Press in sequence: the Ctrl+X, Ctrl+R keys.
tsh Command
The tsh command is a command interpreter that provides greater security than the Korn shell (the standard login shell). Generally, a user calls the tsh shell by pressing Ctrl+X, Ctrl+R, the secure attention key (SAK) sequence, after a login. The tsh shell also can be invoked by defining it as the login shell in the /etc/passwd file.
To use the SAK sequence to invoke the trusted shell, the terminal the user is using must have SAK enabled, and the user must be allowed to use the trusted path. See the Trusted Computing Base Overview in AIX 5L Version 5.2 System Management Guide: Operating System and Devices for information on enabling SAK on a terminal, and see the /etc/security/user file and the chuser command for information on allowing a user to access the trusted path.
To exit from the tsh shell, use any of the following commands: the logout command, shell command, su command. The logout command ends the login session, while the other commands execute the user's initial program and continue the login session.
The trusted shell differs from the Korn shell in the following ways:
logout | Exits the login session and terminates all processes. |
shell | Re-initializes the user's login session. The effect is the same as logging in to the system. |
su | Resets the effective ID to the user's identity on the system and executes another trusted shell. |
Access Control: This command should be a standard user program and have the trusted computing base attribute.
Files Accessed:
Mode | File |
---|---|
r | /etc/tsh_profile |
To invoke the trusted shell, press the Ctrl+X, Ctrl+R key sequence, the secure attention key (SAK).
/usr/bin/tsh | Contains the tsh command. |
/etc/tsh_profile | Contains initialization commands for the trusted shell. |
/etc/passwd | Contains basic user attributes. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/login.cfg | Contains configuration information. |
The chuser command, init command, ksh command, logout command, shell command, su command, tsm command.
See National Language Support Overview in AIX 5L Version 5.2 National Language Support Guide and Reference for more information about Single-Source Dual Object (SSDO) commands used during installation.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to the Security Administration in AIX 5L Version 5.2 Security Guide.
See Network Trusted Computing Base in AIX 5L Version 5.2 Security Guide for more information about the trusted path and enabling SAK on a terminal.