db_archive(8)db_archive(8)NAMEdb_archive - displays security database log files no longer involved in
active transactions (Enhanced Security)
SYNOPSIS
/usr/tcb/bin/db_archive [-alsv] [-h home]
OPTIONS
Write all pathnames as absolute pathnames, instead of relative to the
database home directories. Specify a home directory for the database.
The correct directory for enhanced security is /var/tcb/files. Write
out the pathnames of all of the database log files, whether or not they
are involved in active transactions. Write the pathnames of all of the
database files that need to be archived in order to recover the data‐
base from catastrophic failure. If any of the database files have not
been accessed during the lifetime of the current log files, db_archive
does not include them in this output. It is possible that some of the
files referenced in the log have since been deleted from the system. In
this case, db_archive ignores them. When db_recover is run, any files
referenced in the log that are not present during recovery are assumed
to have been deleted and are not be recovered. Run in verbose mode,
listing the checkpoints in the log files as they are reviewed.
DESCRIPTION
A customized version of the Berkeley Database (Berkeley DB) is embedded
in the operating system to provide high-performance database support
for critical security files. The DB includes full transactional support
and database recovery, using write-ahead logging and checkpointing to
record changes.
The db_archive utility is provided for maintenance of the log files
associated with the security database. It writes the pathnames of log
files that are no longer in use (that is, no longer involved in active
transactions), to the standard output, one pathname per line. These log
files should be written to backup media to provide for recovery in the
case of catastrophic failure (which also requires a snapshot of the
database files), but they may then be deleted from the system to
reclaim disk space. You should perform a db_checkpoint -1 before using
db_archive.
The secconfig utility can create a cron job that periodically checks
the security log files and deletes those no longer in use, as deter‐
mined by db_archive. Be sure to coordinate this with the site backup
schedule.
The db_archive utility attaches to one or more of the Berkeley DB
shared memory regions. In order to avoid region corruption, it should
always be given the chance to detach and exit gracefully. To cause
db_archive to clean up after itself and exit, send it an interrupt sig‐
nal (SIGINT).
RETURN VALUES
The db_archive utility exits 0 on success, and >0 if an error occurs.
ENVIRONMENT VARIABLES
If the -h option is not specified and the environment variable DB_HOME
is set, it is used as the path of the database home. The home directory
for security is /var/tcb/files.
FILES
/var/tcb/files/auth.db
/var/tcb/files/dblogs/*
SEE ALSO
Commands: db_checkpoint(8), db_dump(8), db_load(8), db_printlog(8),
db_recover(8), db_stat(8), secconfig(8)db_archive(8)