man pages section 1: User Commands

Intro(1)

NAME

Intro- introduction to commands and application programs

DESCRIPTION

This section describes Solaris and Trusted Solaris^TM commands. These commands can be:

Commands that are unique to and originate in the Trusted Solaris operating environment, such as getlabel(1), which allows users to see the label of a file.
SunOS 5.8 (Solaris 8) commands that have been modified to work within the Trusted Solaris security policy, such as tar(1), which has a new -s option that maintains security attributes, such as labels, on archives. Man pages for modified commands have been rewritten to remove information that is not accurate for how the command behaves within the Trusted Solaris operating environment. Modified man pages also have added descriptions for new features, options, and arguments.
SunOS 5.8 commands that remain unchanged from the Solaris 8 release, such as who(1).

SPECIALIZED PAGES

Section 1 specialized pages are categorized as follows:

1B

Commands found only in the SunOS/BSD Compatibility Package. Refer to the Source Compatibility Guide for more information.

Printer commands in this section are modified in the Trusted Solaris environment.

1C

Commands for communicating with other systems.

No commands in this section are modified in the Trusted Solaris environment.

1F

Commands associated with Form and Menu Language Interpreter (FMLI).

No commands in this section are modified in the Trusted Solaris environment.

1S

Commands specific to the SunOS system.

No commands in this section are modified in the Trusted Solaris environment.

OTHER SECTIONS

See these sections of the man pages section 1M: Trusted Solaris System Administration Commands and the man pages section 1M: System Administration Commands for more information.

Section 1M for system maintenance commands.

Some commands in this section have been modified in the Trusted Solaris environment, and there are added commands.
Section 4 for information on file formats.

Some file formats in this section have been modified in the Trusted Solaris environment, and there are added entries.
Section 5 for descriptions of publicly available files and miscellaneous information pages.

The Trusted Solaris environment adds privilege macros and PAM module authentication information to this section.
Section 6 in this manual for computer demonstrations.

No entries in this section are modified in the Trusted Solaris environment.

For tutorial information about commands and proceduresthat are unchanged from the Solaris 8 release, see:

OpenWindows Advanced User's Guide

For tutorial information about commands and procedures particular to the Trusted Solaris environment, see the Trusted Solaris administrator's document set.

Trusted Solaris Manual Page Display

The manual pages are available in three formats: online, AnswerBook2^TM collections, and in printed form.

Online man pages: Includes all man pages in the Solaris and Trusted Solaris environments. To view, enter the man page name, such as man ppriv or man cp in a terminal window in the Trusted Solaris environment.
AnswerBook2^TM collections: Includes all man pages in the Trusted Solaris environment in the Trusted Solaris Reference Manual Collection, and all man pages in the Solaris operating environment in the Solaris Reference Manual Collection. Hyperlinks connect Trusted Solaris man pages to Solaris man pages where necessary. To view, go to http://docs.sun.com, or use the collections on your AnswerBook2 server.
Printed Trusted Solaris 8 4/01 Reference Manual: Includes only those man pages that have been modified from their Solaris counterparts, or that originate in the Trusted Solaris environment. Printed versions of SunOS 5.8 man pages are found in the SunOS 5.8 Reference Manual.

Manual Page Command Syntax

Unless otherwise noted, commands described in the SYNOPSIS section of a manual page accept options and other arguments according to the following syntax and should be interpreted as explained below.

name [-option...] [cmdarg...] where:

[ ]: Surround an option or cmdarg that is not required.
...: Indicates multiple occurrences of the option or cmdarg.
name: The name of an executable file.
{ }: The options and/or arguments enclosed within braces are interdependent, such that everything enclosed must be treated as a unit.
option: (Always preceded by a "-".) noargletter... or, argletter optarg[,...]
noargletter: A single letter representing an option without an option-argument. Note that more than one noargletter option can be grouped after one "-" (Rule 5, below).
argletter: A single letter representing an option requiring an option-argument.
optarg: An option-argument (character string) satisfying a preceding argletter. Note that groups of optargs following an argletter must be separated by commas, or separated by a tab or space character and quoted (Rule 8, below).
cmdarg: Path name (or other command argument) not beginning with "-", or "-" by itself indicating the standard input.

Command Syntax Standard: Rules

These command syntax rules are not followed by all current commands, but all new commands will obey them. getopts(1) should be used by all shell procedures to parse positional parameters and to check for legal options. It supports Rules 3-10 below. The enforcement of the other rules must be done by the command itself.

