To Run rc Scripts With Security Attributes

To add security to rc scripts, create a new profile and use the setprof command to refer to the new profile in a new sysh(1M) script, as described in this procedure.

1. Assume the Security Administrator role and use the Admin Editor action at ADMIN_LOW to create a new sysh script in /etc/init.d.

   See the sysh(1M) man page and "System Shell". The first line of the script should read as follows:

   #!/bin/sysh

2. On the second line of the script, type in the setprof option to identify the name of a rights profile.

   setprof new_profile_name

3. Save and quit the file.

   :wq

4. In the /etc/init.d directory, make a hard link from the new script to the desired /etc/rcn.d directories.

   1. For each run level at which the command should be started or stopped, go to the appropriate /etc/rcn.d directory and create a hard link from a properly-named target file to the /etc/init.d directory.

   2. Use the proper prefix in the target file's name for either starting (S) or stopping (K).

   3. Use the proper numbers in the target file's name to help determine the order in which the script is executed during the run level.

      In the following example, the name of the new script in /etc/init.d is new_script, which is linked to /etc/rc2.d/S89new_script and /etc/rc2.d/K8new_script.

      $ pwd /etc/init.d $ ln new_script /etc/rc2.d/S89new_script $ ln new_script /etc/rc2.d/K89new_script

5. Use the Rights tool with the Files scope to create a new rights profile.

6. Add the command and any desired security attributes.

7. Reboot to effect the change.