[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 5

setsenv Command


Resets the protected state environment of a user.


setsenv [ - ] NewEnvironment


The setsenv command resets your protected state environment while you are logged in. The protected state environment is defined as a set of variables. These variables are kept in the kernel and can be modified only by a SETUINFO system call. The setsenv command uses the variables specified by the NewEnvironment parameter. This parameter consists of EnvironmentVariable=Value definitions separated by a blank space. For information on environment variables, see environment File.

You cannot reset the following environment variables with the setsenv command:

NAME Your last authenticated user name. This corresponds to the real user ID of the current process.
TTY The name of the terminal on which you logged in. This corresponds to the initial controlling terminal for the process. This variable cannot be set for processes initiated without a full login. A full login is a login initiated by the getty command.
LOGNAME The name under which you logged in, if the current session was started from a terminal login program. If the session was not started from a terminal, this variable is not set.

If you enter the setsenv command without any defined variables, it displays the current protected state. The setsenv command does not change the security characteristics of the controlling terminal.

When you run the setsenv command, it replaces your current shell and gives you a new one. The command replaces your shell regardless of whether it completed successfully or not. For this reason, the command does not return error codes.


- Reinitializes the environment as if the user had just logged in to the system. Otherwise, the environment is not changed.


Access Control: This command should be a standard user program. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Files Accessed:

Mode File
r /etc/environment
r /etc/security/environ

Auditing Events:

Event Information
USER_SetEnv new environment string


  1. To display the current environment variables, enter:

  2. To add the PSEUDO=tom protected environment variable, enter:

    setsenv PSEUDO=tom 

    This example sets a user name for the PSEUDO protected environment variable.


/usr/bin/setsenv Specifies the path to the setsenv command.
/etc/environment Contains environment information for each user.
/etc/security/environ Contains privileged environment information for each user.

Related Information

The login command, setgroups command, su command, tsm command.

The getuinfo subroutine, setpenv subroutine, usrinfo subroutine.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Standalone System Security in AIX 5L Version 5.2 Security Guide.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]