setkst Command
Purpose
Sets the entries in the kernel security tables (KST).
Syntax
Description
The setkst command reads the security databases and loads the information from the databases into the kernel security tables. By default, all of the security databases are sent to the KST. Alternatively, you can specify a specific database using the -t flag. If only the authorization database is the only one you specified, the role and privileged command databases are updated in the KST because they are dependent on the authorization database.
The setkst command checks the tables before updating the KST. If any severe error in the database is found, the setkst command warns the user by sending message to the stderr, and exits without resetting the KST. If a minor error is found in the database, a warning message is displayed, and the entry is skipped.
The setkst command is only functional if the system is operating in enhanced Role Based Access Control (RBAC) mode. If the system is not in enhanced RBAC mode, the command displays an error message and ends.
Flags
Item | Description |
---|---|
-b | Loads the KST with the information that is stored in the backup binary file on the system. If information in the binary file cannot be loaded, the tables are regenerated from the security databases. |
-l | Reads the loglevel attribute value from the
syslog stanza in the /etc/secvars.cfg file and updates the
loglevel attribute value to the kernel. The valid values for the
loglevel attribute are as follows: all , crit , and
none . Any invalid value for the loglevel attribute are ignored by
the setkst command. |
-q | Specifies quiet mode. Warning messages that occur are not displayed when the security databases are parsed. |
-t table1, table2 | Sends the specified security databases to the
KST. The parameter for the -t flag is a comma-separated list
of security databases. Values for this flag are as follows:
|
Security
Item | Description |
---|---|
aix.security.kst.set | Required to run the command. |
Files Accessed
File | Mode |
---|---|
/etc/security/authorizations | r |
/etc/security/privcmds | r |
/etc/security/privdevs | r |
/etc/security/roles | r |
/etc/security/domains | r |
/etc/security/domobjs | r |
/etc/secvars.cfg | r |
Examples
- To send all of the security databases to the KST, enter the following
command:
setkst
- To send the role and privileged command databases
to the KST, enter the following command:
setkst -t role,cmd
- To send the domain object and domain databases to the KST, enter
the following command:
setkst -t domobj,dom