[ Previous | Next | Table of Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 5
Provides terminal state
management.
tsm Port
The tsm command invokes
the terminal state manager, which controls the ports used in the trusted
path. The functions are:
- Establishing line
communication modes and discipline - functions performed by the
getty command.
- Verifying the user's
account and identity, and setting the initial process credentials and
environment - functions performed by the login command.
- Performing trusted path
management if the secure attention key (SAK) is enabled for the port and the
system login program is used.
Note: The tsm command is not entered on the
command line.
Trusted path management occurs in
two phases:
| login
| This phase is in effect if a user has not successfully logged in.
If the secure attention key (SAK) signal is detected, the system restarts
getty-login type processing. The next login puts the user into the
trusted state, if the port and the user support the trusted state.
|
| shell
| This phase occurs after successful user authentication. The
command functions according to the user's tpath
attribute. The following are valid:
- on
- Provides standard trusted path management. When the secure
attention key (SAK) signal is detected, all processes that access the port,
except the tsm process and its siblings (including the trusted
shell), are terminated the next time an attempt is made to access the
port. The port is reset to its initial state and is marked as trusted,
and the trusted shell command (the tsh command) is executed.
- notsh
- The user session terminates when the secure attention key (SAK) signal is
detected.
- always
- The user is not allowed off the trusted path. The user's shell
will always be the trusted shell, tsh.
- nosak
- The secure attention key (SAK) is disabled for the terminal, and the
user's initial program runs.
|
Access Control: This command
should grant execute (x) permission to any user. The command should be
setuid to the root user and have the trusted computing base
attribute.
Files Accessed:
| Mode
| File
|
| r
| /etc/objrepos/CuAt
|
| r
| /usr/lib/objrepos/PdAt
|
| r
| /etc/security/login.cfg
|
| r
| /etc/security/user
|
To provide terminal state
management on tty0, add the following line to the
/etc/inittab file:
tty0:2:respawn:/usr/sbin/tsm /dev/tty0
This initializes the port
/dev/tty0 and sets up the characteristics of the port.
The getty command, init command, login command, logout command, setgroups command, shell command, su command, tsh command.
For more information about the
identification and authentication of users, discretionary access control, the
trusted computing base, and auditing, refer to the Security
Administration in AIX 5L Version 5.1 System Management
Concepts: Operating System and Devices.
[ Previous | Next | Table of Contents | Index |
Library Home |
Legal |
Search ]