Command names (name above) must be between two and nine characters long.
Command names must include only lower-case letters and digits.
Option names (option above) must be one character long.
All options must be preceded by "-".
Options with no arguments may be grouped after a single "-".
The first option-argument (optarg above) following an option must be preceded by a tab or space character.
Option-arguments cannot be optional.
Groups of option-arguments following an option must either be separated by commas or separated by tab or space character and quoted (-o xxx,z,yy or - o "xxx z yy").
All options must precede operands (cmdarg above) on the command line.
"--" may be used to indicate the end of the options.
The order of the options relative to one another should not matter.
The relative order of the operands (cmdarg above) may affect their significance in ways determined by the command with which they appear.
"-" preceded and followed by a space character should only be used to mean standard input.

Rules for the Display and Entering of Labels

The Trusted Solaris environment always displays labels in uppercase. Users may enter labels in any combination of uppercase and lowercase. Depending on how the system is configured and how the user is set up, a user may see sensitivity labels or no labels at all in the top frame of each window and in the trusted stripe, among other places in the user's workspace. Sensitivity labels display within brackets, in the long form (within the window system).

Note -

If you need to enter labels on the command line, see the expanded Rules for the Display and Entering of Labels in Intro(1M).

DEFINITIONS

ACL

See access control list

Access Control List

A type of discretionary access control based on a list of entries that the owner can specify for a file or directory. An access control list (ACL) can restrict or permit access to any number of individuals and groups, allowing finer-grained control than provided by the standard UNIX permission bits.

Accreditation Range

Actually not a range, but a set made up of labels. See user accreditation range and system accreditation range for more about the two types of accreditation ranges in the Trusted Solaris environment.

Allocatable Device

A device to which access is controlled in the Trusted Solaris environment by making the device allocatable to a single user at a time. Not all devices are allocatable. Allocatable devices include tape drives, floppy drives, audio devices, and CD-ROM devices. (See device allocation.)

Authorization

A right granted to a user to perform an action that would otherwise not be allowed by the Trusted Solaris security policy. Certain commands require the user to have certain authorizations to succeed. Similar to the use of privilege on programs.

CDE action

A bundling mechanism used in the Trusted Solaris environment to allow one or more commands to be specified for a particular task that in turn may be assigned to one or more users. A CDE action can have a set of options and arguments specified along with each of the command(s) and can use a dialog box to prompt the user for additional arguments. Each CDE action usually has its own icon, is assigned its own set of security attributes, and may be specified in an rights profile.

CMW Label

Consists of obsolete internal information followed by a sensitivity label in brackets. In output, the obsolete information is displayed as ADMIN_LOW, for example, ADMIN_LOW [ SENSITIVITY LABEL ]. In input, the obsolete information is ignored.

Classification

The hierarchical portion of a sensitivity label or clearance, each of which has only one classification. In a sensitivity label assigned to a file or directory, a classification indicates a relative level of protection based on the sensitivity of the information contained in the file or directory. In a clearance assigned to a user and to processes that execute applications and commands on behalf of the user, a classification indicates a level of trust.

Clearance

The upper bound of the set of labels at which a user may work, whose lower bound is the minimum label assigned by the security administrator as the initial label. There are three types of clearance: user clearance, process clearance, and session clearance.

Compartments

A set of words in a sensitivity label or clearance. The compartment represents areas of interest or work groups associated with the labels that contain them and with the files that are assigned the labels and the individuals that work with them.

DAC

See discretionary access control.

Discretionary Access Control

The type of access granted or denied by the owner of a file or directory at the discretion of the owner. The Trusted Solaris environment provides two kinds of discretionary access controls (DAC): permission bits and access control lists.

Device Allocation

A mechanism for protecting the information on an allocatable device from access by anybody except the user who allocates the device. Until a device is deallocated, no one but the user who allocated a device can access any information associated with the device. Device clean scripts may be run when the device is deallocated to clean information from the device before the device may be accessed again by another user. For a user to allocate a device, that user must have been granted the device allocation authorization by the security administrator, and the user process' sensitivity label must be within the device's label range. Upon deallocation of a storage device, such as a tape or floppy drive, the system prompts the user to remove the storage media and supplies a label that the user is prompted to write on the physical label, for guidance on how the media should be handled, if sensitivity labels are configured for display.

Dominate

When any type of label (sensitivity label or clearance) has a security level equal to or greater than the security level of another label to which it is being compared, the first label is said to dominate the second. The classification of the dominant label must equal or be higher than the classification of the second label, and the dominant label must include all the words (compartments and markings, if present) in the other label. Two equal labels dominate each other. Sensitivity labels are compared for dominance when MAC decisions are being made. See strictly dominate.

