How to Open a Profile Shell

The profile shell, pfsh(1M), is a special shell that enables execution of security-relevant commands. A profile shell inherits the required privileges from the user or role's execution profile, hence the name profile shell.

The default shell of all administrative roles (root, secadmin, and admin) is a profile shell.

To Open a Profile Shell in an Administrative Role

Launch a terminal from a role workspace.

To Open a Profile Shell as a User or Non-Administrative Role

1. Launch a terminal from a user's or non-administrative role's workspace.

2. Type pfsh in the terminal to change the shell to a profile shell, if the profile shell has not been assigned as your default shell.

   % pfsh

To List the Commands Available to a Profile Shell

Enter the clist command and pipe it through more.

% clist | more

If the shell does not recognize the clist command, it is not a profile shell. If it prints a list of commands, it is a profile shell.

To See Process and Privilege Information in a Profile Shell

To see the process label, enter the plabel(1) command in a profile shell.

% plabel pid: [ADMIN_LOW]

If the plabel command is in your execution profile, the label of the process is displayed.

To see what privileges have been accorded to you, enter the ppriv(1) command.

$ ppriv pid: none

If the ppriv command is in your execution profile, the privileges available to commands run in the profile shell are displayed.