[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 5

tsh Command


Invokes the trusted shell.


Press in sequence: the Ctrl+X, Ctrl+R keys.

tsh Command


The tsh command is a command interpreter that provides greater security than the Korn shell (the standard login shell). Generally, a user calls the tsh shell by pressing Ctrl+X, Ctrl+R, the secure attention key (SAK) sequence, after a login. The tsh shell also can be invoked by defining it as the login shell in the /etc/passwd file.

To use the SAK sequence to invoke the trusted shell, the terminal the user is using must have SAK enabled, and the user must be allowed to use the trusted path. See the Trusted Computing Base Overview in AIX 5L Version 5.2 System Management Guide: Operating System and Devices for information on enabling SAK on a terminal, and see the /etc/security/user file and the chuser command for information on allowing a user to access the trusted path.

To exit from the tsh shell, use any of the following commands: the logout command, shell command, su command. The logout command ends the login session, while the other commands execute the user's initial program and continue the login session.

The trusted shell differs from the Korn shell in the following ways:


Access Control: This command should be a standard user program and have the trusted computing base attribute.

Files Accessed:

Mode File
r /etc/tsh_profile


To invoke the trusted shell, press the Ctrl+X, Ctrl+R key sequence, the secure attention key (SAK).


/usr/bin/tsh Contains the tsh command.
/etc/tsh_profile Contains initialization commands for the trusted shell.
/etc/passwd Contains basic user attributes.
/etc/security/user Contains the extended attributes of users.
/etc/security/login.cfg Contains configuration information.

Related Information

The chuser command, init command, ksh command, logout command, shell command, su command, tsm command.

See National Language Support Overview in AIX 5L Version 5.2 National Language Support Guide and Reference for more information about Single-Source Dual Object (SSDO) commands used during installation.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to the Security Administration in AIX 5L Version 5.2 Security Guide.

See Network Trusted Computing Base in AIX 5L Version 5.2 Security Guide for more information about the trusted path and enabling SAK on a terminal.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]