secons Utility Manage Resource Caching on UNIX

Valid on UNIX
capamsc141
Valid on UNIX
The secons utility manages resource caching (file cache) on UNIX. The cache, a runtime table, "remembers" the previous answer to an authorization request (permit or deny) for resources in the FILE class. When an identical authorization is requested, the request is answered with the last response that was stored in the cache memory tables.
This command has the following format:
secons [-C+] [-C-] [-CA value] [-CC interval] [-CD] \
[-CF value] [-CI init_value] [-CP interval] -CU value]
  • -C+
    Enables caching of file authorization.
  • -C-
    Disables caching of file authorization.
  • -CA
    value
    Specifies the maximum number of authorization records in a table.
    Default:
    80
    Limits:
    A number between 1 and 800
  • -CC
    interval
    Specifies the cache clean interval in minutes.
    Default:
    60
    Limits:
    A number greater than 0
  • -CD
    Displays the cache table to the standard output.
  • -CF
    value
    Specifies the maximum number of file records in a table.
    Default:
    20
    Limits:
    A number between 1 and 200
  • -CI
    init_value
    Specifies the initial priority value for a new record in the cache table.
    Default:
    10
  • -CP
    interval
    Specifies the cache priority computing interval.
    Default:
    1 (one record)
    Limits:
    A number between 1 and 10
  • -CU
    value
    Specifies the maximum number of user records in a table.
    Default:
    50
    Limits:
    A number between 1 and 500
Example: Change cache settings
The following example shows you how you can change settings of the cache so that the maximum number of file, user, and authorization records in the cache are 60:
secons -CF 60 -CU 60 -CA 60
Example: Display the cache table
The following example shows the output of the secons -CD command:
============================================================================= FILE CACHE (configuration, statistics, and dispatcher data) ----------------------------------------------------------------------------- sizes(bytes) tables: | max records: | intervals cache head files users auth | files users auths |clean prio ----------------------------------------------------------------------------- 40244 44 5600 4200 30400 | 20 50 80 | 60 1 =========================================================================== table |statistics | priority |min | rec | average |pri |init name | hits misses (ok)| maxim minim|ind | used | usage life |fact|prio --------------------------------------------------------------------------- files | 5 1 83% | 0 0 | 0 | 1 | | | users | 5 1 83% | 10 2 | 0 | 1 | 0 0 | 1 | 10 auths | 4 2 66% | 2 | 0 | 2 | | | =========================================================================== FILE TABLE --------------------------------------------------------------------------- No type pid priority user file name --------------------------------------------------------------------------- 0 EXPL 372 0 0 /etc/shadow =========================================================================== USER TABLE --------------------------------------------------------------------------- No user name prio life used UID EUID RUID auth prev(file)next --------------------------------------------------------------------------- 0 root 2 2 7 0 0 0 0 50( 0) 50 =========================================================================== AUTHORIZATION RESULT TABLE (R - Result: 'P'-permit, 'D'-deny ...) --------------------------------------------------------------------------- No R ACEE acc Log stage prv(usr)nxt time terminal program --------------------------------------------------------------------------- 0 P 6 read 0 00036 80( 0) 1 07:48:25 /usr/bin/login ===========================================================================
The following explains the preceding output:
The output consists of five parts:
  • The cache configuration. It contains the following fields:
    • Size of the cache (in bytes)
    • Size of the cache header (in bytes)
    • Size of the file table (in bytes)
    • Size of the user table (in bytes)
    • Size of the results table (in bytes)
    • The maximum number of file records
    • The maximum number of user records
    • The maximum number of result records
    • Statistic: hits in the table
  • The table of file records. It contains the following fields:
    • Sequential number of the record
    • Type of the file (EXPLICIT, IMPLICIT)
    • Process ID number
    • Priority of the record, is sum of its users priorities
    • Appropriate user record number in the table of users
    • Name of the file
  • The table of users. It contains the following fields:
    • Sequential number of the record
    • User name
    • Priority of the record
    • Record lifetime counter
    • Record usage counter
    • User ID; user effective ID; really used by security ID
    • Appropriate authorization record number in the table of authorization
    • Previous user record number in the chain of users
    • Appropriate file record number
    • Next user record in the chain of users
  • The table of authorization results. It contains the following fields:
    • Terminal
    • Stage
    • Granted stage
    • Result - authorization result (P or D)
    • ACEE number
    • Access type
    • Logging options flag value
    • The stage number the decision was made
    • Previous authorization record number in the chain of records
  • Appropriate user record number
    • Next authorization record number in the chain of records
    • Statistic: the number of missed records in the table
    • Authorization class
    • Program name (with the via parameter)
    • Notification string
    • Update time (GMT)
  • Dispatcher Data. It contains the following fields:
    • Statistic: number of missed records in the table
    • Statistic: number of hits in the table
    • Maximum priority in a table
    • Minimum priority in a table
    • Number of entries with minimum priority
    • Number of used records
    • Average usage (only for users table)
    • Average life (only for users table)
    • Priority calculation factor (only for users table)
    • Initial value of the record priority (only for users table)