- Timestamp:
- 11/18/14 14:33:33 (9 years ago)
- Branches:
- 4.11, 5, master
- Children:
- 6b4a22e3
- Parents:
- 3fe5d01
- git-author:
- Sebastian Huber <sebastian.huber@…> (11/18/14 14:33:33)
- git-committer:
- Sebastian Huber <sebastian.huber@…> (11/20/14 09:30:26)
- Location:
- doc/shell
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
doc/shell/Makefile.am
r3fe5d01 r8dbc612 25 25 26 26 general.texi: general.t 27 $(BMENU2) -p "Configuration and Initialization rtems_shell_ init - initialize the shell" \27 $(BMENU2) -p "Configuration and Initialization rtems_shell_login_check - Default login check handler" \ 28 28 -u "Top" \ 29 29 -n "File and Directory Commands" < $< > $@ -
doc/shell/confinit.t
r3fe5d01 r8dbc612 9 9 10 10 This chapter provides information on how the application 11 configures and in tializes the RTEMS shell.11 configures and initializes the RTEMS shell. 12 12 13 13 @c … … 214 214 TBD 215 215 216 @c 217 @c 218 @c 219 @section Access Control 220 221 @subsection Login Checks 222 223 Login checks are optional for the RTEMS shell and can be configured via a login 224 check handler passed to @code{rtems_shell_init()}. One login check handler is 225 @code{rtems_shell_login_check()}. 226 227 @subsection Configuration Files 228 229 The following files are used by the login check handler 230 @code{rtems_shell_login_check()} to validate a passphrase for a user and to set 231 up the user environment for the shell command execution. 232 233 @table @file 234 235 @item /etc/passwd 236 The format for each line is 237 238 @example 239 user_name:password:UID:GID:GECOS:directory:shell 240 @end example 241 242 with colon separated 243 fields. For more information refer to the Linux PASSWD(5) man page. Use a 244 @code{password} of @code{*} to disable the login of the user. An empty 245 password allows login without a password for this user. In contrast to 246 standard UNIX systems, this file is only readable and writeable for the user 247 with an UID of zero by default. The @code{directory} is used to perform a 248 filesystem change root operation in @code{rtems_shell_login_check()} in 249 contrast to a normal usage as the HOME directory of the user. The 250 @strong{default} content is 251 252 @example 253 root::0:0:::: 254 @end example 255 256 so there is @strong{no password required} for the @code{root} user. 257 258 @item /etc/group 259 The format for each line is 260 261 @example 262 group_name:password:GID:user_list 263 @end example 264 265 with colon separated fields. The @code{user_list} is comma separated. For 266 more information refer to the Linux GROUP(5) man page. In contrast to standard 267 UNIX systems, this file is only readable and writeable for the user with an UID 268 of zero by default. The default content is 269 270 @example 271 root::0: 272 @end example 273 274 @end table 275 276 @subsection Command Visibility and Execution Permission 277 278 Each command has 279 280 @itemize @bullet 281 @item an owner, 282 @item a group, and 283 @item a read permission flag for the owner, the group and all other users, and 284 @item an execution permission flag for the owner, the group and all other 285 users. 286 @end itemize 287 288 The read and write permission flags are stored in the command mode. The read 289 permission flags determine the visibility of the command for the current user. 290 The execution permission flags determine the ability to execute a command for 291 the current user. These command properties can be displayed and changed with 292 the 293 294 @itemize @bullet 295 @item @code{cmdls}, 296 @item @code{cmdchown}, and 297 @item @code{cmdchmod} 298 @end itemize 299 300 commands. The access is determined by the effective UID, the effective GID and 301 the supplementary group IDs of the current user and follows the standard 302 filesystem access procedure. 303 304 @subsection Add CRYPT(3) Formats 305 306 By default the @code{crypt_r()} function used by 307 @code{rtems_shell_login_check()} supports only plain text passphrases. Use 308 @code{crypt_add_format()} to add more formats. The following formats are 309 available out of the box 310 311 @itemize @bullet 312 @item @code{crypt_md5_format}, 313 @item @code{crypt_sha256_format}, and 314 @item @code{crypt_sha512_format}. 315 @end itemize 316 317 An example follows. 318 319 @findex crypt_add_format 320 @example 321 #include <crypt.h> 322 323 void add_formats( void ) 324 @{ 325 crypt_add_format( &crypt_md5_format ); 326 crypt_add_format( &crypt_sha512_format ); 327 @} 328 @end example 329 216 330 @section Functions 217 331 … … 220 334 221 335 @page 222 @subsection rtems_shell_init - initialize the shell336 @subsection rtems_shell_init - Initialize the shell 223 337 224 338 @cindex initialization … … 256 370 key value pair per instance. You should make sure that your RTEMS configuration 257 371 accounts for these resources. 372 373 @page 374 @subsection rtems_shell_login_check - Default login check handler 375 376 @cindex initialization 377 378 @subheading CALLING SEQUENCE: 379 380 @findex rtems_shell_login_check 381 @example 382 bool rtems_shell_login_check( 383 const char *user, 384 const char *passphrase 385 ); 386 @end example 387 388 @subheading DIRECTIVE STATUS CODES: 389 @code{true} - login is allowed, and@* 390 @code{false} - otherwise. 391 392 @subheading DESCRIPTION: 393 394 This function checks if the specified passphrase is valid for the specified user. 395 396 @subheading NOTES: 397 398 As a side-effect if the specified passphrase is valid for the specified user, 399 this function 400 401 @itemize @bullet 402 @item performs a filesystem change root operation to the directory of the 403 specified user if the directory path is non-empty, 404 @item changes the owner of the current shell device to the UID of the specified 405 user, 406 @item sets the real and effective UID of the current user environment to the 407 UID of the specified user, 408 @item sets the real and effective GID of the current user environment to the 409 GID of the specified user, and 410 @item sets the supplementary group IDs of the current user environment to the 411 supplementary group IDs of the specified user. 412 @end itemize 413 414 In case the filesystem change root operation fails, then the environment setup 415 is aborted and @code{false} is returned.
Note: See TracChangeset
for help on using the changeset viewer.