12.1 Why Use SAM?
12.2 Starting and Stopping SAM
12.3 A Sample SAM Session
12.4 SAM Log Files
12.5 Restricted Use of SAM by Non--Root Users
The System Administration Manager (SAM) is a tool that simplifies routine HP-UX system administration. It is available both in text and GUI modes. If you are running X-Windows, SAM automatically detects the presence of your GUI terminals and starts in graphical mode. In case you are using a text terminal, SAM starts in text or terminal mode. In the graphical mode, you can use your mouse to click on different icons related to a desired system administration tasks. In the text mode, SAM provides menus that can be used by pressing the and arrow keys to activate a particular option.
SAM is a very useful tool for day-to-day system administration jobs. At the same time, it can't do every job for a system administrator. Sometimes you will need to use commands manually for troubleshooting and specialized tasks. In this chapter, you will learn to use SAM in both text and graphical modes. You will learn how to start and stop SAM and how it looks when used in text or graphical mode. You will go through a sample session of creating a new user, where you will learn how to use SAM menus and navigate your system. Everything done in SAM is logged into a log file, and you will see some parts of this file. SAM is also useful to distribute system administration tasks among many people. At the end of the chapter, you will see how you can grant restricted access to non-root users who have a need to use SAM.
This is an introductory chapter about SAM. In the coming chapters, you will learn how different tasks are done with the help of this tool.
12.1 Why Use SAM?
SAM is designed to help system administrators perform routine tasks. With SAM, tasks that require a number of steps can be performed in a single step. It is the responsibility of SAM to execute actual commands for you. Briefly, the advantages of using SAM are as follows.
1. You get menus and icons. They are easy to use and less laborious than typing long commands manually.
2. SAM provides you with comprehensive details of your system. For example, you can see a list of installed printers and their properties. Similarly, by just clicking an icon, you are able to see all disks attached to your system. Another icon will show you network adapters and network configuration related to each adapter. It is very useful to know the existing system configuration before adding a new piece of hardware.
3. You don't need to remember complex commands used for routine tasks.
4. It provides a uniform interface on all HP-9000 series servers and workstations.
5. It gives you centralized control for your network, as you can run it remotely on any machine and view the result on your local GUI.
6. You can assign limited root access to users if you want to distribute system administration tasks. For example, if you want to assign printer management to one person and network management to another, SAM provides you with the facility to define restricted areas for users. A user can only go into that area of SAM assigned to him or her.
At the same time, it must be remembered that true system administration is a complex job—you need to know what is going on behind the scenes. Although SAM can add new users for you, you need to know how to add a user manually.
An essential part of system administration is troubleshooting. SAM is not designed for this purpose, as there are no hard and fast rules used for the purpose of troubleshooting. As a system administrator, it is your experience and depth of knowledge about HP-UX that will help you in the troubleshooting process.
12.2 Starting and Stopping SAM
When you start SAM, it checks what type of terminal you are using. If you are using a text-type terminal and the DISPLAY variable is not set, SAM starts in text mode and displays the menu-based text interface. If you are using a graphical terminal or console, SAM starts in graphical mode. You can start SAM on a remote system and view the GUI at your local graphical terminal by correctly setting the DISPLAY variable.
Starting and Stopping SAM in Text Mode
To start SAM, you use the sam command. As already mentioned, if you are using a text-type terminal, SAM will start in text mode. In the first screen, it will show you some instructions on how to use menus and help. The first screen that appears after starting SAM is shown in Figure 12-1.
Figure 12-1. SAM starting page in text mode.
Figure 12-1 shows basic instruction of how to use the , , and arrow keys. You can get more help by pressing whenever this message is displayed. If you press the key, the next screen is displayed that shows actual SAM menus. This is shown in Figure 12-2.
Figure 12-2. SAM menus in text mode.
In the top of the screen is the menu area where you can see the File, View, Options, Actions, and Help menus. You can activate a menu area by pressing the key. When you press the key, the File menu is activated. Then, by pressing the key, you can see the list of actions that can be performed
using this menu. You can use arrow keys or the key to move forward in the menus. The key combination is used for movement in the backward direction.
