샤브의 블로그 RSS 태그 관리 글쓰기 방명록
pfsh (1)
Device & Language/Solaris 10/ pfsh, clist- Profile shell
2010-09-05 00:42:08

NAME

    pfsh, clist- Profile shell

SYNOPSIS

    pfsh [-acefhiknprstuvx] [argument...]

DESCRIPTION

    The profile shell is a modified version of the Bourne shell, sh(1) . Based on the user's profiles, pfsh restricts the commands that can be executed. Based on the profile definitions, pfsh determines which privileges, user ID (UID), and group ID (GID) to use in executing commands.

    Usage

      Refer to the sh(1) man page for a complete usage description. pfsh adds the clist command.

    Commands

      clist [ --hpniu ]

      Displays a list of the commands that are permitted for the user.

      -h

      Includes a hexadecimal list of the privileges assigned to each command in the command list.

      -p

      Includes a list of the privileges assigned to each command in the command list. The list is in text form.

      -n

      Includes a comma-separated decimal list of the privileges assigned to each command in the command list.

      -i

      Includes the UID and GID assigned to each command in the command list.

      -u

      Lists only those commands that are are unusable because the profile assigned privileges that pfsh did not inherit. (See WARNINGS .)

ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPE ATTRIBUTE VALUE
    Availability SUNWtsu

SEE ALSO

WARNINGS

    pfsh must inherit privileges in order to run commands with those privileges. Privileges for a command that are defined in a profile may not be inherited when pfsh runs that command. If such a command is executed, a warning message is printed and the command is run with no privileges.

    Profiles are searched in the order specified in the user's tsoluser entry. If the same command appears in more than one profile, pfsh uses the first entry whose label range includes the sensitivity label of the process.

    When it is executed, pfsh builds the list of allowable commands by reading the user's profiles. If any changes are made to the profiles while pfsh is running, the changes will not take effect until the shell is restarted.

NOTES

    These interfaces are uncommitted. Although they are not expected to change between minor releases of the Trusted Solaris environment, they may.


저작자표시 비영리 변경금지

'Device & Language > Solaris 10' 카테고리의 다른 글

sh, jsh- standard and job control shell and command interpreter  (0) 2010.09.05
ksh, rksh- KornShell, a standard/restricted command and programming language  (0) 2010.09.05
zoneadmd– zone administration daemon  (0) 2010.09.05
zonecfg– set up zone configuration  (0) 2010.09.05
zpool– configures ZFS storage pools  (0) 2010.09.05


티스토리툴바