Executes a shell with the user's default credentials and environment.
The shell command re-initializes a user's login session. When the command is given, the port characteristics of the process's controlling terminal are reset and all access to the port is revoked. The shell command then resets the process credentials and environment to the defaults established for the user and executes the user's initial program. All credentials and environment are established according to the login user ID of the invoking process.
If the shell command is invoked on the trusted path and the user's tpath attribute in the /etc/security/user file does not have a value of always, the trusted environment of the terminal is not maintained.
Note: The shell command does not reset the login ID of the user.
Access Control: The command should be setuid to the root user to reset the user's process credentials, and grant execute (x) access to all users. The command should have the trusted computing base attribute.
To re-initialize your session to your default credentials and environment after using the trusted shell (tsh), enter:
|/usr/bin/shell||Contains the shell command.|
|/etc/security/user||Contains the extended attributes of users.|
|/etc/passwd||Contains user IDs.|
|/etc/group||Contains group IDs.|
|/etc/security/audit/config||Contains the audit configuration information.|
|/etc/security/environ||Defines the environment attributes for users.|
|/etc/security/limits||Defines process resource limits for each user.|
The getty command, init command, login command, logout command, setgroups command, su command, tsh command, tsm command.
For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Security Administration in AIX 5L Version 5.1 System Management Concepts: Operating System and Devices.