File Access

Because in UNIX systems just about everything (including a spreadsheet, a printer, a letter, a chapter of a book, or a mail message) is handled as a file, which is stored in a directory--to do just about anything the user must access files and directories. The conditions for access are described here. (Even though devices are treated as files in the UNIX system, devices have slightly different mandatory access rules than files or directories, and these rules are separately described in this section.) A file, directory, or device may be accessed in three ways:

The name of the file, directory, or device may be viewed,
The contents or the attributes of the file, directory, or device may be viewed, or
The contents or the attributes of the file, directory, or device may be modified.

In the Trusted Solaris environment, each of these types of access is granted or denied based not only on whether the basic UNIX discretionary access control checks have been passed but also on whether the mandatory access control checks have been passed.

All types of access require that the sensitivity label of the process dominates the sensitivity label of all directories in the pathname and that the owner of the process (the person who executed the command) has discretionary search access for each directory in the pathname. View access to the name of the file, directory or device requires only that this part of the check is passed.

For view access (read access) to the contents or attributes of a file or a directory, the process' sensitivity label must dominate the sensitivity label of the file or directory. For view access to the contents of a device (for example, so you can read information stored on a tape in a tape drive), the process' sensitivity label must be equal to the sensitivity label of the device. The owner of the process also must have discretionary read access to the file, directory, or device.

For a process to write into a file or to modify the file's attributes, the sensitivity label of the file must dominate the sensitivity label of the process and must be within the process' clearance, which is set to be the session clearance. For a process to write into a directory (create a file), the sensitivity label of the process must equal the sensitivity label of the directory. For a process to write to a device (for example, store information on a tape in a tape drive), the sensitivity label of the process must also equal the sensitivity label of the device. The security policy for device files can differ from the policy for regular files based on how the policy is defined in the device_policy(4) file, which can be changed by the security administrator. The owner of the process must have discretionary write access to the file, directory, or device.

For each type of failure of a MAC or DAC check, a specific override privilege may be applied to the command, depending on the type of access being denied. A privilege can be made available to a command only by the action of a security administrator, because the security administrator must ensure that the user who executes the command is cleared to, or that the command may be trusted to, use the privilege in a trustworthy manner.

These conditions and the listed override privileges apply to any type of access:

If the sensitivity label of the process does not dominate the sensitivity label of a directory in the pathname, then the process must have the privilege to search up (search a directory whose sensitivity label dominates the sensitivity label of the process), which is file_mac_search.
If the user executing the command does not have discretionary search permission for a directory in the pathname, then the process must have the privilege to override search restrictions when accessing a directory, which is file_dac_search.

These conditions and the listed override privileges apply to view (read) access:

If the sensitivity label of the process does not dominate the sensitivity label of a file or equal the sensitivity label of a directory or device, then the process must have the privilege to override MAC read restrictions, which is file_mac_read.
If the user executing the command does not have discretionary read permission for the file or directory, then the process must have the privilege to override DAC read restrictions, which is file_dac_read.

These conditions and the listed override privileges apply to modify (write) access:

If the sensitivity label of file does not dominate or if the sensitivity label of a directory or device does not equal the sensitivity label of the process, the process must have the privilege that overrides MAC write restrictions, allowing the user to write up and to write above the user's clearance, which is file_mac_write.
If the user executing the command does not have discretionary write permission for the file or directory, then the process must have the privilege to override DAC write restrictions, which is file_dac_write.

Initial Label

The user's minimum label set by the security administrator when specifying a user's security attributes, this is the sensitivity label of the first workspace that comes up after the user's first login.

Label

A security identifier assigned to a file or directory based on the level at which the information being stored in that file or directory should be protected. Depending on how the security administrator has configured the environment, users may see the complete CMW label, only the sensitivity label portion, or no labels at all.

Label Range

A set of sensitivity labels assigned to file systems, hosts, networks, sockets, printers, workstations, and allocatable devices, specified by designating a maximum label and a minimum label. In general, restricted label ranges can be used to restrict access to a device such as a workstation or a printer. For hosts and networks, label ranges are used to limit the labels at which communications are allowed. For file systems, the minimum and maximum labels limit the sensitivity labels at which information may be stored on each file system. Trusted Solaris environments have multilabel file systems configured with a label range from the lowest sensitivity label to the highest sensitivity label. Remote hosts that do not recognize labels are assigned a single sensitivity label, along with any other hosts that the security administrator wishes to restrict to a single label; the label range on a file system mounted from such a host is configured to be restricted to the same sensitivity label as the remote host's sensitivity label. For allocatable devices, the minimum and maximum labels limit the sensitivity labels at which devices may be allocated and restrict the sensitivity labels at which information can be stored or processed using the device.

