tsh Command
Purpose
Invokes the trusted shell.
Syntax
Press in sequence: the Ctrl+X, Ctrl+R keys.
tsh Command
Description
The tsh command is a command interpreter that provides greater security than the Korn shell (the standard login shell). Generally, a user calls the tsh shell by pressing Ctrl+X, Ctrl+R, the secure attention key (SAK) sequence, after a login. The tsh shell also can be invoked by defining it as the login shell in the /etc/passwd file.
To use the SAK sequence to invoke the trusted shell, the terminal the user is using must have SAK enabled, and the user must be allowed to use the trusted path. See the Trusted Computing Base in Operating system and device management for information on enabling SAK on a terminal, and see the /etc/security/user file and the chuser command for information on allowing a user to access the trusted path.
To exit from the tsh shell, use any of the following commands: the logout command, shell command, su command. The logout command ends the login session, while the other commands execute the user's initial program and continue the login session.
The trusted shell differs from the Korn shell in the following ways:
- The function and alias definitions are not supported. Alias definitions are only supported in the /etc/tsh_profile file.
- The IFS and PATH environment variables cannot be redefined.
- Only trusted programs can be run from the tsh shell.
- The history mechanism is not supported.
- The only profile used is the /etc/tsh_profile file.
- The trusted shell has
the following built-in commands:
Item Description logout Exits the login session and terminates all processes. shell Re-initializes the user's login session. The effect is the same as logging in to the system. su Resets the effective ID to the user's identity on the system and executes another trusted shell.
Security
Access Control: This command should be a standard user program and have the trusted computing base attribute.
Files Accessed:
| Mode | File |
|---|---|
| r | /etc/tsh_profile |
Examples
To invoke the trusted shell, press the Ctrl+X, Ctrl+R key sequence, the secure attention key (SAK).
Files
| Item | Description |
|---|---|
| /usr/bin/tsh | Contains the tsh command. |
| /etc/tsh_profile | Contains initialization commands for the trusted shell. |
| /etc/passwd | Contains basic user attributes. |
| /etc/security/user | Contains the extended attributes of users. |
| /etc/security/login.cfg | Contains configuration information. |