sd(ADM)

sd, sdd -- start a no-LUID daemon

Syntax

sd command [ argument ]

/tcb/files/no_luid/sdd

Description

The sd utility is used to start certain daemons in a way consistent with the enforcement of the login user identifier (LUID) (in accordance with C2 requirements). Use of sd is only necessary if the kernel is configured to enforce LUID restrictions. If LUID restrictions are in effect, it is not possible to start daemon processes that set their own LUID (for example, when executing a login procedure) directly from a logged-in terminal.

Daemons are normally started from /etc/rc2.d and set their LUID using the su(C) command. Daemons like cron that must run specifically without an LUID should be run via sdd.

sdd is itself a daemon process, started from inittab (see init(M)). sd sends requests to sdd for other daemon processes to be started.

sdd only starts a process if an authorization check is successful. The authority required for each daemon is specified by the file /tcb/files/no_luid/cmdtable. This file contains entries for daemons, one per line, as follows:

name:path:subsystem

where name is the command name passed as the first argument to sd, path is the full path name of the command that will be executed, and subsystem is the subsystem authorization that the invoking user is required to have. The special value ``'' for subsystem specifies that any user can issue that command.

Examples

The default cmdtable file includes the following line:

   cron:/etc/cron:cron

If the system cron daemon were to die for any reason, an administrator who had been granted the cron authorization could restart it by issuing the command:

sd cron

Files

/tcb/files/no_luid/
/etc/inittab

Standards conformance