Invokes the trusted shell.
Press in sequence: the Ctrl+X, Ctrl+R keys.
tsh Command
The tsh command is a command interpreter that provides greater security than the Korn shell (the standard login shell). Generally, a user calls the tsh shell by pressing Ctrl+X, Ctrl+R, the secure attention key (SAK) sequence, after a login. The tsh shell also can be invoked by defining it as the login shell in the /etc/passwd file.
To use the SAK sequence to invoke the trusted shell, the terminal the user is using must have SAK enabled, and the user must be allowed to use the trusted path. See the Trusted Computing Base in AIX® Version 7.1 Operating system and device management for information on enabling SAK on a terminal, and see the /etc/security/user file and the chuser command for information on allowing a user to access the trusted path.
To exit from the tsh shell, use any of the following commands: the logout command, shell command, su command. The logout command ends the login session, while the other commands execute the user's initial program and continue the login session.
The trusted shell differs from the Korn shell in the following ways:
Item | Description |
---|---|
logout | Exits the login session and terminates all processes. |
shell | Re-initializes the user's login session. The effect is the same as logging in to the system. |
su | Resets the effective ID to the user's identity on the system and executes another trusted shell. |
Access Control: This command should be a standard user program and have the trusted computing base attribute.
Files Accessed:
Mode | File |
---|---|
r | /etc/tsh_profile |
To invoke the trusted shell, press the Ctrl+X, Ctrl+R key sequence, the secure attention key (SAK).
Item | Description |
---|---|
/usr/bin/tsh | Contains the tsh command. |
/etc/tsh_profile | Contains initialization commands for the trusted shell. |
/etc/passwd | Contains basic user attributes. |
/etc/security/user | Contains the extended attributes of users. |
/etc/security/login.cfg | Contains configuration information. |