Starting and stopping the system

Checking the security databases

Each time your system is rebooted (and after fsck is run if your system was brought down unexpectedly) the system automatically checks critical security database files. The messages are:

   Checking tcb ...
   Checking protected password and protected subsystems databases ...
   Checking ttys database ...
This checking is done to avoid problems with access to your system. In the rare case where a file is missing, you are alerted to this fact and asked to restore the file from backups (or it may be necessary to repair broken symbolic links).

When the system is halted suddenly by power or hardware failures, some filesystem damage can occur. Damage can cause the removal of security database files, or can leave these files in an interim state if they were being updated at the time of the system crash. Whenever a reboot occurs, the system runs a series of programs to check the status of the database files. When the system terminates abnormally and is rebooted, this check is performed after fsck(ADM) is run on the root filesystem, and before entering multiuser mode.

The system follows these steps:

  1. The script /etc/smmck (system maintenance mode checker) runs the tcbck(ADM) program to clean up any database files that were left in an interim state while being updated.

    When a security database file is updated, the contents of the old file (file) is copied or updated to create the new ``-t'' file (file-t). Next, the old file (file) is moved to a ``-o'' file (file-o), and the new file (file-t) is moved to the original name (file). When this process is interrupted, ``-o'' and ``-t'' files are left and must be reconciled before the system will function properly. tcbck first resolves any ``-t'' and ``-o'' files left in the /etc/auth/system, /etc/auth/subsystems, and /tcb/files/auth/* directories and the /etc/passwd and the /etc/group files. If there are multiple versions of a file, the extra files must be removed. This is done automatically as follows:

    If file, file-o, and file-t exist and file is not zero length (empty), then file-t and file-o are removed.

    If file and file-t exist then file-t is removed.

    If only file-t exists, then it is moved to file.

    If only file-o exists, then it is moved to file.

    If scenario c. occurs, a message similar to this is displayed:

       /etc/tcbck: file file missing, saved file-t as file
    This is done because the ``-t'' file is the modified version of the original file and could have been damaged; it is likely that this file does not contain all the entries of the original. This message is repeated for all files found in that state in the specified directories. (The ``-o'' files are not suspect because they are the original versions of the files renamed prior to updating.)

  2. tcbck checks that key system files are present and that they are not empty. If a file is missing (or empty), then a message similar to this is displayed:
       /etc/tcbck: file file is missing or zero length
    This process is repeated for each of these files (critical TCB files are marked with a +):

    /etc/auth/system/default +
    /etc/auth/system/authorize +
    /tcb/files/auth/r/root +
    /etc/passwd +

    When this process is complete, if any files were missing, or empty ``-t'' files were substituted for real files, this message is displayed:

       /etc/smmck: restore missing files from backup or distribution.
    If either /etc/passwd or /etc/group is missing, this message is displayed:
       /etc/tcbck: either slash (/) is missing from /etc/auth/system/files or there
       	are malformed entries in /etc/passwd or /etc/group

    NOTE: You can ignore any warnings that /tcb/files/auth/r/root is missing. Enter exit when the root prompt is displayed and authck will later repair this file as described in step 6.

    Corrupted files are not detected by tcbck, but other error messages may be displayed that are described in ``Troubleshooting system security''.

  3. If critical database files are missing or corrupted, then the system enters maintenance mode automatically without asking for the root password. These messages are displayed:
       Security databases are corrupt.
       Starting root shell on console to allow repairs.
       Entering System Maintenance Mode
    If no critical database files are missing, you are prompted to choose system maintenance mode or normal operation. If files are reported missing, write them down and follow the instructions in ``Restoring critical security database files''.

  4. tcbck removes the files /etc/auth/system/pw_id_map and /etc/auth/system/gr_id_map because the modification times of these files are compared with those of /etc/passwd and /etc/group, and problems can occur when the system clock is reset. tcbck then tries to rebuild the map files using cps(ADM). If this fails, then either the File Control database (/etc/auth/system/files) is missing, or the File Control database entry for ``/'' is missing, or there are syntax errors in /etc/passwd or /etc/group.

  5. After the system enters multiuser mode (INIT: New run level: 2 is displayed) and you are prompted to set the system clock, /etc/authckrc is reinvoked. If any missing files are found, warnings similar to the ones shown previously are displayed, followed by the message shown below:
       /etc/tcbck: file file is missing or zero length
       /etc/authckrc: Log in on the OVERRIDE tty and restore
       the missing files from a backup or the distribution disks.
    This means that files are still missing. These files will have to be replaced when the system comes up in multiuser mode and you are allowed to log in. Write down the names of the missing files and follow the instructions in ``Restoring critical security database files''.

    If /etc/passwd or /etc/group are missing, the following messages is displayed at startup (the first if /etc/passwd is missing, the second if /etc/group is missing):

       su: Unknown id: bin
       su: Cannot setgid to auth, no auth entry

  6. The message is displayed:
       Checking protected password and protected subsystems databases ...

    The authck(ADM) program is run to make certain that all users listed in /etc/passwd have Protected Password database entries. If any are missing, they are created as needed if you respond y to this prompt:

       There are errors for this user
       Fix them (y/n)?

    The Protected Subsystem database files are then checked to ensure that they correctly reflect the subsystem authorization entries in the Protected Password database. Each name listed in each subsystem file is verified against the Protected Password entry with the same name to ensure that authorizations are consistent between the files. In addition, each Protected Password entry is scanned to verify that all the privileges listed are reflected in the Protected Subsystem database. If any inconsistencies are found, you are asked if you want them fixed automatically:

       There are discrepancies between the databases.
       Fix them (Y or N)?
    You may see that many discrepancies are reported and repaired by this process -- this is normal.

    NOTE: If the system is set to restart automatically when an operator is not present (``AUTOBOOT=YES'' appears in /etc/default/boot), then authck(ADM) is called noninteractively. Warnings are displayed about inconsistencies found but authck is not given the opportunity to fix them. The transition to the multiuser operation then proceeds as normal.

    See ``Database consistency checking: authck(ADM) and addxusers(ADM)'' for information on running authck manually.

  7. You see this message:
       Checking ttys database ...
    ttyupd(ADM) is run to ensure that all ttys in /etc/inittab have entries in the Terminal Control database (/etc/auth/system/ttys).

  8. The system should be up and ready for logins. If any files were reported missing, you must now log in on the override terminal to restore them, following the same procedure outlined earlier. By default, the override terminal is defined as tty01, also known as the first multiscreen. If you removed the default entry in /etc/default/login, you will have to shut the system off, reboot and enter single-user mode, and restore the files that way. When you log in on the override tty, this message is displayed:
       The security databases are corrupt.
       However, root login at terminal tty01 is allowed.

Next topic: Stopping the system
Previous topic: Changing the system time zone

© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003