Transcription
eTrust Access Control forWindows Reference Guider8 SP1
This documentation and any related computer software help programs (hereinafter referred to as the“Documentation”) is for the end user’s informational purposes only and is subject to change or withdrawal by CA atany time.This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or inpart, without the prior written consent of CA. This Documentation is confidential and proprietary information of CAand protected by the copyright laws of the United States and international treaties.Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the Documentation fortheir own internal use, and may make one copy of the related software as reasonably required for back-up anddisaster recovery purposes, provided that all CA copyright notices and legends are affixed to each reproduced copy.Only authorized employees, consultants, or agents of the user who are bound by the provisions of the license forthe product are permitted to have access to such copies.The right to print copies of the Documentation and to make a copy of the related software is limited to the periodduring which the applicable license for the product remains in full force and effect. Should the license terminate forany reason, it shall be the user’s responsibility to certify in writing to CA that all copies and partial copies of theDocumentation have been returned to CA or destroyed.EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT PERMITTED BYAPPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDINGWITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSEOR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANYLOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUTLIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLYADVISED OF SUCH LOSS OR DAMAGE.The use of any product referenced in the Documentation is governed by the end user’s applicable licenseagreement.The manufacturer of this Documentation is CA.Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to therestrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.2277014(b)(3), as applicable, or their successors.All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.Copyright 2006 CA. All rights reserved.
CA Product ReferencesThis document references the following CA products: eTrust Access Control (eTrust AC) eTrust Single Sign-On (eTrust SSO) eTrust Web Access Control (eTrust Web AC) eTrust CA-Top Secret eTrust CA-ACF2 eTrust Audit Unicenter TNG Unicenter Network and Systems Management (Unicenter NSM) Unicenter Software DeliveryContact Technical SupportFor online technical assistance and a complete list of locations, primary servicehours, and telephone numbers, contact Technical Support athttp://ca.com/support.
ContentsChapter 1: The selang Command Language11Command Notation Conventions . 11The selang Command Shell. 13Working in Different Environments . 14Function Keys . 16Help . 17Authorization . 18selang Syntax Conventions . 19selang Commands by Category . 20User Commands . 20Group Commands . 21Resource Commands . 23Advanced Policy Management Commands . 24Miscellaneous Commands . 25Chapter 2: selang Commands in the eTrust Environment27Working in the eTrust Environment . 27Command Reference for eTrust . 27authorize . 28check . 36checklogin . 38checkpwd . 40chfile / editfile / newfile . 42chgrp / editgrp / newgrp . 48chres / editres / newres . 58chusr / editusr / newusr . 77deploy . 92deploy- . 93environment . 94find . 95get devcalc . 96help. 98history . 100hosts. 101join . 103list . 105rename . 106Contents v
rmfile . 107rmgrp . 108rmres . 109rmusr . 110ruler . 111search . 112setoptions . 113showfile . 119showgrp. 121showres . 123showusr . 125source . 126start devcalc . 127Chapter 3: selang Commands in the Windows Environment129Working in the Windows Environment . 129Command Reference for Windows . 129authorize . 130chfile / editfile . 132chgrp / editgrp / newgrp . 134chres / editres / newres . 136chusr / editusr / newusr . 139environment . 145find . 146help. 147history . 147join . 148list . 148rmgrp . 149rmres . 149rmusr . 150search . 150setoptions . 151showfile . 152showgrp. 152showres . 153showusr . 153xaudit . 154Chapter 4: selang Commands in the Policy Model Environment157Working in the Policy Model Environment . 157vi Reference Guide
Command Reference for Policy Model Environment. 157createpmd . 158deletepmd . 159findpmd . 159listpmd . 160pmd . 161subs . 163subspmd . 164unsubs . 164Chapter 5: Utilities165Utilities . 165Utilities by Category . 165User Utilities . 166General Administration Utilities . 166Database Administration Utilities . 167Support Utilities . 167Utilities in Detail . 168dbmgr . 168dmsmgr . 179defclass . 182DictImport . 183eacpg gen . 184eACoexist . 188eACSigUpdate . 189eACSyncLockout . 190ExportTngDb . 191MigOpts . 192ntimport . 193policydeploy . 195policyreport . 197seaudit . 200sechkey . 209seclassadm . 211secons . 215segrace . 220SegraceW . 222selang . 224semsgtool . 229sepmd . 232sepropadm . 236sereport . 238Contents vii
seretrust . 243sesudo . 245Services in Detail . 245sepmdd . 246Chapter 6: eTrust Environment Classes and Properties251Class and Property Information . 252Accessor Classes . 253USER Class . 254GROUP Class . 263Resource Classes . 268ADMIN Class . 269AGENT Class . 274AGENT TYPE Class . 275APPL Class . 277AUTHHOST Class . 284CALENDAR Class . 289CATEGORY Class . 291CONNECT Class . 292CONTAINER Class . 297DICTIONARY Class . 303DOMAIN Class . 304FILE Class . 309GAPPL Class . 316GAUTHHOST Class . 319GFILE Class . 322GHOST Class . 327GSUDO Class . 330GTERMINAL Class . 333HNODE Class . 337HOLIDAY Class . 340HOST Class . 345HOSTNET Class . 348HOSTNP Class . 351MFTERMINAL Class. 354POLICY Class . 359PROCESS Class . 360PROGRAM Class . 366PWPOLICY Class . 373REGKEY Class . 375RESOURCE DESC Class . 380RESPONSE TAB Class . 381viii Reference Guide
RULESET Class . 382SECFILE Class . 383SECLABEL Class . 386SEOS Class . 388SPECIALPGM Class . 393SUDO Class . 397SURROGATE Class . 403TCP Class . 408TERMINAL Class . 413UACC Class . 418USER ATTR Class . 422USER DIR Class . 424User Defined Classes . 426Unicenter TNG User-Defined Classes . 427Chapter 7: Windows Environment Classes and Properties429Class and Property Information . 429Accessor Classes and Properties . 429USER Class . 430GROUP Class . 436Resource Classes and Properties . 438COM Class . 438DEVICE Class . 440DISK Class . 442DOMAIN Class . 445FILE Class . 447OU Class .
eTrust Access Control for Windows . This documentation and any related computer software help programs (hereinafter referred to as the “Documentation”) is for the end user’s informational purposes only
