Begin and finish scripts in the Trusted Solaris environment are edited by an administrative role, and run in a profile shell. See the pfexec(1) man page for information on profile shells.
Add the last line in the example finish script to every finish script you create.
#!/bin/pfsh /usr/sbin/reboot |
Use the Trusted Solaris information that follows to modify the procedure in "To Add Files With a Finish Script" in Solaris 8 Advanced Installation Guide.
For example, if you are using a custom JumpStart diskette to install Trusted Solaris software, place a copy of the site's label_encodings file into the JumpStart directory on the diskette.
The following finish script copies the file from the JumpStart directory into a workstation's /etc/security/tsol directory during a custom JumpStart installation:
#!/bin/pfsh cp ${SI_CONFIG_DIR}/ label_encodings /a/etc/security/tsol |
Use the Trusted Solaris information that follows to modify the procedures in "Setting the System's Root Password With a Finish Script" in Solaris 8 Advanced Installation Guide.
As admin at label ADMIN_LOW
, set the variable PASSWD to an encrypted root password obtained from an existing entry in a workstation's /etc/shadow file.
If you set your root password by using a finish script, be sure to safeguard against those who will try to discover the root password from the encrypted password in the finish script.