sysh, the system shell, is a modified version of the Bourne shell, sh(1). sysh is used to control the use of privileges in commands run from the rc scripts. sysh allows any command to be executed but consults profiles for the privileges, user ID (UID), group ID (GID), and sensitivity label (SL) with which the command is to be run.
Refer to the sh(1) man page for a complete usage description. The sysh command adds the setprof command.
To list profiles and privileges that are being used by any command in a profile shell, use the smprofile(1) command. See EXAMPLES on the smprofile page for examples of using smprofile list.
The setprof command is used to specify a profile other than the boot profile. A profile with a space in its name must be specified within single quotes. For example:
setprof 'custom boot'
Commands in sysh scripts must be specified in a profile only if they need to run with non-default attributes. The default attributes are:
label ADMIN_LOW clearance ADMIN_LOW uid 0 gid 0
See attributes(5) for descriptions of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
If sysh finds that a command needs privileges that sysh does not inherit, a warning message is printed and the command is run with no privileges.
These interfaces are uncommitted. Although they are not expected to change between minor releases of the Trusted Solaris environment, they may.