1tnchkdb(1M) System Administration Commands tnchkdb(1M)
2
6 tnchkdb - check file syntax of trusted network databases
7
9 /usr/sbin/tnchkdb [-h path] [-t path] [-z path]
10
13 tnchkdb checks the syntax of the tnrhtp, tnrhdb, and tnzonecfg data‐
14 bases. By default, the path for each file is:
15 o /etc/security/tsol/tnrhtp
17 o /etc/security/tsol/tnrhdb
19 o /etc/security/tsol/tnzonecfg
21 You can specify an alternate path for any or all of the files by speci‐
24 fying that path on the command line by using the -h (tnrhdb), -t
25 (tnrhtp) and -z (tnzonecfg) options. The options are useful when test‐
26 ing a set of modified files before installing the files as new system
27 databases.
28 All three database files are checked for integrity. tnchkdb returns an
31 exit status of 0 if all of the files are syntactically and, to the
32 extent possible, semantically correct. If one or more files have
33 errors, then an exit status of 1 is returned. If there are command line
34 problems, such as an unreadable file, an exit status of 2 is returned.
35 Errors are written to standard error.
36 To avoid cascading errors, when there are errors in tnrhtp, the tem‐
39 plate names in tnrhdb are not validated.
40 tnchkdb can be run at any label, but the standard /etc/security/tsol
43 files are visible only in the global zone.
44
46 -h [ path ] Check path for proper tnrhdb syntax. If path is not
47 specified, then check /etc/security/tsol/tnrhdb.
48 -t [ path ] Check path for proper tnrhtp syntax. If path is not
51 specified, then check /etc/security/tsol/tnrhtp.
52 -z [ path ] Check path for proper tnzonecfg syntax. If path is not
55 specified, then check /etc/security/tsol/tnzonecfg.
56
59 Example 1 Sample Error Message
60 The tnchkdb command checks for CIPSO errors. In this example, the
63 admin_low template has an incorrect value of ADMIN_HIGH for its default
64 label.
65 # tnchkdb
68 checking /etc/security/tsol/tnrhtp ...
69 tnchkdb: def_label classification 7fff is invalid for cipso labels:
70 line 14 entry admin_low
71 tnchkdb: def_label compartments 241-256 must be zero for cipso labels:
72 line 14 entry admin_low
73 checking /etc/security/tsol/tnrhdb ...
74 checking /etc/security/tsol/tnzonecfg ...
75
79 /etc/security/tsol/tnrhdb
80 Trusted network remote-host database
82 /etc/security/tsol/tnrhtp
85 Trusted network remote-host templates
87 /etc/security/tsol/tnzonecfg
90 Trusted zone configuration database
92
95 See attributes(5) for descriptions of the following attributes:
96 ┌─────────────────────────────┬─────────────────────────────┐
101 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
102 ├─────────────────────────────┼─────────────────────────────┤
103 │Availability │SUNWtsu │
104 ├─────────────────────────────┼─────────────────────────────┤
105 │Interface Stability │See below. │
106 └─────────────────────────────┴─────────────────────────────┘
107 The command line is Committed. The output is Uncommitted.
110
112 tnd(1M), tnctl(1M), attributes(5)
113 How to Check the Syntax of Trusted Network Databases in Solaris Trusted
116 Extensions Administrator's Procedures
117
119 The functionality described on this manual page is available only if
120 the system is configured with Trusted Extensions.
121 It is possible to have inconsistent but valid configurations of tnrhtp
124 and tnrhdb when LDAP is used to supply missing templates.
125SunOS 5.11 20 Jul 2007 tnchkdb(1M)