[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference turris::digital_unix

Title:DIGITAL UNIX(FORMERLY KNOWN AS DEC OSF/1)
Notice:Welcome to the Digital UNIX Conference
Moderator:SMURF::DENHAM
Created:Thu Mar 16 1995
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:10068
Total number of notes:35879

8584.0. "C2 and /tcb/files/auth" by RHETT::SMITH () Fri Jan 24 1997 13:25

    Hi.
    
    With version 4.0 of unix running enhanced security, the
    /tcb/files/auth/some_letter directories and files are
    still created, even though the authentication database
    is now auth.db.  Is there some reason for this?  Is it
    for backwards compatibility or future use, or is it
    simply because no one changed the code?  Can these
    directories and files be deleted without impacting the
    system or enhanced security?
    
    Thanks in advance for any response.
    Janice
T.RTitleUserPersonal
Name		DateLines
8584.1Read convauth(8)NETRIX::"[email protected]"John McNultySun Jan 26 1997 09:3924
From the convauth(8) man page:

  DESCRIPTION

  The convauth utility is used to convert existing ASCII system authorization
  database files to DB format for faster access and updates.  In the case of
  the ttys and user-profile data, this greatly improves the performance of
  login when using ENHANCED security.

Use of the DB databases is the default on V4.0, whether this means you can
delete the a-z directories or not, I don't know.  But 26 empty directories
isn't going to make much difference to the system.

If you want to go back to using ASCII text file though, convauth(8) can do
that for you too.  It can transport the data in both directions.

BTW, you might want to read up on the related commands, convuser(8), 
edauth(8), authck(8).  Get used to using edauth particularly, as it's
the only tool you can use in a disaster-recovery situation to manipulate
the TCB database files.

John

[Posted by WWW Notes gateway]
8584.2deleting the directories is the questionRHETT::SMITHMon Jan 27 1997 10:3912
    
    I'm quite familiar with convauth and convuser.  My question was
    whether those directories could be deleted.  The directories,
    by the way, are not empty: they contain .proto and .new files as
    well as accounts for some of the system entries (such as adm and
    root).
    
    
    Thanks,
    Janice
8584.3GERUND::WOLFEI'm going to huff, and puff, and blow your house downMon Jan 27 1997 12:419
The fact that they contain .proto and .new files means that deleting
the dirs might screw up subsequent upgrade installs. Not sure though. 
I do not believe these dirs are used at all as of V4.0. They 
caused serious system performance problems and were replaced with a 
dbm style "database" file.  Of course if you upgrade installed from 
3.whatever to V4.0, they are still in use unless/until some conversion 
is performed. I'm sure that is documented in the security book somewhere. 

			pete
8584.4correctRHETT::SMITHThu Jan 30 1997 15:5013
    You're right about the upgrade, Pete.  (That's what convauth does:
    converts from the old authentication, /tcb/files/auth/some_letter
    to the new auth.db.)  But after the conversion (or if the user in-
    stalls from scratch), do those directories and files have any
    function, or are they simply holdovers from the previous code?
    
    I know it's fairly trivial, but I've got a user who's dying to
    find out.
    
    
    Thanks,
    Janice