MAC

See mandatory access control.

MLD

See multilevel directory.

Mandatory Access Control

A type of control based on comparing the sensitivity label of a file, directory, or device to the sensitivity label of the process that is trying to access it. Even though directories and devices are managed like files in the UNIX system, different MAC rules apply to directories and devices than the rules that apply to files. Before a file may be accessed for writing, MAC checks ensure that the sensitivity label of the file dominates the sensitivity label of the process--a policy called write up. A process cannot write to a file whose sensitivity label is higher than the process' clearance, which is set to be equal to the session clearance. (The write up policy also includes write equal.) Before a directory or a device may be accessed for writing,MAC checks ensure that the sensitivity label of the directory or device is equal to the sensitivity label of the process--a policy called write equal. Before a file or directory may be accessed for viewing (reading or searching), MAC checks ensure that the sensitivity label of the process dominates the sensitivity label of the file or directory--a policy called read down. Before a device may be accessed for viewing, MAC checks ensure that the sensitivity label of the process equals the sensitivity label of the device--a policy called read equal. (The read down policy also includes read equal.)

The rule that applies when a process at one sensitivity label attempts to read or write a file at another sensitivity label is write up, read down (WURD). The rule that applies when a process at one sensitivity label attempts to write a directory at another sensitivity label is write equal, read down. The rule that applies when a process at one sensitivity label attempts to write a device at another sensitivity label is read equal, write equal.

Multilevel Directory

A directory in which information at differing sensitivity labels is maintained in separate subdirectories called single-level directories (SLDs), while appearing to most interfaces to be a single directory under a single name. In the Trusted Solaris environment, directories that are used by multiple standard applications to store files at varying labels, such as the /tmp directory, /var/spool/mail, and users' $HOME directories, are set up to be MLDs. A user working in an MLD sees only files at the sensitivity label of the user's process.

Permission Bits

A type of discretionary access control in which the owner specifies a set of bits to signify who can read, write, or execute a file or directory. Three different sets of permissions are assigned to each file or directory: one set for the owner; one set for all members of the group specified for the file or directory; and one set for all others. See also access control lists.

Privilege

A right granted to a process executing a command that allows the command or one or more of its options to bypass some aspect of security policy. A privilege is only granted by a site's security administrator after the command itself or the person using it has been judged to be able to use that privilege in a trustworthy manner.

Process

An action executing a command on behalf of the user who invokes the command, a process receives a number of security attributes from the user, including the user ID (UID), the group ID (GID), the supplementary group list, and the user's audit ID (AUID). Security attributes received by a process include any privileges available to the command being executed, the process clearance (which is set to be the same as the session clearance), and the sensitivity label of the current workspace. In a rights profile, a process label and clearance can be assigned to a command so that when the command runs, its process gets the clearance and label specified in the rights profile.

Process Clearance

Clearance assigned to a command in a rights profile, which becomes the clearance of the process executing the command.

Process Label

Label assigned to a command in a rights profile, which becomes the label of the process executing the command.

Profile Mechanism

A mechanism that allows site security administrators to bundle commands, CDE actions, and the security attributes associated with those commands and actions into a rights profile, which may then be assigned to one or more users depending on the tasks that they need to perform.

Rights Profile

A bundling mechanism for commands and CDE actions and for optional security attributes that may be assigned to the commands and CDE actions. Rights profiles allow Trusted Solaris administrators to control who can execute which commands and to control the attributes these commands have when they are executed. When a user logs in, all rights profiles assigned to that user are in effect, and the user has access to all the commands and CDE actions assigned in all of that user's profiles. Also called a right or profile.

Routing

When a Trusted Solaris host boots, it loads routing information so it can transmit data. If the file /etc/tsolgateways (which is maintained manually by the administrator) exists, then the gateways in the file serve as the host's defaults. If /etc/tsolgateways does not exist, then the host uses the default routes from the file /etc/defaultrouter, which is also maintained manually by the administrator. If either file exists, then the host is said to use static routing.

