sysck Command

Purpose

Checks the inventory information during installation and update procedures.

Syntax

sysck { -i | -u } [  -R RootPath ] [  -N ] [ -v ] [  -s SaveFile ] [  -O { r | s | u } ] -f File ProductNametcbck Flags }

All of the tcbck command flags are valid with this command.

Description

Attention: The sysck command DOES NOT support checking files that are greater than 2 gigabytes. If a product needs to ship a file that is greater than 2 gigabytes, set size and checksum values in their Fileset.inventory to VOLATILE, so the sysck command will not try to access the file.
Note: All of the tcbck command flags are valid with the sysck command. This feature provides compatibility with Version 3.1. For more information on the tcbck command and a complete listing of its flags, refer to AIX® Version 7.1 Commands Reference.

The sysck command checks file definitions against the extracted files from the installation and update media and updates the Software Vital Product Data (SWVPD) database. The sysck command does not recognize the following special characters in file names: `, ', \, ", ^, ( ), |, {}, [], <>,and : . If a file name contains one of these characters, the sysck command fails.

The sysck command is primarily used during the installation and update of software products.

When invoked with the -i flag, the sysck command checks the attributes of an extracted file with its file definitions, updates the SWVPD, and attempts to fix some errors if they exist.

The File parameter is the name of the stanza file that contains the file definitions. An example of such a file is the /etc/security/sysck.cfg file, although the syschk command does not use this file. The sysck command checks the size, links, symlinks, owner, group, and mode attributes of a file for which the type attribute is set to FILE. When invoked with the -v flag as well as the -i flag, sysck also checks the checksum value of a file.

The sysck command updates the file name, product name, type, checksum, and size of each file in the SWVPD database.

To fix errors, the sysck command resets the attribute of the installed or updated file to the defined value in the File stanza file, except for some attributes as described in "Fixing Errors".

When invoked with the -u flag, the sysck command removes the entry from the SWVPD database for each file that is part of the software product ProductName. The sysck command also deletes any hard links and symbolic links for each file, as defined in the SWVPD database.

Flags

Item Description
-f File Specifies the name of the stanza file that contains the file definitions.
-i Checks for the correct installation of a software product's files. Updates the SWVPD database with the file definitions, and attempts to fix some errors if found.
-N Specifies that the SWVPD database should not be updated.
-O {r|s|u} Specifies which part of the SWVPD is to be updated, as follows:
r
Specifies the root part of the SWVPD.
s
Specifies the /usr/share part of the SWVPD.
u
Specifies the /usr part of the SWVPD (default).
Item Description
-R RootPath Use RootPath as root instead of "/".
-s SaveFile Takes a snapshot of what is currently in the VPD and saves it in stanza format to the file specified by SaveFile. Called with the -u option. No action is taken in the database with this flag. Must be used with the -f option. For example:
sysck -i -s /tmp/save.inv -f /tmp/real.inv bos.rte.shell
-u Deletes file entries from the SWVPD and deletes hard links and symbolic links.
-v Verifies that the checksum is correct.
ProductName Specifies the installable software product or option that is being checked.

Environment Variables

Item Description
INUTREE The environment variable INUTREE has only the following four valid values:
NULL
Same as INUTREE not being set.
M
Specifies the root part of the SWVPD.
S
Specifies the /usr/share part of the SWVPD.
U
Specifies the /usr part of the SWVPD (default).

INUTREE can be used instead of the -O Tree flag.

INUNOVPD The environment variable INUNOVPD can be null or can be set to 1. If it is set to 1 then sysck does not update the SWVPD. INUNOVPD can be used instead of the -N flag.
INUVERIFY If the environment variable INUVERIFY is set to 1 sysck verifies that the checksum attributes in the stanza file are correct. INUVERIFY can be used instead of the -v flag.

File Definitions

Item Description
acl The access control list for the file. If the value is blank, the acl attribute is removed. If no value is specified, the command computes a value, according to the format described in Access Control Lists.

This attribute should grant x (execute) access only to the root user and members of the security group. The command should setuid to the root user and have the trusted computing base attribute.

class The logical group of the file. A value must be specified because it cannot be computed. The value is ClassName [ClassName].
checksum The checksum of the file. If the value is blank, the checksum attribute is removed. If no value is specified, the command computes a value, according to the format given in the sum command. The value is the output of the sum -r command, including spaces.
group The file group. If the value is blank, the group attribute is removed. If no value is specified, the command computes a value, which can be a group ID or a group name.
mode The file mode. If the value is blank, the mode attribute is removed. If no value is specified, the command computes a value, which can be an octal number or a string (rwx), and have the TCB, SUID, SGID, and SVTX attributes.
owner The file owner. If the value is blank, the owner attribute is removed. If no value is specified, the command computes a value, which can be a user ID or a user name.
size The size of the file in bytes. If the value is blank, the size attribute is removed. A VOLATILE value in the size field indicates that the file size will change (so no checksum value can be given). A NOSIZE value indicates that the file has 0 length. If no value is specified, the command computes a value, which is a decimal number.
target Allows symbolic links and hard links to exist as separate stanzas in the inventory. The target file definition refers to the full path name of the source of the link, for example:
/etc/foo --> /usr/bar

The target is /usr/bar.

type The type of file. This value cannot be blank. If no value is specified, the command computes a value, which can be the FILE, DIRECTORY, FIFO, BLK_DEV, CHAR_DEV, LINK, MPX_DEV, and SYMLINK keywords.
xacl An addition to the extended-access control list. A value must be specified as a single entry in an extended-access control list because the value cannot be computed. This attribute is valid only if the -i flag is used. For information about the format, see the acl file definition above.

Fixing Errors

To fix errors, the sysck command resets the attribute of the installed or updated file to the defined value defined in the File stanza file except for the following attributes, for which the sysck command acts as described:

Item Description
links Creates any missing hard links. If a link exists to another file that is not listed in this definition, the link is deleted.
program If this attribute is included in the File stanza file, sysck invokes the program. A message is printed if an error occurs, but no additional action is taken.
symlinks Creates any missing symbolic links. If a link exists to another file that is not listed in this definition, the link is deleted.

Security

Privilege Control: Only the root user can run this command.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. A product that uses the installp command to install ships an inventory file in its image. To add the definitions to the inventory database and check permissions, links, checksums, etc., enter:

    sysck  -i  -f dude.rte.inventory dude.rte

    where dude.rte.inventory would look like the following:
    /usr/bin/dude.exec:
       class = apply,inventory,dude.rte
       owner = bin
       group = bin
       mode = 555
       type = FILE
       size = 2744
       checksum = "04720        3"
  2. To remove any links to files for a product that has been removed from the system and remove the files from the inventory database, enter:

    sysck  -u  -f dude.rte.inventory dude.rte

Files

Item Description
/etc/objrepos/inventory Specifies names and locations of files in a software product on the root.
/usr/lib/objrepos/inventory Specifies names and locations of files in a software product on the /usr file system.
/usr/share/lib/objrepos/inventory Specifies names and locations of files in a software product on the /usr/share file system.