initcond(ADM)
initcond --
special security actions for init and getty
Syntax
/tcb/lib/initcond init user tty
/tcb/lib/initcond getty tty
Description
To save space in the
init(M)
and
getty(M)
programs, which are memory resident, the space-intensive
security actions are done in initcond
as a sub-process of these programs.
The init subcommand is run when the user logs off the
terminal line tty.
The terminal device name and user name are recorded in both the user
Protected Password database, and the system Terminal Control database.
The getty subcommand secures the terminal line tty for
subsequent logins by setting a restricted set of permissions and arranging for
any currently open connection to fail. The Device Assignments database is
consulted and all aliased special files referring to this physical or pseudo
terminal device are also secured.
Limitations
The argument tty must name a special device file in /dev.
The path /dev will be assumed if only the filename is given.
initcond will not run if a login UID is set.
Files
/tcb/files/auth-
Protected Password database
/tcb/files/initcondlog-
log file for init and getty events
/etc/auth/system/devassign-
Device Assignment database
/etc/auth/system/ttys-
Terminal Control database
See also
getdvagent(S-osr5),
getprtcent(S-osr5),
getprpwnam(S-osr5),
getty(M),
login(M),
setuid(S-osr5),
stopio(S-osr5)
``Maintaining system security'' in Managing system security
Standards conformance
initcond is not part of any currently supported standard; it is
an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005