[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 5

shell Command

Purpose

Executes a shell with the user's default credentials and environment.

Syntax

shell

Description

The shell command re-initializes a user's login session. When the command is given, the port characteristics of the process's controlling terminal are reset and all access to the port is revoked. The shell command then resets the process credentials and environment to the defaults established for the user and executes the user's initial program. All credentials and environment are established according to the login user ID of the invoking process.

If the shell command is invoked on the trusted path and the user's tpath attribute in the /etc/security/user file does not have a value of always, the trusted environment of the terminal is not maintained.

Note: The shell command does not reset the login ID of the user.

Security

Access Control: The command should be setuid to the root user to reset the user's process credentials, and grant execute (x) access to all users. The command should have the trusted computing base attribute.

Files Accessed:

Mode File
r /etc/passwd
r /etc/group
r /etc/security/audit/config
r /etc/security/environ
r /etc/security/limits
r /etc/security/user

Auditing Events:

Event Information
USER_Shell portname

Examples

To re-initialize your session to your default credentials and environment after using the trusted shell (tsh), enter:

shell

Files

/usr/bin/shell Contains the shell command.
/etc/security/user Contains the extended attributes of users.
/etc/passwd Contains user IDs.
/etc/group Contains group IDs.
/etc/security/audit/config Contains the audit configuration information.
/etc/security/environ Defines the environment attributes for users.
/etc/security/limits Defines process resource limits for each user.

Related Information

The getty command, init command, login command, logout command, setgroups command, su command, tsh command, tsm command.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX 5L Version 5.2 Security Guide.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]