Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ ale(ADM) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

authcap(F)

rmuser(ADM)

ttyupd(ADM)

unretire(ADM)


 ale(ADM)                        19 June 1992                        ale(ADM)


 Name

    ale - lock and update authentication files

 Syntax

    /tcb/bin/ale file program [ arguments ]

 Description

    ale allows the authentication administrator to execute shell scripts that
    update authentication files while in multiuser mode.  The auth subsystem
    and chown kernel authorizations are required to run ale.

    file is the absolute pathname of the authentication file to be locked
    during the update. program is the name of the shell script to perform the
    update, which must reside in the /tcb/lib/auth_scripts directory. argu-
    ments are the arguments to be passed to the script.

    ale participates in the TCB locking protocol in attempting to create a
    lockfile named file-t.  If it is successful, the shell script is executed
    by the Bourne shell.  The script can then edit file, putting the results
    into file-t. If the script successfully completes its updates, it will
    exit with a code of 0.  This signals ale to unlock the file.  It renames
    file to file-o, file-t to file, and finally removes file-o.  While the
    file-t is present, no other utility observing the TCB locking protocol
    will update file.

    If the shell script cannot complete the update it should exit with a code
    of 1, which tells ale a problem has occurred.  ale then displays an error
    message, removes file-t and leaves file unchanged.  If the shell script
    finds there is no updating to be done it should exit with a code of 2,
    and ale removes file-t and leaves file unchanged.

    To access authentication files, ale executes the shell scripts with both
    real and effective group IDs set to auth, and the user IDs set to the
    real user ID of the user who called ale.

 Files

    /etc/auth/system/files              File Control database
    /etc/group                          Group file
    /tcb/files/auth/?/*                 User Authentication database
    /etc/auth/*                         System Authentication database

 See also

    authcap(F), rmuser(ADM), ttyupd(ADM), unretire(ADM)

 Diagnostics

    If ale detects an error, it displays an appropriate error message and
    exits with code 1. Otherwise ale returns the exit status of program.

 Notes

    ale checks the permissions on the complete paths of file, program and the
    File Control database itself against their entries in the File Control
    database.  If any discrepancies are found an appropriate ``may be
    compromised'' message (including the pathname) is displayed and an entry
    is written to the audit trail. integrity(ADM) and fixmog ADM can be used
    to analyze and fix the problem.

    Care should be taken when writing scripts which update authentication
    data.  If files are incorrectly updated it could cause the system to
    refuse further logins.

 Value added

    ale is an extension of AT&T System V provided by The Santa Cruz Opera-
    tion, Inc.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026