Trusted Solaris Script Examples

Begin and finish scripts in the Trusted Solaris environment are edited by an administrative role, and run in a profile shell. See the pfexec(1) man page for information on profile shells.

Reboot the Workstation with a Finish Script

Add the last line in the example finish script to every finish script you create.

#!/bin/pfsh /usr/sbin/reboot

Add label_encodings File with a Finish Script

Use the Trusted Solaris information that follows to modify the procedure in "To Add Files With a Finish Script" in Solaris 8 Advanced Installation Guide.

For example, if you are using a custom JumpStart diskette to install Trusted Solaris software, place a copy of the site's label_encodings file into the JumpStart directory on the diskette.

The following finish script copies the file from the JumpStart directory into a workstation's /etc/security/tsol directory during a custom JumpStart installation:

#!/bin/pfsh cp ${SI_CONFIG_DIR}/ label_encodings /a/etc/security/tsol

Set the Root Password With a Finish Script

Use the Trusted Solaris information that follows to modify the procedures in "Setting the System's Root Password With a Finish Script" in Solaris 8 Advanced Installation Guide.

As admin at label ADMIN_LOW, set the variable PASSWD to an encrypted root password obtained from an existing entry in a workstation's /etc/shadow file.

If you set your root password by using a finish script, be sure to safeguard against those who will try to discover the root password from the encrypted password in the finish script.