16.Sets up signals.

17.Forks a child.

18.Parent waits on child's return; child continues:

19.Adds the new GID to the group list.

20.Sets the GID.

21.Logs an audit record.

22.Starts a shell if the -cflag was specified.

23.Looks for the SHELL environment variable or, if SHELL is not set defaults to /bin/sh.

24.Gets the basename of the shell for argv[0].

25.Closes the password and group files.

26.Changes to home directory if doing a login.

27.Logs an audit record.

28.Execs a shell with a command.

29.Closes its log.

30.Exits.

5.11.3.6passwd

passwd updates a user’s authentication tokens. passwd is configured to work through the PAM API. passwd configures itself as a password service with PAM, and uses configured password modules to authenticate and then update a user’s password. passwd turns off terminal echo, while the user is typing the old as well as the new password, in order to prevent the password from being displayed as it is being typed by the user. Refer to the passwd man page for more detailed information. passwd generally follows these steps.

1.Parses command-line arguments.

2.Handles requests for locking, unlocking, and clearing of passwords for an account.

3.If requested, displays account status.

4.If requested, updates password aging parameters

5.Reads new password from standard input.

6.Starts PAM session with a call to pam_start().

7.Calls pam_chauthtok() to perform password strength checks and to update the password.

8.Generates audit record indicating successful update of the password.

5.11.3.7su

su allows a user to switch identity. su changes the effective and real user and group ID to those of the new user. Refer to the su man page for more detailed information. su generally follows these steps:

1.Sets language.

2.Sets up a variable indicating whether the application user is the root user.

3.Gets current tty name for logging.

179

Page 191
Image 191
IBM 10 SP1 EAL4 manual Passwd, 11.3.7 su