sec_create_db(8sec)
Registry database creation utility
Synopsis
sec_create_db {-master | -slave}
-my[name] my_server_name
[-cr[eator] creator_name]
[-cu[nix_id] creator_unix_id]
[-g[roup_low_id] g_unix_id]
[-k[eyseed] keyseed]
[-ma[x_unix_id] max_unix_id]
[-o[rg_low_unix_id] o_unix_id] [-pa[ssword] default_password]
[-p[erson_low_unix_id] p_unix_id]
[-u[uid] cell_uuid]
[-v[erbose]]
Options
{-master | -slave}
Specifies whether the database for the master replica should be created (-master) or a database for a slave replica should be created
(-slave). All other sec_create_db options can be used with the -master option. Only the -myname, -keyseed, and -verbose options can be used
with the -slave option.
-my[name]
Specifies the name that the Directory Service uses to locate the machine on which the cells security server is running.
-cr[eator]
Specifies the principal name of the initial privileged user of the registry database (known as the registry creator).
-cu[nix_id]
Specifies the UNIX ID of the initial privileged user of the registry database. If you do not enter the UNIX ID, it is assigned dynamically.
-g[roup_low_unix_id]
Specifies the starting point for UNIX IDs automatically generated by the Security Service when groups are added with the rgy_edit command.
k[eyseed]
Specifies a character string used to seed the random key generator in order to create the master key for the database you are creating. It should be string that
cannot be easily guessed. The master key is used to encrypt all account passwords. Each instance of a replica (master or slave) has its own master key. You can change the master key using the
sec_admin command.
ma[x]
Specifies the highest UNIX ID that can be assigned to a principal, group, or organization.
-o[rg_low_unix_id]
Specifies the starting point for UNIX IDs automatically generated by the Security Service when organizations are added with the rgy_edit command.
-pa[ssword]
The default password assigned to the accounts created by sec_create_db, including the account for the registry creator. If you do not specify a default
password, -dce- is used. (Note that the hosts/local_host/self none none, krbtgt/cell_name none none, and nobody none none
accounts are not assigned the default password, but instead a randomly generated password.)
-p[erson_low_unix_id]
Specifies the starting point for UNIX IDs automatically generated by the Security Service when principals are added with the rgy_edit command.
-u[uid]
Specifies the cells UUID. If you do not enter this UUID, it is assigned dynamically.
-v[erbose]
Specifies that sec_create_db run in verbose mode and displays all activity.
Description
The sec_create_db tool creates new master and slave databases in dcelocal/var/security/rgy_data on the machine from which sec_create_db is run. Usually, these databases are created only once by the system configuration tool, dce_config. However, you can use sec_create_db if you need to re-create the master or a slave database from scratch. You must be root to invoke sec_create_db.
The sec_create_db -master option creates the master database on the machine on which it is run. This database is initialized with names and accounts, some of them reserved. You must use the rgy_edit command to populate the database with objects and accounts.
When the master registry database is created, default ACL entries for registry objects are also created. These entries give the most privileged permission set to the principal named in the -cr[eator] option. If the principal is not one of the reserved names and accounts, sec_create_db adds it as a new principal and adds an account for that new principal. If the -cr option is not used, root is the creator.
The sec_create_db -slave option creates a slave database on the machine on which it is run. This command creates a stub database on the local node in dcelocal/var/security/rgy_data and adds the newly created replica to the masters replica list. The master then marks the replica to be initialized when a security server is started on the slaves node.
The sec_create_db command also creates a registry configuration file, named dcelocal/etc/security/pe_site, that contains the network address of the machine on which the database is created. This file supplies the binding address of the secd master server if the Naming Service is not available.
Files
/dcelocal/etc/security/pe_site
The file containing the network address of the machine on which the security database is created.
/dcelocal/var/security/rgy_data
The directory in which the registry database files are stored.
Related Information
Commands: