Managing Systems and Workgroups: A Guide for HP-UX System Administrators
Administering a System: Managing System Security
Configuring NFS Diskless Clusters for Trusted Systems
Chapter 8812
chmod 500 /export/private_roots/CL_NAME/.secure/etc
mkdir /export/private_roots/CL_NAME/tcb
chgrp sys /export/private_roots/CL_NAME/tcb
chmod 555 /export/private_roots/CL_NAME/tcb
mkdir /export/private_roots/CL_NAME/tcb/files
chgrp sys /export/private_roots/CL_NAME/tcb/files
chmod 771 /export/private_roots/CL_NAME/tcb/files
mkdir /export/private_roots/CL_NAME/tcb/files/auth
chgrp sys /export/private_roots/CL_NAME/tcb/files/auth
chmod 771 /export/private_roots/CL_NAME/tcb/files/auth
cp /usr/newconfig/tcb/files/ttys \
/export/private_roots CL_NAME/tcb/files/ttys
chgrp sys /export/private_roots/CL_NAME/tcb/files/ttys
chmod 664 /export/private_roots/CL_NAME/tcb/files/ttys
cp /usr/newconfig/tcb/files/devassign \
/export/private_roots/CL_NAME/tcb/files/devassign
chgrp root
/export/private_roots/CL_NAME/tcb/files/devassign
chmod 664 /export/private_roots/CL_NAME/tcb/files/devassign
2. Edit each client’s fstab file, named:
/export/private_roots/CL_NAME/etc/fstab
3. Add the following line:
SV_NAME.FULLY.QUALIFIED:/tcb/files/auth /tcb/files/auth nfs rw,hard 0 0
4. Run SAM on the server, converting the system to a Trusted System.
5. Add the following line to the server’s /etc/exports file:
/tcb/files/auth -root=CL_NAME.FULLY.QUALIFIED
If there is more than one client, modify the line to:
/tcb/files/auth -root=CL_NAME1.FULLY.QUALIFIED:...:CL_NAME
n
.FULLY.QUALIFIED
6. After modifying the /etc/exports file system, execute the following
command:
exportfs -a
7. The clients can now be rebooted.