NEWLABEL(1) NEWLABEL(1)
newlabel - run a process at another label
newlabel [ -EFIOmt ] [ -ah dir ] [ -efio path ] [ label ] [ cmd [ arg ...
] ]
newlabel allows the user to run a process at another label without
logging off. To prevent inappropriate transfers of information, all open
file descriptors are closed before the new process is invoked. Unless
the invoked by the Superuser with one or more of the -E, -F, -I, or -O
options, the stdin, stdout, and stderr are closed and reopened after the
label is changed. The default path used is /dev/tty, but may be changed
with the -e, -f, -i, and -o options. If the path cannot be opened
/dev/null is opened.
If a cmd is given, it is invoked using /bin/sh. If the cmd is followed
by one or more args, the entire string of cmd plus args should be quoted
to ensure that it is interpreted by /bin/sh, rather than the current
shell. If no cmd is given, the user's preferred shell is invoked. Note
that in most cases, a shell running with a different label will not be
able to open /dev/tty.
The newlabel command has the following options:
-E Do not close and reopen standard error. This option is restricted
to the Superuser.
-F Do not close and reopen standard error, input, or output. This
option is restricted to the Superuser.
-I Do not close and reopen standard input. This option is restricted
to the Superuser.
-O Do not close and reopen standard output. This option is restricted
to the Superuser.
-a Run the specified command at each label at which there is a subdirectory
in dir. The sub-directory check is done with the process
label set to msenmldhigh/mintequal in case dir has a moldy label.
This option is restricted to the Superuser.
-e Use the following path instead of /dev/tty as the standard error.
-f Use the following path instead of /dev/tty as the standard error,
input, and output.
-h Run the specified command at each label at which there is a subdirectory
in dir with neither equal sensitivity nor equal integrity.
The sub-directory check is done with the process label set to
msenmldhigh/mintequal in case dir has a moldy label. This option is
Page 1
NEWLABEL(1) NEWLABEL(1)
restricted to the Superuser.
-i Use the following path instead of /dev/tty as the standard input.
-m Use a label exactly like that on the current process, except that
the new label is assured to be moldy. This option excludes the -t
option.
-o Use the following path instead of /dev/tty as the standard output.
-t Use a label exactly like that on the current process, except that
the new label is assured not to be moldy. This option excludes the
-m option.
To obtain a shell with moldy characteristics, execute:
newlabel -m
To look at the current directory without moldy characteristics when the
current process has them, execute:
newlabel -t ls -l
To execute ps(1) at the system high label with no integrity, execute:
newlabel msenhigh/mintlow ps -el
To do the same thing, but write the result into a file, execute:
newlabel -o /tmp/ps.out msenhigh/mintlow ps -el
In most cases, a shell running with a different label (as a result of
using newlabel ) will not be able to open the /dev/tty.
This will cause commands like passwd(1) to fail since the controlling tty
has a different label and is therefore inaccessible. This restriction can
be avoided by re-logining at the desired label or by using the su(1)
command.
/bin/csh default command
/dev/tty default output
/dev/null secondary output
su(1M), passwd(1), telnet(1C), rlogin(1C)
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 2�2�2�2 [ Back ]
|
