[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 5
tsm Command
Purpose
Provides terminal state management.
Syntax
tsm Port
Description
The tsm command invokes the terminal
state manager, which controls the ports used in the trusted path. The functions
are:
Trusted path management occurs in two phases:
login |
This phase is in effect if a user has not successfully logged in.
If the secure attention key (SAK) signal is detected, the system restarts
getty-login type processing. The next login puts the user into the trusted
state, if the port and the user support the trusted state. |
shell |
This phase occurs after successful user authentication. The command
functions according to the user's tpath attribute. The
following values are valid:
- on
- Provides standard trusted path management. When the secure attention
key (SAK) signal is detected, all processes that access the port, except the tsm process and its siblings (including the trusted shell),
are terminated the next time an attempt is made to access the port. The port
is reset to its initial state and is marked as trusted, and the trusted shell
command (the tsh command) is executed.
- notsh
- The user session terminates when the secure attention key (SAK) signal
is detected.
- always
- The user is not allowed off the trusted path. The user's shell will
always be the trusted shell, tsh.
- nosak
- The secure attention key (SAK) is disabled for the terminal, and the
user's initial program runs.
|
Security
Access Control: This command should grant execute (x)
permission to any user. The command should be setuid to the root user and
have the trusted computing base attribute.
Files Accessed:
Mode |
File |
r |
/etc/objrepos/CuAt |
r |
/usr/lib/objrepos/PdAt |
r |
/etc/security/login.cfg |
r |
/etc/security/user |
Examples
To provide terminal state management on tty0, add the following line to the /etc/inittab file:
tty0:2:respawn:/usr/sbin/tsm /dev/tty0
This initializes the port /dev/tty0 and sets up the characteristics of the port.
Files
Related Information
The getty command, init command, login command, logout command, setgroups command, shell command, su command, tsh command.
For more information about the identification and authentication
of users, discretionary access control, the trusted computing base, and auditing,
refer to the Security Administration in AIX 5L Version 5.2 Security Guide.
[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]