initcond(ADM) 06 January 1993 initcond(ADM) Name initcond - special security actions for init and getty Syntax /tcb/lib/initcond init user tty /tcb/lib/initcond getty tty Description To save space in the init(M) and getty(M) programs, which are memory resident, the space-intensive security actions are done in initcond as a sub-process of these programs. The init subcommand is run when the user logs off the terminal line tty. The terminal device name and user name are recorded in both the user Pro- tected Password database, and the system Terminal Control database. The getty subcommand secures the terminal line tty for subsequent logins by setting a restricted set of permissions and arranging for any currently open connection to fail. The Device Assignments database is consulted and all aliased special files referring to this physical or pseudo terminal device are also secured. The sysadmsh(ADM) utility can be used to control which special files are aliased in this way. Files /tcb/files/auth Protected passwords database /tcb/files/initcondlog Log file for init and getty events /etc/auth/system/devassign Device Assignment database /etc/auth/system/ttys Terminal Control database See also getdvagent(S), getprtcent(S), getprpwnam(S), getty(M), login(M), setuid(S), stopio(S) and sysadmsh(ADM). ``Maintaining system security'' chapter of the System Administrator's Guide Notes The argument tty must name a special device file in /dev. The path /dev will be assumed if only the filename is given. initcond will not run if a login UID is set. Value added initcond is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.