The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

smattrpop (1)
  • >> smattrpop (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    smattrpop - populate security attribute databases in a name service
     
    

    SYNOPSIS

    smattrpop [-c ] [-f] [-m] [-p policy] [-r] -s scope -t scope [-v] database  

    DESCRIPTION

    The smattrpop command updates the auth_attr(4), exec_attr(4), prof_attr(4), and user_attr(4) role-based access control databases in a target NIS, NIS+, LDAP, or local /etc files name service from the corresponding databases in a source name service or files.

    This command processes the table entries from the source database and merges each source entry field into the same field in the corresponding table entry in the target database. If a source entry does not exist in the target database, the entry is created. If the source entry exists in the target database, the fields are merged or replaced according to the command options.

    Any errors encountered while updating the target entry are reported to stdout, and the command continues with the next source database entry.  

    OPTIONS

    The following options are supported:

    -c Performs cross-table checking. If you specify this option and a check error occurs, a message identifying the check error is written to stdout.

    The target entry values are checked against entries in related databases:

    * auths values --- Each value must exist as the name of an authorization in the auth_attr(4) database.

    * profiles values --- Each value must exist as a name of a profile in the prof_attr(4) database.

    * roles values --- Each value must exist as the name of a role identity in the user_attr(4) database.

    * For each exec_attr(4) entry in the source database, the name must exist as the name of a profile in the prof_attr(4) database.

    -f Specifies that the value in each field in the source entry replaces the value in the corresponding field in the target entry, if the source entry field has a non-empty value.

    -m For the auths, profiles, and roles attributes, specifies that the values in each field in the source entry are merged with the values in the corresponding target entry field. If a source value does not exist in the target field, the value is appended to the set of target values. If the target field is empty, the source values replace the target field. The attribute values that merge depend on the database being updated:

    * prof_attr(4) --- the auths and profiles attribute values are merged.

    * user_attr(4) --- the auths, profiles, and roles attribute values are merged.

    * exec_attr(4) --- the uid, gid, euid, and egid values are merged.

    -p policy Specifies the value of the policy field in the exec_attr(4) database. Valid values are suser (standard Solaris superuser) and tsol (Trusted Solaris). If you specify this option, only the entries in the source exec_attr database with the specified policy are processed. If you omit this option, all entries in the source exec_attr database are processed.

    -r Specifies that role identities in the user_attr(4) database in the source name service are processed. If you omit this option, only the normal user entries in the user_attr source database are processed.

    -s scope Specifies the source name service or local file directory for database updates, using the following syntax:

    
    type:/server/domain
    

    where type indicates the type of name service. Valid values for type are:

    * file --- local files

    * nis --- NIS name service

    * nisplus --- NIS+ name service

    * ldap --- LDAP name service

    server indicates the local host name of the Solaris system on which the smattrpop command is executed, and on which both the source and target databases exist.

    domain specifies the management domain name for the name service.

    You can use two special cases of scope values:

    * To indicate the databases in the /etc/security local system directory, use the scope file:/server, where server is the name of the local system.

    * To load from databases in an arbitrary directory on the Solaris server, use the scope file:/server/pathname, where where server is the name of the local system and pathname is the fully-qualified directory path name to the database files.

    -t scope Specifies the target name service or local file directory for database updates, using the following syntax:

    
    type:/server/domain
    

    where type indicates the type of name service. Valid values for type are:

    * file --- local files

    * nis --- NIS name service

    * nisplus --- NIS+ name service

    * ldap --- LDAP name service

    server indicates the local host name of the Solaris system on which the smattrpop command is executed, and on which both the source and target databases exist.

    domain specifies the management domain name for the name service.

    You can use two special cases of scope values:

    * To indicate the databases in the /etc/security local system directory, use the scope file:/server, where server is the name of the local system.

    * To update to databases in an arbitrary directory on the Solaris server, use the scope file:/server/pathname, where where server is the name of the local system and pathname is the fully-qualified directory path name to the database files.

    -v Specifies that verbose messages are written. A message is written to stdout for each entry processed.

     

    OPERANDS

    The following operands are supported:

    database Populates one or all databases. You can specify either the name of the database you want to process (for example, auth_attr), or all to process all databases. If you specify all, the databases are processed in the following order:

    1. auth_attr(4)


    2. prof_attr(4)


    3. exec_attr(4)


    4. user_attr(4)

     

    EXAMPLES

    Example 1: Populating all tables in the NIS name service

    The following example merges the values from all four attribute databases in the /etc/security directory of the local system into the corresponding tables in the NIS domain, east.example.com. The command is executed on the master server, hoosier, for the NIS domain and the source files are in the /etc and /etc/security directories on the NIS master server. No cross-table checking is performed. A summary message indicating the number of entries processed and updated for each table is written to stdout.

    /usr/sadm/bin/smattrpop -s file:/hoosier \ 
              -t nis:/hoosier/east.example.com all
    

    Example 2: Updating the authorization table in the NIS+ name service

    This example merges new authorization data from a local system file in the auth_attr text format into the existing auth_attr database in the NIS+ domain, east.example.com. The command is executed on the NIS+ master server, foobar. Values from the source auth_attr file replace the corresponding field values in the NIS+ tables for each entry. A message is written to stdout for each entry processed. Database cross-checking is performed and any check error is written to stdout. A summary message indicating the number of entries processed and updated for the auth_attr database is written to stdout.

    /usr/sadm/bin/smattrpop -c -f -v -s file:/foobar/var/temp \ 
              -t nisplus:/foobar/East.Sun.COM auth_attr
    

     

    ENVIRONMENT VARIABLES

    See environ(5) for a description of the JAVA_HOME environment variable, which affects the execution of the smattrpop command. If this environment variable is not specified, the /usr/java location is used. See smc(1M).  

    EXIT STATUS

    Any errors encountered while updating the target entry are reported to stdout. The following exit values are returned:

    0 The specified tables were updated. Individual entries may have encountered checking errors.

    1 A syntax error occurred in the command line.

    2 A fatal error occurred and the tables were not completely processed. Some entries may have been updated before the failure.

     

    FILES

    /etc/security/auth_attr Authorization description database. See auth_attr(4).

    /etc/security/exec_attr Execution profiles database. See exec_attr(4).

    /etc/security/prof_attr Profile description database. See prof_attr(4).

    /etc/user_attr Extended user attribute database. See user_attr(4).

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE
    AvailabilitySUNWmga

     

    SEE ALSO

    smc(1M), smexec(1M), smprofile(1M), auth_attr(4), exec_attr(4), prof_attr(4), user_attr(4), attributes(5), environ(5)


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    OPERANDS
    EXAMPLES
    ENVIRONMENT VARIABLES
    EXIT STATUS
    FILES
    ATTRIBUTES
    SEE ALSO


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру