Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ secswitch(8) — OSF/1 X2.0-8 MIPS

Media Vault

Software Library

Restoration Projects

Artifacts Sought

secswitch(8)  —  Maintenance

Security_Related

NAME

secswitch − switch security mode

SYNOPSIS

/tcb/bin/secswitch [−enable | −disable | −quiet | −test]

DESCRIPTION

The secswitch command by default prints the status of the security flag in the kernel. It is also used to enable or disable the security code.  If the −quiet flag is used the status printout is suppressed.  This command is first run by /sbin/init through the /tcb/files/spdinitrc shell script, to set/reset the state of the security flag. 

When the −enable flag is set, this command is used to set the internal value of the Security-Privileged-Group-id to the effective group-id of the secswitch command. 

When the −test flag is specified, the command looks for the group ’sec’ in the file /etc/group. It then compares its effective group-id against the ’sec’-gid. If there is a mismatch the command promptly creates the file /etc/nologin. This will prohibit all user logins into the system, hence forcing the system administrator to resolve the system security fault. The /etc/nologin file provides information about what needs to be fixed on the system. 

FLAGS

−enable
Enables Security code in the kernel.

−disable
Disables Security code in the kernel.

−quietReports the status of the security flag as exit status. 

−testTests the Security-Privileged-Group-id for correctness. 

RESTRICTIONS

The security mode can only be enabled or disabled at boot-time by /sbin/init. 

RETURN VALUES

If either −enable or −disable is specified, a 0 exit status indicates success, otherwise a 1 is returned and an error message is printed. 

When −quiet is specified, a 0 indicates security is OFF, and a 1 indicates security is ON. (These return values apply for the default print-status mode also, ie when no arguments are specified)

For the −test case, a 0 indicates all is well. A 1 is returned if the /etc/nologin file had to be created. 

FILES

/tcb/bin/secswitch

/tcb/files/spdinitrc

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026