Reference information for Sysctl includes the following:
To access online help on built-in Sysctl commands, enter:
sysctl help command-name
For example, to access help on the setauth command, enter:
sysctl help setauth
Table 5 shows the commands available in the Tcl language interpreter
and the Sysctl base authorizations required to use them.
Table 5. Built-in Tcl commands and their default authorization callbacks
| append (AUTH) | array (AUTH) | break (AUTH) | case (AUTH) |
| catch (AUTH) | cd (ACL) | close (ACL) | concat (AUTH) |
| continue (AUTH) | eof (ACL) | error (AUTH) | eval (ACL) |
| exec (ACL) | exit (AUTH) | expr (AUTH) | file (ACL) |
| flush (ACL) | for (ACL) | foreach (ACL) | format (AUTH) |
| gets (ACL) | glob (ACL) | global (AUTH) | history (AUTH) |
| if (AUTH) | incr (AUTH) | info (ACL) | join (AUTH) |
| lappend (AUTH) | lindex (AUTH) | linsert (AUTH) | list (AUTH) |
| llength (AUTH) | lrange (AUTH) | lreplace (AUTH) | lsearch (AUTH) |
| lsort (AUTH) | open (ACL) | pid (ACL) | proc (SYSTEM) |
| puts (ACL) | pwd (ACL) | read (ACL) | regexp (AUTH) |
| regsub (AUTH) | rename (SYSTEM) | return (NONE) | scan (AUTH) |
| seek (ACL) | set (AUTH) | source (SYSTEM) | split (AUTH) |
| string (AUTH) | switch (AUTH) | tell (ACL) | time (ACL) |
| trace (ACL) | unset (AUTH) | uplevel (SYSTEM) | upvar (ACL) |
| while (ACL) |
Table 6 shows the commands available in the TclX language
interpreter and the Sysctl base authorizations required to use them.
Table 6. Built-in extended Tcl commands and their default authorization callbacks
| alarm (ACL) | bsearch (ACL) | catclose (ACL) | catgets (ACL) |
| catopen (ACL) | cequal (AUTH) | cexpand (AUTH) | chgrp (ACL) |
| chmod (ACL) | chown (ACL) | chroot (SYSTEM) | cindex (AUTH) |
| clength (AUTH) | cmdtrace (ACL) | commandloop (ACL) | convertclock (AUTH) |
| copyfile (ACL) | crange (AUTH) | csubstr (AUTH) | ctoken (AUTH) |
| ctype (AUTH) | dup (ACL) | echo (AUTH) | execl (ACL) |
| fcntl (ACL) | flock (ACL) | fmtclock (AUTH) | fork (ACL) |
| frename (ACL) | fstat (ACL) | funlock (ACL) | getclock (AUTH) |
| id (ACL) | infox (ACL) | keyldel (AUTH) | keylget (AUTH) |
| keylkeys (AUTH) | keylset (AUTH) | kill (ACL) | lassign (AUTH) |
| lempty (ACL) | lgets (ACL) | link (ACL) | lmatch (AUTH) |
| loop (ACL) | lvarcat (AUTH) | lvarpop (AUTH) | lvarpush (AUTH) |
| max (ACL) | min (ACL) | mkdir (ACL) | nice (ACL) |
| pipe (ACL) | profile (ACL) | random (AUTH) | readdir (ACL) |
| replicate (AUTH) | rmdir (ACL) | scancontext (ACL) | scanfile (ACL) |
| scanmatch (ACL) | select (ACL) | server_open (ACL) | signal (ACL) |
| sleep (ACL) | sync (ACL) | system (ACL) | times (ACL) |
| translit (AUTH) | umask (ACL) | unlink (ACL) | wait (ACL) |
The following Sysctl commands are provided:
Table 7. ACL processing commands
| ACL processing commands | Default auth | Description |
|---|---|---|
| acladd | ACL | Adds entries to an ACL file. If a filename is not specified, the entry is added to the server's ACL file. |
| aclcheck | ACL | Checks to see if a principal is in an ACL file. Returns 1 if in ACL, 0 if not in ACL. If no filename is specified, Sysctl looks in the server's ACL file. |
| aclcreate | ACL | Creates a new ACL file, inserting the principals specified. The -f parameter must be supplied. |
| acldelete | ACL | Deletes an ACL from a file. |
| acldestroy | ACL | Erases an ACL file. |
| acllist | NONE | Lists the ACLs in a file. If no file is specified, the server's ACL file is listed. |
| aclrecreate | ACL | Similar to aclcreate, but removes the target ACL file if it already exists before creating it again. |
| Service commands | Default auth | Description |
|---|---|---|
| svcconnect | AUTH | Determines the connection authorization policy for the sysctld server. |
| svcdetach | ACL | Detaches the current process from the calling client; that is, breaks the connection between server and client. Use to start a background daemon. |
| svclog string | ACL | Writes the string to the server log file. |
| svclogevent | SYSTEM | Writes a line to the server log file indicating a user has connected to the server. |
| svcpid | NONE | Prints the process ID of the sysctld server daemon. |
| svcredirect handle | ACL | Redirects the stdout and stderr for the current session to a new file. |
| svcrestart | ACL | Restarts the server, causing configuration files to be reread and interpreters to be reinitialized. Use to activate changes to Sysctl servers. |
| svcversion | NONE | Returns the Sysctl version number. |
| Other commands | Default auth | Description |
|---|---|---|
| ACL | NONE | A supplied authorization callback. |
| AUTH | NONE | A supplied authorization callback. |
| NONE | NONE | A supplied authorization callback. |
| SYSTEM | NONE | A supplied authorization callback. |
| checkauth | NONE | Determines if you are authorized to access an object. |
| confadd | ACL | Adds items to a server's configuration file. |
| confdelete | ACL | Removes items from a server's configuration file. |
| create | SYSTEM | Creates new objects in the server. |
| getauth | NONE | Displays the authorization callbacks for an object. |
| include | SYSTEM | Includes additional configuration files. |
| listfs | ACL | Lists file system names. |
| load | SYSTEM | Dynamically load a shared library into the server and call an initialization routine within the library. |
| quit | NONE | Ends the current session. |
| safeargs arg-list | ACL | Checks arguments for illegal shell characters. Does not execute the command. |
| safeexec commands ... | ACL | Runs the Tcl exec or system command, checking arguments for illegal shell characters and preventing execution if any are found. |
| safesystem | ACL | Runs the Tcl exec or system command, checking arguments for illegal shell characters and preventing execution if any are found. |
| setauth | SYSTEM | Sets the authorization callback for an object. |
| statfs | ACL | Queries the status of all local file systems. |
| unload | SYSTEM | Unloads a previously loaded shared library. |
| whatacls | NONE | Lists ACL objects when using DCE authentication. |
| whoami | NONE | Echoes the authenticated identity of the issuer or unknown if the user is not authenticated. |