tcbck(ADM) 19 June 1992 tcbck(ADM) Name tcbck, smmck, authckrc - trusted computing base checker single-user mode tcb check script multi-user mode tcb check script Syntax tcbck Description tcbck checks the files in the trusted computing base for files that were caught in the process of being updated when the system went down, and for files that have been removed. tcbck is invoked by the scripts smmck dur- ing system maintenance mode, and by authckrc when the system enters multi-user mode. The check proceeds as follows: 1. smmck runs tcbck to clean up any database files that were left in an interim state while being updated (files are created with -o (old) and -t (new) suffixes, respectively). When this process is inter- rupted, -o and -t files are left and must be reconciled before the system will function properly. tcbck checks the /etc/auth/system, /etc/auth/subsystems, /tcb/files/auth/* directories and the /etc/passwd and the /etc/group files. If there are multiple versions of a file, the extra files are removed. When a -t file is found, the following is displayed: /etc/tcbck: file file missing, saved file-t as file This message is repeated for all files found in that state in the specified directories. 2. tcbck then checks that key system files are present and that they are not of zero length. If a file is missing (or zero length) then a message similar to this is displayed: /etc/tcbck: file file is missing or zero length This process is repeated for each of the following files: /etc/auth/system/default + /etc/auth/system/files /etc/auth/system/devassign /etc/auth/system/authorize + /tcb/files/auth/r/root + /etc/group /etc/passwd + When this process is complete, if any files were missing or empty -t files were substituted for real files, the following message is dis- played: /etc/smmck: restore missing files from backup or distribution. 3. If critical database files have been removed or corrupted (files marked with a dagger +) in the previous file list are considered critical) then the system enters maintenance mode automatically without asking for the root password. If no critical database files were lost, the system prompts for maintenance mode or normal opera- tion. 4. tcbck then removes the files /etc/auth/system/pw_id_map and /etc/auth/system/gr_id_map because the modification times of these files are compared with those of /etc/passwd and /etc/group and prob- lems can occur when the system clock is reset. tcbck then tries to rebuild the map files using cps(ADM). If this fails then either the File Control database (/etc/auth/system/files) is missing, or the the File Control database entry for ``/'' is missing, or there are syntax errors in /etc/passwd, or /etc/group. 5. After the system goes to init level 2, authckrc reinvokes tcbck to confirm that the files reported missing previously have been restored: Any missing files are listed, followed by this message: /etc/authckrc: Log in on the OVERRIDE tty and restore the missing files from a backup or the distribution disks. Missing files will have to be replaced when the system comes up multi-user. 6. authckrc then runs passwdupd(ADM) to check that all users in /etc/passwd have Protected Password database entries. authck(ADM) is then run to check the subsystem databases for errors. Any errors found are repaired automatically. Finally, ttysupd(ADM) is run to check that all ttys in /etc/inittab have entries in the Terminal Con- trol database (/etc/auth/system/ttys). Notes authckrc, tcbck, and smmck can only be run as root. Value added tcbck is an extension of AT&T System V provided by The Santa Cruz Opera- tion, Inc.