s_cmd
Purpose
Contains the command table for the trusted shell.
Description
The file /etc/security/s_cmd is a table file (see "tbl"),
and it drives the trusted shell.
Each entry in the command table, s_cmd, has the following
format:
command:type:explanation:path:menus
which represents a command and its attributes, and has
five colon-separated fields:
command Specifies the command name to be placed on
a tsh menu.
type Specifies one of the following types of
commands:
p pathname command, such as
/bin/passwd.
b built-in command, such as cd.
s state transition to an administrative
state. This type of command is
reserved.
c control characters, like Ctrl-D.
explanation Contains an explanation of the command for
a tsh menu.
path Contains a location, based on the value of
the type field, as follows:
o when type is p, specifies the absolute
pathname of command program.
o when type is b, specifies the prede-
fined built-in command name.
o when type is s, specifies the absolute
pathname to check execute access.
o when type is c,
menus A nonempty sublist of [tsh|.
The trusted shell has two states: ordinary and adminis-
trative. Entries with tsh in the menus field appear in
the menu of the ordinary state of the trusted shell,
whereas entries with administrative group g in the menus
field appear in the menu of the g-administrative state of
the trusted shell.
When the command type is a pathname (p), then the trusted
shell executes the pathname when a user selects it. When
the command type is a built-in (b), then the trusted
shell internally executes the command when a user selects
it. When the command type is a state transition (s),
then the trusted shell includes it as a menu item if the
user has execute access to the pathname. When the
command type is one or more control characters (c), then
the trusted shell lists the item on the specified menus
but lets an existing mechanism handle the control charac-
ters.
A user with superuser authority can customize the trusted
shell by editing the command table. This table must
contain only trusted commands that have undergone proper
design, testing, and certification scrutiny for security.
Among other things, a trusted command cannot invoke a
nontrusted command. (Both the sh and csh commands are
untrusted.) The trusted shell, if invoked through the
secure attention key, provides a trusted communication
path between the user and the trusted computing base
(TCB). Since the security of the trusted shell depends
on the security of each command it invokes, the command
table must contain only trusted commands.
Examples
Here are some examples of command table entries:
?:b:print this help menu:?:tsh
cd:b:change the current directory:cd:tsh
passwd:p:change password:/bin/passwd:tsh
Ctrl-d:c:(Ctrl-d) leave tsh, execute my login shell::tsh
Files
/etc/security/s_cmd
/bin/tsh
Related Information
The tsh command in the AIX Operating System Commands Ref-
erence.