Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ ale(ADM) — OpenDesktop 1.1.1g

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

authcap(F)

rmuser(ADM)

ttyupd(ADM)

unretire(ADM)


     ALE(ADM)                             UNIX System V



     Name
          ale - locks and updates authentication files


     Syntax
          /tcb/bin/ale file program [ arguments ]


     Description
          ale allows the authentication administrator to execute shell
          scripts  that update authentication files while in multiuser
          mode.  The auth subsystem and  chown  kernel  authorizations
          are required to run ale.

          file is the absolute pathname of the authentication file  to
          be  locked  during  the  update.  program is the name of the
          shell script to perform the update, which must reside in the
          /tcb/lib/auth_scripts directory. arguments are the arguments
          to be passed to the script.

          ale participates in the TCB locking protocol  in  attempting
          to create a lockfile named file-t.  If it is successful, the
          shell script is executed by the Bourne  shell.   The  script
          can  then edit file, putting the results into file-t. If the
          script successfully completes its updates, it will exit with
          a  code  of  0.   This  signals  ale to unlock the file.  It
          renames file to file-o, file-t to file, and finally  removes
          file-o.   While  the  file-t  is  present,  no other utility
          observing the TCB locking protocol will update file.

          If the shell script cannot complete  the  update  it  should
          exit  with  a  code  of  1,  which  tells  ale a problem has
          occurred.  ale  then  displays  an  error  message,  removes
          file-t  and leaves file unchanged. If the shell script finds
          there is no updating to be done it should exit with  a  code
          of 2, and ale removes file-t and leaves file unchanged.

          To access  authentication  files,  ale  executes  the  shell
          scripts  with both real and effective group IDs set to auth,
          and the user IDs set to the real user ID  of  the  user  who
          called ale.


     Files
          /etc/auth/system/files       File Control database

          /etc/group                   Group file

          /tcb/files/auth/?/*          User Authentication database

          /etc/auth/*                  System Authentication database


     See Also
          authcap(F), rmuser(ADM), ttyupd(ADM), unretire(ADM)


     Diagnostics
          If ale detects an error, it displays  an  appropriate  error
          message  and  exits  with  code 1. Otherwise ale returns the
          exit status of program.


     Notes
          ale checks the permissions on the complete  paths  of  file,
          program  and  the File Control database itself against their
          entries in the File Control database.  If any  discrepancies
          are  found  an  appropriate  ``may  be compromised'' message
          (including the  pathname)  is  displayed  and  an  entry  is
          written  to  the audit trail. integrity(ADM) and fixmog(ADM)
          can be used to analyze and fix the problem.

          Care should be  taken  when  writing  scripts  which  update
          authentication  data.   If  files are incorrectly updated it
          could cause the system to refuse further logins.


     Value Added
          ale is an extension of AT&T System V provided by  the  Santa
          Cruz Operation.


     (printed 12/11/90)                                  ALE(ADM)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026