INITCOND(ADM) UNIX System V
Name
initcond - special security actions for init and getty
Syntax
/tcb/lib/initcond [ init | getty ] [ args ... ]
Description
To save space in the init(M) and getty(M) programs, which
are memory resident, the space intensive security actions
are done in initcond as a sub-process of these programs.
If the argument is init, one of two actions may occur.
First, no argument means that initcond should prompt for and
verify a single user password if required by the System
Default database. This is used for password checking before
a single user shell. Second, if two other arguments are
supplied, they are the terminal device name and the user
name respectively of the session that just terminated. This
information is reflected in both the Protected Password and
Terminal Control databases.
If the argument is getty, and one additional argument is
provided, it is the terminal to be invalidated before a
login. initcond invalidates a terminal by setting a
restricted set of permissions on the terminal device and by
using stopio(S) to invalidate all open file descriptors that
reference the terminal. These include synonym devices for
the same physical device as listed in the device assignment
database.
Files
/tcb/files/initcondlog - Log file for init and getty events
/etc/auth/system/ttys - Terminal Control database
/etc/auth/system/devassign - Device Assignment database
See Also
getprtcent(S), stopio(S), getdvagent(S), ``Maintaining
System Security,'' chapter of the System Administrator's
Guide
Value Added
initcond is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 8/23/89) INITCOND(ADM)