man pages section 1M: System Administration Commands

sysh(1M)

NAME

sysh– system shell

SYNOPSIS

sysh

-acefhiknpPrstuvx

argument

DESCRIPTION

sysh, the system shell, is a modified version of the Bourne shell, sh(1). sysh is used to control the use of privileges in commands run from the rc scripts. sysh allows any command to be executed but consults profiles for the privileges, user ID (UID), group ID (GID), and sensitivity label (SL) with which the command is to be run.

USAGE

Refer to the sh(1) man page for a complete usage description. The sysh command adds the setprof command.

To list profiles and privileges that are being used by any command in a profile shell, use the smprofile(1) command. See EXAMPLES on the smprofile page for examples of using smprofile list.

Commands

setprof [ profilename ]

The setprof command is used to specify a profile other than the boot profile. A profile with a space in its name must be specified within single quotes. For example:

setprof 'custom boot'

Commands in sysh scripts must be specified in a profile only if they need to run with non-default attributes. The default attributes are:

label       ADMIN_LOW
clearance   ADMIN_LOW
uid         0
gid         0

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWtsr
	SUNWtsu

Trusted Solaris 8 HW 12/02 Reference Manual

smprofile(1M), exec_attr(4), prof_attr(4)

SunOS 5.8 Reference Manual

sh(1), attributes(5)

WARNINGS

If sysh finds that a command needs privileges that sysh does not inherit, a warning message is printed and the command is run with no privileges.

NOTES

These interfaces are uncommitted. Although they are not expected to change between minor releases of the Trusted Solaris environment, they may.

Trusted Solaris 8 HW 12/02 Last Revised 13 Apr 2001