Each time your system is rebooted (and after fsck is run if your system was brought down unexpectedly) the system automatically checks critical security database files. The messages appear.as follows:
Checking tcb ..•
Checking auth database ...
Checking protected subsystems database ...
Checking ttys database ...
This checking is done to avoid problems with gaining access to your system.
In the rare case where a file is missing, you are alerted to this fact and asked to restore the file from backups.
When the system is halted suddenly by power or hardware failures, some filesystem damage can occur. Such damage can result in the removal of secu-rity database files, or can leave these files in an interim state if they were being updated at the time of the system crash. Whenever a reboot occurs, the sys-tem runs a series of programs to check the status of the database files. When the system terminates abnormally and is rebooted, this check is performed after fsck(ADM) is run on the root filesystem, and before entering multiuser mode. This check proceeds as follows:
1. The script /ete/smmek (system maintenance mode checker) runs the tcbck(ADM) program to clean up any database files that were left in an interim state while being updated.
When a security database file is updated, the contents of the old file (file) is copied or updated to create the new -t file (file-t). Next, the old file (file) is moved to a -0 file (file-o), and the new file (file-t) is moved to the original name (file). When this process is interrupted, -0 and -t files are left and must be reconciled before the system will function properly.
tcbck first resolves any -t and -0 files left in /ete/auth/system, /ete/auth/subsystems,/teb/files/auth/* directories, and the /ete/passwd and the fete/group files. If there are multiple versions of a file, the extra files must be removed. This is done automatically as follows:
A. If file, file-o, and file-t exist and file is not zero length, then file-t and file-o are removed.
B. If file and file-t exist then file-t is removed.
C. If only file-t exists, then it is moved to file.
D. If only file-o exists, then it is moved to file.
If scenario C occurs, a message similar to the following is displayed:
/etc/tcbck: file file missing, saved file-t as file
This is done because the -t file is the modified version of the original file and could have been damaged; it is likely that this file does not contain all the entries of the original. This message is repeated for all files found in that state in the specified directories. (The -0 files are not suspect because they are the original versions of the files renamed prior to updating.)
WARNING If you do not have backups and the files fete/group and
Starting the system
2. Next, tcbck checks that key system files are present and that they are not of zero length. If a file is missing (or zero length), then a message similar to that shown below is displayed:
letc/tcbck: file fik is missing or zero length
This process is repeated for each of the following files:
/etc/au th/system/defau Itt /etc/auth/system/files /etc/auth/system/devassign jetc/auth/system/authorizet /tcb/files/auth/r/roott jete/group
/etc/passwdt
When this process is complete, if any files were missing, or empty -t files were substituted for real files, the following message is displayed:
letc/smmck: restore missing files from backup or distribution.
NOTE Corrupted files are not detected by tcbck, but other error mes-sages are displayed; these mesmes-sages are described in "Resolving security-related error messages" in the ''Troubleshooting your system"
chapter of this guide.
3. If critical database files are removed or corrupted (files marked with a dagger), then the system enters maintenance mode automatically without asking for the root password. (While this might seem like a security breach, remember that the system itself must be under lock and key or it is not secure anyway.) The messages appear as follows:
INIT: SINGLE USER MODE
Security databases are corrupt.
Starting root shell on console to allow repairs.
Entering System Maintenance Mode
If no critical database files are missing, you are prompted to choose sys-tem maintenance mode or normal operation.
4. If you find that files must be restored, your first option is to restore the files from your backups. The second option is to restore the files from the UNIX system distribution media.
For example, if the system reported that the file fete/group was missing and you had a backup of the root filesystem that was created using sysadmsh(ADM), you would use the Backups ¢ Restore ¢ Partial selec-tion and restore the file. If backups are unavailable, you will have to use the distribution files.
NOTE If you must restore the file /tr:b/files/auth/r/root from your distri-bution, retrieve volume N2 and insert it into your floppy drive, then enter the following commands:
cd Itcb/files/r
mount -r Idev/install Imnt cp Imntltcb/files/r/root •
5. Use custom(ADM) to restore any missing files. You can restore only one file at a time; do not try to specify more than one file. When you have restored all the necessary files, exit custom and press (CtrI)d. You are then prompted to enter system maintenance mode or normal operation.
Press (Ctrl)d again.
6. tcbck then removes the files /ete/auth/system/pw_id_map and /etc/auth/system/gr _id_map because the modification times of these files are compared with those of /ete/passwd and fete/group, and problems can occur when the system clock is reset. tcbck then tries to rebuild the map files using cps(ADM). If this fails then either the File Control database (/ete/auth/system/files) is missing, or the the File Control database entry for II I" is missing, or there are syntax errors in /ete/passwd or fete/group.
7. After the system enters multiuser mode ("INIT: New run level: 2" is dis-played) and you are prompted to set the system clock, /ete/authekre is reinvoked. If any missing files are found, warnings similar to the ones shown previously are displayed, followed by the message shown below:
/etc/tcbck: file file is missing or zero length
/etc/authckrc: Log in on the OVERRIDE tty and restore the missing files from a backup or the distribution disks.
This means that you missed some files earlier. These files will have to be replaced when the system comes up in multiuser mode and you are allowed to log in. Write down the names of the missing files at this stage.
Starting the system
9. Next, the following message is displayed:
Checking protected subsystem database
The authck(ADM) program is run. The Protected Subsystem database files are checked to ensure that they correctly reflect the subsystem authorization entries in the Protected Password database. Each name listed in each subsystem file is verified against the Protected Password entry with the same name, so that no authorization is inconsistent between the files. Also, each Protected Password entry is scanned to verify that all the privileges listed are reflected in the Protected Subsys-tem database. If any inconsistencies are found, you are asked if you want them fixed automatically:
There are discrepancies between the databases.
Fix them (Y or N)?
The error messages are found in the authck(ADM) manual page.
NOTE If the system is autobooting (AUTOBOOT=YES appears in /etc/default/boot), then authck(ADM) is called noninteractively. Warn-ings are displayed about inconsistencies found but authck is not given the opportunity to fix them. The transition to the multiuser operation then proceeds as normal.
10. Next, you see the following message:
Checking ttys database ••.
ttyupd(ADM) is run to ensure that all ttys in /etc/inittab have entries in the Terminal Control database (fetc/auth/system/ttys).
11. The system is now up and ready for logins. If any files were reported missing, you must now log in on the override terminal to restore them, following the same procedure outlined earlier. By default, the override terminal is defined as ttyOl, also knownas the first multiscreen. If you removed the default entry in /etc/default/login, you will have to shut the system off, reboot and enter single-user mode, and restore the files that way. When you log in on the override tty, the following message is dis-played:
The security databases are corrupt.
However, root login at terminal ttyOl is allowed.