Executes a shell with the user's default credentials and environment.
shell
The shell command re-initializes a user's login session. When the command is given, the port characteristics of the process's controlling terminal are reset and all access to the port is revoked. The shell command then resets the process credentials and environment to the defaults established for the user and executes the user's initial program. All credentials and environment are established according to the login user ID of the invoking process.
If the shell command is invoked on the trusted path and the user's tpath attribute in the /etc/security/user file does not have a value of always, the trusted environment of the terminal is not maintained.
Note: The shell command does not reset the login ID of the user.
Access Control: The command should be setuid to the root user to reset the user's process credentials, and grant execute (x) access to all users. The command should have the trusted computing base attribute.
Files Accessed:
| Mode | File |
|---|---|
| r | /etc/passwd |
| r | /etc/group |
| r | /etc/security/audit/config |
| r | /etc/security/environ |
| r | /etc/security/limits |
| r | /etc/security/user |
Auditing Events:
| Event | Information |
|---|---|
| USER_Shell | portname |
To re-initialize your session to your default credentials and environment after using the trusted shell (tsh), enter:
shell| Item | Description |
|---|---|
| /usr/bin/shell | Contains the shell command. |
| /etc/security/user | Contains the extended attributes of users. |
| /etc/passwd | Contains user IDs. |
| /etc/group | Contains group IDs. |
| /etc/security/audit/config | Contains the audit configuration information. |
| /etc/security/environ | Defines the environment attributes for users. |
| /etc/security/limits | Defines process resource limits for each user. |