HP-UX Reference (11i v2 03/08) - 1M System Administration Commands N-Z (vol 4)
s
sam(1M) sam(1M)
• Manage trusted system security policies on a per-user basis.
Adding New Functionality to SAM
You can easily add stand-alone commands, programs, and scripts to SAM. SAM is suspended while the
executable program is running. When it finishes, the SAM interface is restored. You can also write your
own help screen for each menu item you create. To add functionality to SAM, select the "Add Custom
Menu Item" or "Add Custom Menu Group" action items from the SAM Areas menu. (Note that the new
item is added to the hierarchy that is currently displayed, so you need to navigate to the desired hierar-
chy before adding the item.)
Restricted SAM
SAM can be configured to provide a subset of its functionality to certain users or groups of users. It can
also be used to build a template file for assigning SAM access restrictions on multiple systems. This is
done through the Restricted SAM Builder. System administrators access the Restricted SAM Builder by
invoking SAM with the
-r option (see "Options" above). In the Builder, system administrators may
assign subsets of SAM functionality on a per-user or per-group basis. Once set up, the
-f option (see
"Options" above) can then be used by system administrators to verify that the appropriate SAM functional
areas, and only those areas, are available to the specified user.
A non-root user who has been given Restricted SAM privileges simply executes the
/usr/sbin/sam
command and sees only those areas the user is privileged to access. For security reasons, the "List" and
"Shell Escape" choices are not provided. (Note that some SAM functional areas require the user to be pro-
moted to root in order to execute successfully. SAM does this automatically as needed.)
SAM provides a default set of SAM functional areas that the system administrator can assign to other
users. Of course, system administrators are able to assign custom lists of SAM functional areas to users
as necessary.
SAM Logging
All actions taken by SAM are logged into the SAM log file /var/sam/log/samlog
. The log entries in
this file can be viewed via the SAM utility
samlog_viewer
(see samlog_viewer(1)). samlog_viewer
can filter the log file by user name, by time of log entry creation, and by level of detail.
The "Options" menu in the SAM Areas menu enables you to start a log file viewer and to control certain
logging options. These options include whether SAM should automatically invoke the log file viewer
whenever SAM is executed, whether SAM should trim the log file automatically, and what is the max-
imum log file size that should be enforced if automatic log file trimming is selected.
VT320 Terminal Support
Because the VT320 terminal has predefined local functions for keys labeled as F1, F2, F3 and F4, users
should use following mapping when they desire to use function keys:
HP or Wyse60 VT320 or HP 700/60 in VT320 mode
F1 PF2 (1)
F2 PF1 (1)
F3 spacebar
F4 PF3 (1)
F5 F10, [EXIT], F5 (2)
F6 none
F7 F18, first unlabeled key to right of Pause/Break (2)
F8 F19, second unlabeled key to right of Pause/Break (2)
(1) See the "Configuration: HP 700/60 in DEC mode, or DEC terminals with PC-AT-type key-
board" subsection below.
(2) When using PC-AT keyboard with HP 700/60 in VT320 mode.
Since DEC terminals do not support the softkey menu, that menu is not displayed on those terminals.
Many applications use TAB for forward navigation (moving from one field to another) and shift-TAB for
backward navigation. Users having DEC terminals or using terminals in DEC emulation modes such as
VT100 or VT320 may note that these terminals/emulators may produce the same character for TAB and
shift-TAB. As such, it is impossible for an application to distinguish between the two and both of them
are treated as if the TAB key was pressed. This presents an inconvenience to users if they want to go
backward. In most cases, they should complete rest of the input fields and get back to the desired field
later.
Section 1M−−716 Hewlett-Packard Company − 4 − HP-UX 11i Version 2: August 2003