The remainder of the window shows the SAM functional areas and is divided into two columns. The first column is the Source column, which shows whether the area is a standard SAM component or one customized by the system administrator. The second column is a short description of the functionality provided by the component. SAM is organized in a tree structure such that minor functional groups are contained inside major groups. For example, Account for Users and Groups is a major area. Under this area, you can find options for separately managing users and groups. In this figure, a right arrow symbol at the end of a group shows that it contains other functional entities if you go inside it. It means that selecting this item will not perform any action but will lead to other items that may be used to perform an action.
SAM functional areas show the tasks that can be performed with the help of SAM. The built-in SAM areas are listed below.
• Auditing and Security
• Kernel and Device Configuration
• Networks and Communications
• Peripheral Device Management
• Printer and Plotter Management
• Process Management
• Remote System Administration
• Routine Tasks
• User and Group Account Management
• Backup and Recovery
• Disk and File System Management
• Display Management
• Performance Monitoring
• Software Management
• Time Server Management
In addition, you can build your own functional areas by customizing SAM. SAM also provides context-sensitive help that can be utilized at any time by pressing
the key combination. More help can be obtained using the Help menu. To stop SAM, you go to the File menu and use the Exit option.
Starting and Stopping SAM in GUI
If you are using a monitor capable of using the X-Window system and the DISPLAY variable is correctly set, SAM will start in graphical mode. Figure 12-3 shows part of a typical GUI window that is displayed just after starting SAM.
Figure 12-3. SAM in GUI mode.
You have the same menus in GUI as you have in the text mode. The functional area now contains icons. You can use your mouse to activate any menu by clicking the left mouse button on it. If you double-click on an icon in the functional area that represents an action, the action corresponding to that icon starts. If you double-click on an icon that represents a functional group, it will open the subgroups and action icons contained in that functional group.
12.3 A Sample SAM Session
Let's use SAM to create a new user on the system. To perform a certain job, you need to go to the proper SAM area. To manage users and groups, you need to go to the Accounts for Users and Groups area by double-clicking the left mouse button on this icon.
Creating a New User
Let's perform the job step-by-step. First of all, start SAM using the sam command. For this example, I assume that you are using SAM in GUI. You will see a window like the one shown in Figure 12-3. It may happen that all of the icons are not visible in the window. You can scroll up and down to navigate the icons by using the scroll bars.
Search for the Accounts for Users and Groups icon in the window. This is the SAM area used for user and group management. Double-click the left mouse button on this icon; you will see that the window is changed, and the two icons shown in Figure 12-4 appear in the window. The Groups icon is used for tasks related to the management of groups on your system, while the Users icon is for user management. The third icon, ..(go up), is used to go back to the previous screen.
Figure 12-4. SAM Accounts for Users and Groups functional area.
Double-click the left mouse button on the Users icon. You will see that a new window appears as shown in Fig. 12-5. This window lists all existing user accounts on your system. The window takes its information from the /etc/passwd and /etc/groups files. Here you can see login name, login IDs, group membership, and other information about each user. You can also modify an existing user by selecting that user with a single left-button mouse click and starting the proper action from the Actions menu.
Figure 12-5. SAM Users area.
Now click on the Actions menu without selecting any user and choose Add from this menu. When you click the left mouse button on this menu, the pull-down menu appears as shown in Figure 12-6.
Figure 12-6. SAM activating the Action menu.
As you can see from the figure, you can take actions to modify, deactivate, or remove an existing user. You can also change a user's group membership and modify his or her password. To add a new user, select the Add option and a new window appears. This is a form that you need to complete with information related to the new user. This window is shown in Figure 12-7.
Figure 12-7. SAM form for adding a user.
The first field is the login name. SAM will automatically select an available user ID and display it in the UID field of the form. However, you can change the user ID manually. Then you fill in the other information on the form. If the Create Home Directory box is checked, SAM will create a home directory for the user. The default shell is the POSIX shell, and you can change it to a shell desired for the user. The boxes that are marked Optional may be left blank. After filling out the form, you press the Apply button or the OK button. You will see a new window as shown, in Figure 12-8, where you have to enter a password twice for the new user. After you have entered the password, another window will appear showing that the user creation process is complete. This window is shown in Figure 12-9.
