ALE(ADM) UNIX System V
Name
ale - locks and updates authentication files
Syntax
/tcb/bin/ale file program [ arguments ]
Description
ale allows the authentication administrator to execute shell
scripts that update authentication files while in multiuser
mode. The auth subsystem and chown kernel authorizations
are required to run ale.
file is the absolute pathname of the authentication file to
be locked during the update. program is the name of the
shell script to perform the update, which must reside in the
/tcb/lib/auth_scripts directory. arguments are the arguments
to be passed to the script.
ale participates in the TCB locking protocol in attempting
to create a lockfile named file-t. If it is successful, the
shell script is executed by the Bourne shell. The script
can then edit file, putting the results into file-t. If the
script successfully completes its updates, it will exit with
a code of 0. This signals ale to unlock the file. It
renames file to file-o, file-t to file, and finally removes
file-o. While the file-t is present, no other utility
observing the TCB locking protocol will update file.
If the shell script cannot complete the update it should
exit with a code of 1, which tells ale a problem has
occurred. ale then displays an error message, removes
file-t and leaves file unchanged. If the shell script finds
there is no updating to be done it should exit with a code
of 2, and ale removes file-t and leaves file unchanged.
To access authentication files, ale executes the shell
scripts with both real and effective group IDs set to auth,
and the user IDs set to the real user ID of the user who
called ale.
Files
/etc/auth/system/files File Control database
/etc/group Group file
/tcb/files/auth/?/* User Authentication database
/etc/auth/* System Authentication database
See Also
authcap(F), rmuser(ADM), ttyupd(ADM), unretire(ADM)
Diagnostics
If ale detects an error, it displays an appropriate error
message and exits with code 1. Otherwise ale returns the
exit status of program.
Notes
ale checks the permissions on the complete paths of file,
program and the File Control database itself against their
entries in the File Control database. If any discrepancies
are found an appropriate ``may be compromised'' message
(including the pathname) is displayed and an entry is
written to the audit trail. integrity(ADM) and fixmog(ADM)
can be used to analyze and fix the problem.
Care should be taken when writing scripts which update
authentication data. If files are incorrectly updated it
could cause the system to refuse further logins.
Value Added
ale is an extension of AT&T System V provided by the Santa
Cruz Operation.
(printed 12/11/90) ALE(ADM)