lock and update authentication files
file program [ arguments ]
ale allows the authentication administrator to execute
shell scripts that update authentication files while in multiuser mode.
The auth subsystem and chown kernel privileges are
required to run ale.
file is the absolute pathname of the authentication file to be
locked during the update. program is the name of the shell
script to perform the update, which must reside in the
/tcb/lib/auth_scripts directory. arguments are the
arguments to be passed to the script.
ale participates in the TCB locking protocol
in attempting to create a lockfile named file-t.
If it is successful, the shell script is executed by the Bourne shell.
The script can then edit file, putting the results into
If the script successfully completes its updates, it will exit with a
code of 0. This signals ale to unlock the file. It renames
file to file-o, file-t
to file, and finally removes file-o.
While the file-t is present, no other utility
observing the TCB locking protocol will update file.
If the shell script cannot complete the update it should exit with a
code of 1, which tells ale a problem has occurred. ale
then displays an error message, removes file-t
and leaves file unchanged.
If the shell script finds there is no updating to be
done it should exit with a code of 2, and ale
removes file-t and leaves file unchanged.
To access authentication files, ale executes the shell scripts
with both real and effective group IDs set to auth,
and the user IDs set to the real user ID of the user
who called ale.
If ale detects an error, it displays an appropriate error message
and exits with code 1. Otherwise ale returns the exit status of
Care should be taken when writing scripts which update authentication data.
If files are incorrectly updated it could cause the system to refuse
ale checks the permissions on the complete paths of file,
program and the File Control database itself against
their entries in the File Control database. If any discrepancies are
found, an appropriate ``may be compromised'' message (including the pathname)
is displayed and an entry is written to
the audit trail.
can be used to analyze and fix the problem.
File Control database
User Authentication database
System Authentication database
ale is not part of any currently supported standard; it is
an extension of AT&T System V provided by
The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003