If neither the /etc/tsolgateways nor the /etc/defaultrouter file exists, then the host uses dynamic routing and must start a special daemon, either in.rdisc(1M) (the network router discovery daemon) if it is available, or in.routed(1M) (the network routing daemon) if in.rdisc is not available. If the host also serves as a gateway (that is, a host that connects to two or more networks), then both in.rdisc and in.routed are started.

At boot time, the tnrhdb and tnrhtp files (which reside in the /etc/security/tsol directory) are loaded into the kernel to enable hosts to communicate with the remote hosts needed at boot time, such as the NIS+ master or the gateway. By default, /etc/security/tsol/tnrhdb contains the entry 0.0.0.0:admin_low, indicating that the network is an unlabeled network that is trusted at the level of admin_low. Hosts of that template have no restriction on the label range that can be imported from or exported to them.

SLD

See single-level directory.

Security Administrator

In an organization where sensitive information must be protected, the person or persons who define and enforce the site's security policy and who are cleared to access all information being processed at the site. In the Trusted Solaris software environment, an administrative role that is assigned to one or more individuals who have the proper clearance and whose task is to configure the security attributes of all users and machines so that the software enforces the site's security policy.

Security Attribute

An attribute used in enforcing the Trusted Solaris security policy. Various sets of security attributes, from both the Solaris and the Trusted Solaris systems, are assigned to processes, users, files, directories, file systems, hosts on the trusted network, allocatable devices, and other entities. Security attributes for users from the Solaris system include the user ID (UID), audit ID (AUID), group ID (GID), supplementary group IDs (SGIDs). Security attributes for users from the Trusted Solaris environment include the clearance, minimum label (initial label), and any authorizations. An important Trusted Solaris security attribute for files is the CMW label, the sensitivity label portion of which is used in access decisions. A label range security attribute is assigned to file systems, to allocatable devices and to printers. A UID, GID, a label range, and one or more privileges may be associated with commands and CDE actions by security administrators in rights profiles. The mentioned security attributes and others are assigned to hosts in Trusted Network databases, which are used to control the security of communications in a Trusted Solaris distributed environment.

Security Policy

In the Trusted Solaris environment, the set of DAC and MAC rules that define how information may be accessed. At a customer site, the set of rules that define the sensitivity of the information being processed at that site and the measures that are used to protect the information from unauthorized access.

Sensitivity Label

A security label assigned to a file or directory or process, which is used to limit access based on the security level of the information contained therein.

Session Clearance

A clearance that is in effect only during a particular login session, this type of clearance is set by the user when starting a session. Each process started during a session has a process clearance equal to the session clearance. The session clearance may be set either to be the same as or lower than the user clearance.

Single-level Directory

A directory within an MLD containing files at only a single sensitivity label. When a user working at a particular sensitivity label changes into an MLD, the user's working directory actually changes to a single-label directory within the MLD, whose sensitivity label is the same as the sensitivity label at which the user is working.

System Accreditation Range

The set of all valid (well-formed) labels created according to the rules defined by each site's security administrator in the label_encodings file, plus the two administrative labels that are used in every Trusted Solaris environment, ADMIN_LOW and ADMIN_HIGH.

Strictly Dominate

When any type of label (sensitivity label or clearance) has a security level greater than the security level of another label to which it is being compared, the first label strictly dominates the second label. Strict dominance is dominance without equality, which occurs either when the classification of the first label is higher than that of the second label and the first label contains all the compartments in the second label or when the classifications of both labels are the same while the first label contains all the compartments in the second label plus one or more additional compartments.

Trusted Stripe

A region that cannot be spoofed along the bottom of the screen, which by default provides the following as visual feedback about the state of the window system: a trusted path indicator and the window sensitivity label. When sensitivity labels are configured to not be viewable for a user, then the type of label that is viewable is displayed and the other is not. When sensitivity labels are not configured to be displayed for a user, the trusted stripe is reduced to an icon that displays only the trusted path indicator.

Tunneling

It is possible to route secure data through clusters containing non-Trusted Solaris gateways. This procedure is called tunneling. A cluster is a contiguous set of either Trusted Solaris hosts and gateways only, or non-Trusted Solaris hosts and gateways only. An edge gateway is a gateway (Trusted Solaris or non-Trusted Solaris) that connects a cluster to a cluster of the opposite type.

To transmit data by a route through a non-Trusted Solaris cluster and a Trusted Solaris cluster, two conditions must be met:

All the gateways in the non-Trusted Solaris cluster must have the same security attributes.
If there is more than one possible route and the routes enter the non-Trusted Solaris cluster through the same edge gateway and can exit from the cluster through different edge gateways, then the emetric for these routes must be equal.

