NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | WARNINGS | NOTES
sysh, the system shell, is a modified version of the Bourne shell, sh(1). sysh is used to control the use of privileges in commands run from the rc scripts. sysh allows any command to be executed but consults profiles for the privileges, user ID (UID), group ID (GID), and sensitivity label (SL) with which the command is to be run.
The system shell can be run only from a process with the Trusted Path attribute.
Refer to the sh(1) man page for a complete usage description. The sysh command adds the setprof command.
To list profiles and privileges that are being used by any command in a profile shell, use the smprofile(1) command. See EXAMPLES on the smprofile page for examples of using smprofile list.
sysh uses the specified profile to determine security attributes and privileges for executing subsequent commands. This switch is useful when the same command needs to be run with different privileges at different times. The default profile is the "boot" profile, used when sysh starts up and when setprof is called with no arguments.
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWtsrSUNWtsu |
sysh normally has all privileges forced so it can run commands with privileges. If sysh finds that a command needs privileges that sysh is not permitted, a warning message is printed and the command is run with no privileges.
These interfaces are uncommitted. Although they are not expected to change between minor releases of the Trusted Solaris environment, they may.
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | WARNINGS | NOTES