkeys and TAB keys in the "VT320 Terminal
Support" subsection above.
Configuration: HP 700/60 Terminal in DEC Mode, or DEC Terminal with PC-
AT-Type Keyboard
Customers using the following configuration may want to be aware of
the following keyboard difference.
It may be possible for a user with the "HP 700/60 terminal in DEC
mode, or DEC terminal with PC-AT-type keyboard" configuration to be
told to press function key F1 through F4 to achieve some desired
result. For an HP 700/60 terminal in DEC mode or DEC terminals, these
functions keys may be mapped onto PF1-PF4 keys. However, the PC-ATtype
keyboard does not provide PF1-PF4 keys, as does the DEC/ANSI
keyboard.
Key Maps to
Num Lock PF1
/ PF2
* PF3
- PF4
These keys are above the number pad on the right side of the keyboard.
Please note that although this keyboard is called a PC AT-type
keyboard, it is supplied by HP. A PC AT-type keyboard can be
recognized by location of Esc key at the left-top of the keyboard.
Wyse60 Terminal Support [Toc] [Back]
On Wyse60, use the DEL key (located next to Backspace) to backspace.
On an HP 700/60 with a PC AT-type keyboard in Wyse60 mode, the DEL key
is located in the bottom row on the number pad.
Wyse60 terminals provide a single line to display softkey labels
unlike HP terminals which provide two lines. Sometimes this may
result in truncated softkey labels. For example, the Help on Context
label for F1 may appear as Help on C. Some standard labels for
screen-oriented applications, such as SAM and swinstall are as
follows:
Hewlett-Packard Company - 8 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
The SAM label: May appear on the Wyse60 as:
Help On Context Help On C
Select/Deselect Select/D
Menubar on/off Menubar
DEPENDENCIES [Toc] [Back]
SAM runs in an X Window environment as well as on the following kinds
of terminals or terminal emulators:
+ HP-compatible terminal with programmable function keys and
on-screen display of function key labels.
+ VT-100 and VT-320
+ WY30 and WY60
Depending on what other applications are running concurrently with
SAM, more swap space may be required. SAM requires the following
amount of internal memory:
8 MB If using terminal based version of SAM.
16 MB If using Motif X Window version of SAM.
For more detailed information about how to use SAM on a terminal, see
the Managing Systems and Workgroups manual.
AUTHOR [Toc] [Back]
sam was developed by HP.
FILES [Toc] [Back]
/etc/sam/custom Directory where SAM stores user privileges
/etc/sam/rmfiles.excl File containing a list of files and
directories that are excluded from removal by
SAM
/etc/sam/rmuser.excl File containing a list of users that are
excluded from removal by SAM
/usr/sam/bin Directory containing executable files, which
can be used outside of any SAM session
/usr/sam/help/$LANG Directory containing SAM language specific
online help files
/usr/sam/lbin Directory containing SAM executables, which
are intended only for use by SAM and are not
supported in any other context
Hewlett-Packard Company - 9 - HP-UX 11i Version 2: Sep 2004
sam(1M) sam(1M)
/usr/sam/lib Directory for internal configuration files
/var/sam Directory for working space, including lock
files (if a SAM session dies, it may leave
behind a spurious lock file), preferences,
logging, and temporary files
/var/sam/log/samlog File containing unformatted SAM logging
messages. This file should not be modified
by users Use samlog_viewer to view the
contents of this file (see samlog_viewer(1))
/var/sam/log/samlog.old Previous SAM log file. This file is created
by SAM when /var/sam/log/samlog is larger
than the user specified limit. Use
samlog_viewer with its -f option to view the
contents of this file (see samlog_viewer(1))
SEE ALSO [Toc] [Back]
samlog_viewer(1), parmgr(1M), kcweb(1M), pdweb(1M).
These manuals are available on the Web at docs.hp.com:
+ Managing Systems and Workgroups
+ Installing and Administering Internet Services
+ Installing and Administering LAN/9000
+ Installing and Administering NFS Services
+ X.25/9000 User's Manual
Hewlett-Packard Company - 10 - HP-UX 11i Version 2: Sep 2004 [ Back ] |
