initcond(ADM)


initcond -- special security actions for init and getty

Syntax

/tcb/lib/initcond init user tty

/tcb/lib/initcond getty tty

Description

To save space in the init(M) and getty(M) programs, which are memory resident, the space-intensive security actions are done in initcond as a sub-process of these programs.

The init subcommand is run when the user logs off the terminal line tty. The terminal device name and user name are recorded in both the user Protected Password database, and the system Terminal Control database.

The getty subcommand secures the terminal line tty for subsequent logins by setting a restricted set of permissions and arranging for any currently open connection to fail. The Device Assignments database is consulted and all aliased special files referring to this physical or pseudo terminal device are also secured.

Limitations

The argument tty must name a special device file in /dev. The path /dev will be assumed if only the filename is given.

initcond will not run if a login UID is set.

Files


/tcb/files/auth
Protected Password database

/tcb/files/initcondlog
log file for init and getty events

/etc/auth/system/devassign
Device Assignment database

/etc/auth/system/ttys
Terminal Control database

See also

getdvagent(S-osr5), getprtcent(S-osr5), getprpwnam(S-osr5), getty(M), login(M), setuid(S-osr5), stopio(S-osr5)

``Maintaining system security'' in Managing system security

Standards conformance

initcond is not part of any currently supported standard; it is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005