Figure 12-8. Entering a password for the newly created user.
Figure 12-9. Process of user creation is complete.
When you press the OK button in this window, the new user is listed in the user list, as shown in Figure 12-5. After that, you can quit using SAM using the Exit option from the File menu.
12.4 SAM Log Files
SAM keeps a record of all of its actions in a log file (SAMLOG). You can find the commands that SAM executed perform an operation in the /var/sam/log/samlog file. It contains entries as in the following.
Executing the following command:\C/usr/sbin/swlist -l
fileset -a state AdvJou
Command completed with exit status 0.
Exiting Task Manager with task com_execute_swlist_command.
Exiting Task Manager with task COM_IS_FILESET_LOADED.
Entering Task Manager with task KC_GET_DRIVERS.
Getting the kernel drivers/modules
Getting the state of one or more kernel device driver/
pseudo drivers that mat
Succeeded in getting the state of driver "vxadv".
Exiting Task Manager with task KC_GET_DRIVERS.
Entering Task Manager with task NNC_GET_INSTALL_STATUS.
Exiting Task Manager with task NNC_GET_INSTALL_STATUS.
Entering Task Manager with task nfs_check_remote_mounts.
Performing task "Checks if any remote file systems are
Executing the following command:\C/usr/sbin/mount|/usr/bin/
sed -n 's,^[^ ]* o
n \([^ :]*\):\([^ ]*\).*,\1 \2,p'\C
Command completed with exit status 0.
The raw data from SAMLOG is very difficult to read. More commonly, one would go into SAM and click Options, and then click View SAM Log to see a nicely formatted, easy-to-read SAMLOG. Figure 12-10 shows a typical window when the log file is viewed in this way. For a selective view, you can specify a time range or user name in this window.
Figure 12-10. SAM log view.
The log file grows as you continue using SAM. After a certain limit, SAM copies it to the samlog.old file and creates a new samlog file.
SAM comes with a utility, /usr/sam/bin/samlog_viewer, which can be used to view the log file in an efficient way. You can apply filters to data displayed by this utility. You can also specify a range of dates and times for displaying activity during that period. It is also possible to view the log of SAM usage by a particular user. For more information, consult the manual pages of samlog_viewer.
12.5 Restricted Use of SAM by Non-Root Users
By default, only root is allowed to use SAM. However, SAM can be configured to provide a subset of its functionality to some users or groups other than root. For this purpose, you need to log in as root and start SAM in the Restricted SAM Builder mode using the -r option. In the builder system, you can assign some of the SAM functions to a user. You can use the -f option with SAM to verify that this assignment is operational. For example, you can assign printer management to a particular user. When that user starts SAM in the usual way, he or she will see only those icons that are related to printer management. This is a very useful tool to give restricted root access to some system users for system management in a complex and large computing environment.
The System Administration Manager or SAM is a comprehensive and useful tool to carry out routine system administration tasks. This chapter started with an introduction to SAM and the advantages of using it. You learned that SAM can be used in both text and graphical modes. If you are using a text-type terminal, SAM automatically detects it and starts in text mode. On X-Window terminals, it starts in GUI mode. Then you found out how to start and stop it in both of these modes and what the important areas of the SAM window are. You also learned how to use menus. In the text mode, a menu can be invoked by pressing the key,
and menus can be navigated using the and arrow keys. In GUI, you used the mouse to perform actions.
You used SAM to create a new user in GUI. SAM records all of its commands in a log file, /var/sam/samlog. From SAM, you can click Options and then click View SAM Log to get information from this log file.
The restricted SAM builder is invoked by using the -r option and is used to grant restricted root access to some system users. This helps in distributing system administration tasks among many users in a complex computing environment.
Test Your Knowledge
SAM can't be used for:
A. HP-UX routine system administration
B. HP-UX troubleshooting
C. HP-UX network administration
D. HP-UX kernel reconfiguration
The SAM builder is used to:
A. compile SAM files
B. build the SAM database
C. grant restricted access to non-root users
D. build SAM menus and icons
The SAM log file is:
The utility for viewing the SAM log file is: