portmir Command

Purpose

Allows one TTY stream (monitor) to attach to another TTY stream (target) and monitor the user session that is taking place on that stream.

Syntax

portmir { -d mir_modem -t target [ -m monitor ] | -t target [ -m monitor ] | { -o | -c monitor | -q }

Description

The portmir command allows one TTY stream (monitor) to attach to another TTY stream (target) and monitor the user session that is taking place on that stream. This is accomplished by pushing a special "mirror" module into both the target and monitor TTY streams.

Both the target and monitor TTYs receive a printed message on their respective displays when a monitoring session begins. The monitoring session can be terminated from either the target TTY, monitor TTY, or a third TTY not involved in the monitoring session. When the monitor is used in a non-service mode, both streams must be in the open state (that is, either a getty or active session must be taking place on each TTY) in order for the command to work. This is necessary to allow the pushing of the "mirror" streams module. The portmir command is supported for use with TTY devices only (PTS, TTY, LFT).

The terminal type, as defined in the TERM environment variable, must be the same for both the monitor and target TTY. The value of this environment variable must correspond to a valid entry in the terminfo database. An example terminal type would be ibm3151 or vt100. The LFT is similar to the vt100. Terminal emulators such as aixterm are usually similar in function to vt100.

Although the console can be used as either the target TTY or the monitor TTY, using the console as the monitor TTY is not recommended. However, if the console is used as the monitor TTY, note that the console is first automatically redirected to the target TTY for the duration of the monitoring session. When the monitoring session is terminated, the console is redirected back to the device specified in the CuAt ODM database attribute syscons. If the console had been previously redirected, the redirection is not preserved.

Async devices that provide offloading of character processing may have problems if they are mirroring devices that rely on the line discipline (ldterm) to provide this function. An example of this would be the 128-port async adapter. Use the chdev command to disable the fastcook attribute if a port of a dissimilar adapter is monitored. Run the command as follows:

chdev -l tty1 -a fastcook -disable

You can use the Devices application in Web-based System Manager (wsm) to change device characteristics.

Flags

Item Description
-c monitor Configures port for service boot by creating CuAt ODM database attribute portmir_monitor, which contains the device parameter as the value field. This device is used later as the default monitoring device when the portmir command is invoked in service mode (-s flag).

Mirroring must be configured by the system administrator to execute at service boot time using the -c option. The target defaults to the device defined in the portmir_monitor attribute.

-d mir_modem Sets monitoring port for dial-in purposes. Only the root user can issue the command with this flag. Ensure that /usr/share/mir_modem is linked to the correct modem setup file. /usr/share/mir_modem contains example files; you may need to create your own, depending on your type of modem.
-m monitor Specifies monitoring device. If neither the -m option nor the -s option are specified, then the monitoring device defaults to the port on which the portmir command was run.
-o Turns off monitoring and terminates the command.
-q Queries the value set with the -c option.
-t target Specifies target device to be monitored.

Security

Only a single mirror session may be running at any one time.

To mirror a port in the nonservice mode, place a list of users who may monitor them in a .mir file in your home directory (not required for the root user). When the mirror daemon begins running, the daemon checks to see who is on that port. It then checks to see if the user of the monitoring port is authorized to monitor that port.

The .mir file must have the format of a single user ID per line.

Attention: Running the su command to change to root user during a mirror session gives root authority to both users.

Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Examples

  1. After user1 has placed user2's login ID into /u/user2/.mir file, to mirror user1 on target tty1 from user2 on monitor tty2, enter:
    portmir -t tty1 -m tty2
  2. To mirror target tty1 to user on monitor tty2 who is dialing in, enter:
    portmir -t tty1 -m tty2 -d mir_modem
  3. To set up mirroring for service boot, specifying the monitoring device during the service boot, enter:
    portmir -c tty
  4. To disable mirroring during the service boot, enter:
    portmir -c off
  5. To query the service boot mirroring device, enter:
    portmir -q

Files

Item Description
/usr/share/modems/mir_modem Modem configuration file examples for setting up dial-in.
/usr/sbin/portmir Contains the command file.