Sun and OracleChannel SunHow to BuyLog InDeutsch

Man Pages (1MTSOL): Maintenance and Administration Commands
  Suchtext Nur in diesem Buch
Suche Hilfe
Innerhalb
Nach weiteren Dokumenten suchen
Support-Ressourcen
 Dieses Buch im PDF-Format herunterladen

NAME

pfsh - Profile shell

SYNOPSIS

pfsh [ -acefhiknprstuvx ] [ argument. . . ]

AVAILABILITY

SUNWtsolu

DESCRIPTION

The profile shell is a modified version of the Bourne shell, sh(1). Based on the user's profiles, pfsh restricts the commands that can be executed. Based on the profile definitions, pfsh determines which privileges, user ID (UID ),and group ID (GID) to use in executing commands.

USAGE

Refer to the sh(1) man page for a complete usage description. pfsh adds the clist command.

Commands

clist [ -hpniu ]
Displays a list of the commands that are permitted for the user.
-h
Includes a hexadecimal list of the privileges assigned to each command in the command list.
-p
Includes a list of the privileges assigned to each command in the command list. The list is in text form.
-n
Includes a comma-separated decimal list of the privileges assigned to each command in the command list.
-i
Includes the UID and GID assigned to each command in the command list.
-u
Lists only those commands that are are unusable because the profile assigned privileges that pfsh did not inherit. (See WARNINGS .)

SEE ALSO

sh(1), tsolprof(4TSOL), tsoluser(4TSOL)

WARNINGS

pfsh must inherit privileges in order to run commands with those privileges. Privileges for a command that are defined in a profile may not be inherited when pfsh runs that command. If such a command is executed, a warning message is printed and the command is run with no privileges.
Profiles are searched in the order specified in the user's tsoluser entry. If the same command appears in more than one profile, pfsh uses the first entry whose label range includes the sensitivity label of the process.
When it is executed, pfsh builds the list of allowable commands by reading the user's profiles. If any changes are made to the profiles while pfsh is running, the changes will not take effect until the shell is restarted.

NOTES

These interfaces are uncommitted; although not expected to change between minor releases of Trusted Solaris systems, these interfaces may change.