test

Trusted Solaris Installation and Configuration

Creating Finish Scripts

A finish script is a user-defined Bourne shell script, specified within the rules file, that performs tasks after the Trusted Solaris software is installed on the workstation, but before the workstation reboots. Finish scripts are used with custom JumpStart installations.

Important Information About Finish Scripts

The following information is important to know about finish scripts:

Ideas for Finish Scripts

You could set up finish scripts to perform the following tasks:

The following finish scripts are provided as examples:

Rebooting the Workstation with a Finish Script

Through a finish script, you can reboot the workstation.

    Add the last line in the example finish script to every finish script you create. 


    #!/bin/sh
/usr/sbin/reboot

Adding Files With Finish Scripts

Through a finish script, you can add files from the JumpStart directory to the already installed workstation. This is possible because the JumpStart directory is mounted on the directory specified by the SI_CONFIG_DIR variable (which is set to /tmp/install_config by default).

Note -

You can also replace files by copying files from the JumpStart directory to already existing files on the installed workstation.

The following procedure enables you to create a finish script to add files to a workstation after the Trusted Solaris software is installed on it:

Create a Finish Script to Add Files after Installation

  1. Copy all the files you want added to the installed workstation into the JumpStart directory.

  2. Insert the following line into the finish script for each file you want copied into the newly installed file system hierarchy. 


    cp ${SI_CONFIG_DIR}/file_name /a/path_name

For example, if you are using a custom JumpStart diskette to install Trusted Solaris, place a copy of the site's label_encodings file into the JumpStart directory on the diskette. The following finish script copies the file from the JumpStart directory into a workstation's /etc/security/tsol directory during a custom JumpStart installation: 


#!/bin/sh
cp ${SI_CONFIG_DIR}/ label_encodings  /a/etc/security/tsol

Customizing the Root Environment

Through a finish script, you can customize files already installed on the workstation. For example, the following finish script customizes the root environment by appending information to the .cshrc file in the root directory. 

#!/bin/sh
#
# Customize root's environment
#
echo "***adding customizations in /.cshrc"
test -f a/.cshrc || {
cat >> a/.cshrc <<EOF
set history=100 savehist=200 filec ignoreeof prompt="\$user@`uname -n`> "
alias cp cp -i
alias mv mv -i
alias rm rm -i
alias ls ls -FC
alias h history
alias c clear
unset autologout
EOF
}

Setting the System's Root Password With Finish Scripts

After Trusted Solaris software is installed on a workstation, the workstation reboots. Before the boot process is completed, the workstation prompts for the root password. This means that until someone enters a password, the workstation cannot finish booting.

The jumpstart_sample directory provides a finish script called set_root_pw that sets the root password for you. This allows the initial reboot of the workstation to be completed without prompting for a root password.

The set_root_pw file is shown below. 

#!/bin/sh
	#
	#       @(#)set_root_pw 1.4 93/12/23 SMI
	#
	# This is an example bourne shell script to be run after installation.
	# It sets the workstation's root password to the entry defined in PASSWD.
	# The encrypted password is obtained from an existing root password entry
	# in /etc/shadow from an installed machine.

	echo "setting password for root"

	# set the root password
	PASSWD=dKO5IBkSF42lw
	#create a temporary input file
cp /a/etc/shadow /a/etc/shadow.orig

	mv /a/etc/shadow /a/etc/shadow.orig
	nawk -F: '{
		if ( $1 == "root" )
		    printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,passwd,$3,$4,$5,$6,$7,$8,$9
		else
		    printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,$2,$3,$4,$5,$6,$7,$8,$9
		}' passwd="$PASSWD" /a/etc/shadow.orig > /a/etc/shadow
#remove the temporary file
	rm -f /a/etc/shadow.orig
	# set the flag so sysidroot won't prompt for the root password
	sed -e 's/0	# root/1	# root/' ${SI_SYS_STATE} > /tmp/state.$$
	mv /tmp/state.$$ ${SI_SYS_STATE}

There are several things you must do to set the root password in a finish script.

Create a Finish Script to Set the root Password

  1. Set the variable PASSWD to an encrypted root password obtained from an existing entry in a workstation's /etc/shadow file.

  2. Create a temporary input file of /a/etc/shadow.

  3. Change the root entry in the /etc/shadow file for the newly installed workstation using $PASSWD as the password field.

  4. Remove the temporary /a/etc/shadow file.

  5. Change the entry from 0 to a 1 in the state file, so that the install team will not be prompted for the root password.

    The state file is accessed using the variable SI_SYS_STATE, whose value currently is /a/etc/.sysIDtool.state. (To avoid problems with your scripts if this value changes, always reference this file using $SI_SYS_STATE.) The sed command shown here contains a tab character after the 0 and after the 1.

    Note -

    If you set your root password by using a finish script, be sure to safeguard against those who will try to discover the root password from the encrypted password in the finish script.