Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

sesctl(1M)

idl(4)

trusted_path(6M)



sesctld(1M)              DG/UX B2 Security R4.12MU02             sesctld(1M)


NAME
       sesctld - Session Control server program

SYNOPSIS
       sesctld [ -d debuglvl ] [ -w 456

DESCRIPTION
       Sesctld runs as a system daemon and listens for requests for Trusted
       Path.  When users request Trusted Path service, this process provides
       that service.  This process is the TCB that user's notify when they
       request Trusted Path.

       Providing Trusted Path Service involves controlling access to the
       terminal.  For this reason, users that have the privilege to run
       multiple subsessions (and can assume roles) have a sesctld as their
       session leader and their initial shell is started as a subsession.
       This session leader sesctld is started by login(1) when the user
       session is created and it controls which subsession is allowed to
       access the user's terminal.

       When a user types the BREAK key for Trusted Path service, the system
       daemon sesctld forwards the request to a sesctld providing service
       for that line.  If such a sesctld does not exist, the system sesctld
       forks and the child handles the Trusted Path processing for that
       line.  The per line child will present the Trusted Path service as
       described in trusted_path(6M).  If a system daemon child or session
       leader sesctld already exists to supply the service, the system
       sesctld will forward the Trusted Path request to that process.

       The -d option controls debugging features of the sesctld.  Any non-
       zero value should not be used because it also allows users to invoke
       a shell from the Trusted Path menu; this shell will have all the
       privileges of the trusted path menu and should only be used when
       debugging Trusted Path.  If the -d switch is not specified, no output
       is produced.  A non-zero debuglvl (i.e. 1) causes debugging messages
       to be sent to the system log (see syslogd(1M)); the messages produced
       are expected to be different in each version of the product.  A value
       greater than 1 causes the children of sesctld to hang and wait for
       examination by a debugger.  This option is only useful in a debugging
       environment.

       The -w option specifies the warning time to give to users when the
       user input idle timeout or session lifetime timeout expires.  The
       timeout value is the number of seconds to wait; the default value is
       300 (6 minutes).

       The -q option tells sesctld to not write any messages involving
       subsession changes to the user terminals.  This maybe useful for user
       environments that don't expect to see such messages, but is
       discouraged.

       On systems that have Trusted Path, the inittab(4) file contains an
       entry to start the system sesctld.  If this process is not running,
       requests for Trusted Path will be lost.  Thus, the inittab file will
       tell init(1) to restart sesctld if it is ever terminated.  This
       process can not be restarted by an administrator as it must run with
       the privileges of a direct child of init and with a zero AUTHID.
       sesctld must be started by init(1M).

       When a user invokes Trusted Path, sesctld displays the Trusted Path
       banner.  This banner is defined in
       /etc/tcb/trstpth/trusted_path_banner.  The text following the banner
       is context sensitive as described in trusted_path(6).

       If no one has logged in on the terminal, sesctld will display the
       login banner found in /etc/tcb/trstpth/login_banner.  If the terminal
       is accessible by a background process and Trusted Path finds this
       situation, the terminal will display the
       /etc/tcb/trstpth/in_use_banner in addition to the login_banner. Note
       that these banners are only read when sesctld starts.

       Once the user is logged in, typing the Trusted Path Key sequence will
       present the Trusted Path Menu.  The Trusted Path menu is specified
       using idl(4).  The file /etc/tcb/trstpth/trstpth.menu contains the
       menu.  Menu entries generally invoke sesctl(1) to actually perform
       the actions.  The menu may be terminated and restarted by multiple
       requests from the user for Trusted Path service.  User level commands
       are only started from the menu by invoking sesctl(1) to create a new
       subsession for the command.

       Nothing executed from the Trusted Path menu can expect to exist for a
       long time because entering the Trusted Path key sequence while in the
       Trusted Path menu will terminate the existing menu and create another
       one.

       The Trusted Path mechanism creates files in the /etc/tcb/trstpth/
       directory.  Files other than those mentioned here should not be
       deleted or modified.  The system sesctld will create entries named
       trstpth_tpgm_pipe and trstpthdp in the /etc/tcb/trstpth/ directory;
       these are used internally by the sesctld and should not be
       manipulated.

FILES
       /etc/tcb/trstpth/trusted_path_banner
       /etc/tcb/trstpth/login_banner
       /etc/tcb/trstpth/in_use_banner
       /etc/tcb/trstpth/trstpth.menu
       /etc/tcb/trstpth/

SEE ALSO
       sesctl(1M), idl(4), trusted_path(6M).

NOTES
       There is only one banner and one menu for the entire system.  sesctld
       has no mechanism to present different banners or menus to different
       users, lines, or services.


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026