User Accreditation Range

The set of all possible labels at which any normal user may work on the system, as defined by each site's security administrator. The rules for well-formed labels that define the system accreditation range are additionally restricted by the values specified in the ACCREDITATION RANGE section of the site's label_encodings(4) file: the upper bound, the lower bound, the combination constraints and other restrictions.

User Clearance

The clearance assigned by the security administrator that sets the upper bound of the set of labels at which one particular user may work at any time. The user may decide to accept or further restrict that clearance during any particular login session, when setting the session clearance after login.

TRUSTED SOLARIS DIFFERENCES

The responsibilities and privileges of the super-user have been divided among several administrative roles. When a man page that has not been modified for the Trusted Solaris system states that super-user is required to execute a certain command or option, remember that one or more privileges are required instead.

The ability of the UNIX super-user to bypass access restrictions, to execute restricted commands, and to use some command options not available to other users has been replaced with the profile mechanism, which allows the security administrator to assign to various users different sets of commands and to assign different privileges to the commands using rights profiles. When a command or one of its options needs a privilege in order to succeed, that privilege is a required privilege; if the required privilege is not given to the command in a user's rights profile by the security administrator, the command won't work. Required privileges are indicated on the man page with the words "must have," as shown in this sentence: "The ifconfig(1M) command must have the sys_net_config privilege to modify network interfaces."

In other cases, when the command is designed to work within security policy and it fails when certain DAC or MAC checks are not passed, an override privilege may be assigned at the security administrator's discretion. On man pages, the names of privileges that may be used to override access restrictions are given in the ERRORS section. The override privileges that may be given to bypass DAC or MAC restrictions on files or directories are given below:

The DAC override privileges are file_dac_read and file_dac_write. If a user does not have DAC access to a file, the security administrator may assign one or both of these privileges to the command, depending on whether read or write access or both are desired. The MAC override privileges are file_mac_read and file_mac_write. If a user does not have MAC access to a file, the security administrator may assign one or both of these privileges to the command, depending on whether read or write access or both are desired.

Besides being able to assign an override privilege, the security administrator has other options. For example, to avoid the use of privilege the security administrator may specify that the command will execute with another user's ID (usually the root ID 0) or group ID, one that allows access to the file or directory based on its permissions or its ACL.

SUMMARY OF TRUSTED SOLARIS CHANGES

Besides the usual UNIX DAC checks performed when a process acting on behalf of a user attempts to access a file or directory, mandatory access checks also must be passed. For each possible type of access failure, a specific override privilege may be assigned to the command at the security administrator's discretion.

The printed Trusted Solaris 8 4/01 Reference Manual contains only the Trusted Solaris original and modified (from the Solaris environment) man pages. The online set of man pages viewed by the man command accesses all man pages; AnswerBook2^TM can access all man pages in the AnswerBook2 collections. The SEE ALSO man page heading is subdivided to help users of the printed manual locate a referenced man page.

Note -

When a SUMMARY OF TRUSTED SOLARIS CHANGES is provided on a modified man page, it is intended as a convenience to summarize for you the major changes all in one place. Do not rely on the SUMMARY OF TRUSTED SOLARIS CHANGES alone, but also read the entire man page.

ATTRIBUTES

See attributes(5) in the SunOS 5.8 Reference Manual for a discussion of the attributes listed in this section.

Trusted Solaris 8 4/01 Reference Manual

Trusted Solaris references are listed under this heading.

Trusted Solaris user's document set, Trusted Solaris Administration Overview, and the Trusted Solaris Administrator's Procedures manuals.

SunOS 5.8 Reference Manual

SunOS 5.8 and Solaris 8 references that are unchanged in the Trusted Solaris environment are listed under this heading.

getopts(1), wait(1), exit(2), getopt(3C), wait(3UCB), attributes(5)

Source Compatibility Guide

DIAGNOSTICS

Upon termination, each command returns two bytes of status, one supplied by the system and giving the cause for termination, and (in the case of "normal" termination) one supplied by the program [see wait(3UCB) and exit(2)]. The former byte is 0 for normal termination; the latter is customarily 0 for successful execution and non-zero to indicate troubles such as erroneous parameters, or bad or inaccessible data. It is called variously "exit code", "exit status", or "return code", and is described only where special conventions are involved.

WARNINGS

Some commands produce unexpected results when processing files containing null characters. These commands often treat text input lines as strings and therefore become confused upon encountering a null character (the string terminator) within a line.

Trusted Solaris 8 4/01 Last Revised 24 May 2001