The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

smexec (1)
  • >> smexec (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    smexec - manage entries in the exec_attr database
     
    

    SYNOPSIS

    /usr/sadm/bin/smexec subcommand [ auth_args] -- [subcommand_args]  

    DESCRIPTION

    The smexec command manages an entry in the exec_attr(4) database in the local /etc files name service or a NIS or NIS+ name service.  

    subcommands

    smexec subcommands are:

    add Adds a new entry to the exec_attr(4) database. To add an entry to the exec_attr database, the administrator must have the solaris.profmgr.execattr.write authorization.

    delete Deletes an entry from the exec_attr(4) database. To delete an entry from the exec_attr database, the administrator must have the solaris.profmgr.execattr.write authorization.

    modify Modifies an entry in the exec_attr(4) database. To modify an entry in the exec_attr database, the administrator must have the solaris.profmgr.execattr.write authorization.

     

    OPTIONS

    The smexec authentication arguments, auth_args, are derived from the smc(1M) arg set and are the same regardless of which subcommand you use. The smexec command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After rebooting the Solaris Management Console server, the first Solaris Management Console connection might time out, so you might need to retry the command.

    The subcommand-specific options, subcommand_args, must come after the auth_args and must be separated from them by the -- option.  

    auth_args

    The auth_args -D, -H, -l, -p, -r, and -u are described below. They are all optional. These options are a subset of the full complement of supported options described in smc(1M).

    If no auth_args are specified, certain defaults will be assumed and the user may be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain with the domain argument.

    -D | --domain  domain

    Specifies the default domain that you want to manage. The syntax of domain is type:/host_name/domain_name, where type is nis, nisplus, dns, ldap, or file; host_name is the name of the machine that serves the domain; and domain_name is the name of the domain you want to manage. (Note: Do not use nis+ for nisplus.)

    If you do not specify this option, the Solaris Management Console assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools.

    -H | --hostname  host_name:port

    Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the Solaris Management Console connects to the local host on port 898. You may still have to choose a toolbox to load into the console. To override this behavior, use the smc(1M) -B option, or set your console preferences to load a "home toolbox" by default.

    -l | --rolepassword  role_password

    Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.

    -p | --password  password

    Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.

    -r | --rolename  role_name

    Specifies a role name for authentication. If you do not specify this option, no role is assumed.

    -u | --username  user_name

    Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.

    --

    This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.

     

    subcommand_args

    Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.

    To add or change privileges, the administrator must have the solaris.admin.privilege.write authorization. See privileges(5).

    * For subcommand add:

    -c command_path|CDE_action

    Specifies the full path to the command or CDE action associated with the new exec_attr entry. Specifying a CDE action is available only if the system is configured with Solaris Trusted Extensions. See "Using Options that Require Solaris Trusted Extensions," below.

    -g egid

    (Optional) Specifies the effective group ID that executes with the command.

    -G gid

    (Optional) Specifies the real group ID that executes with the command.

    -h

    (Optional) Displays the command's usage statement.

    -n profile_name

    Specifies the name of the profile associated with the new exec_attr entry.

    -t type

    Specifies the type for the command. Currently, the only acceptable value for type is cmd.

    -u euid

    (Optional) Specifies the effective user ID that executes with the command.

    -U uid

    (Optional) Specifies the real user ID that executes with the command.

    -M limit_privs

    Specifies the privilege name(s) to add to the new exec_attr(4) entry. The default is all for limit privilege.

    To add or change privileges, the administrator must have the solaris.admin.privilege.write authorization. See privileges(5).

    -I inheritable_privs

    Specifies the inheritable privilege name(s) to add to the new exec_attr(4) entry.

    * For subcommand delete:

    -c command_path|CDE_action

    Specifies the full path to the command or CDE action associated with the exec_attr entry. Specifying a CDE action is available only if the system is configured with Solaris Trusted Extensions. See "Using Options that Require Solaris Trusted Extensions," below.

    -h

    (Optional) Displays the command's usage statement.

    -n profile_name

    Specifies the name of the profile associated with the exec_attr entry.

    -t type

    Specifies the type cmd for command. Currently, the only acceptable value for type is cmd.

    * For subcommand modify:

    -c command_path|CDE_action

    Specifies the full path to the command or CDE action associated with the exec_attr entry you want to modify. Specifying a CDE action is available only if the system is configured with Solaris Trusted Extensions. See "Using Options that Require Solaris Trusted Extensions," below.

    -g egid

    (Optional) Specifies the new effective group ID that executes with the command.

    -G gid

    (Optional) Specifies the new real group ID that executes with the command.

    -h

    (Optional) Displays the command's usage statement.

    -n profile_name

    Specifies the name of the profile associated with the exec_attr entry.

    -t type

    Specifies the type cmd for command. Currently, the only acceptable value for type is cmd.

    -u euid

    (Optional) Specifies the new effective user ID that executes with the command.

    -U uid

    (Optional) Specifies the new real user ID that executes with the command.

    -M limit_privs

    Specifies the privilege name(s) to modify in an exec_attr(4) entry. The default is all for limit privilege.

    To add or change privileges, the administrator must have the solaris.admin.privilege.write authorization. See privileges(5).

    -I inheritable_privs

    Specifies the inheritable privilege name(s) to modify in anexec_attr(4) entry.

     

    Using Options that Require Solaris Trusted Extensions

    To use an option that requires the Solaris Trusted Extensions feature, you must use the -B toolbox option to specify a toolbox that contains support for Trusted Extensions. For example:

    # smexec -add -c <CDE action> -n "User Manager" \
    -B http://<server>/toolboxes/tsol_files.tbx 
    

    In the command above, <server> is the name of the machine running the Solaris Management Console. See smc(1M) for a description of the -B option.  

    EXAMPLES

    Example 1: Creating an exec_attr Database Entry

    The following creates a new exec_attr entry for the User Manager profile on the local file system. The entry type is cmd for the command /usr/bin/cp. The command has an effective user ID of 0 and an effective group ID of 0.

    ./smexec add -H myhost -p mypasswd -u root -- -n "User Manager" \
              -t cmd -c /usr/bin/cp -u 0 -g 0
    

    Example 2: Deleting an exec_attr Database Entry

    The following example deletes an exec_attr database entry for the User Manager profile from the local file system. The entry designated for the command /usr/bin/cp is deleted.

    ./smexec delete -H myhost -p mypasswd -u root -- -n "User Manager" \ 
              -t cmd -c /usr/bin/cp
    

    Example 3: Modifying an exec_attr Database Entry

    The following modifies the attributes of the exec_attr database entry for the User Manager profile on the local file system. The /usr/bin/cp entry is modified to execute with the real user ID of 0 and the real group ID of 0.

    ./smexec modify -H myhost -p mypasswd -u root -- -n "User Manager" \ 
              -t cmd -c /usr/bin/cp -U 0 -G 0
    

     

    ENVIRONMENT VARIABLES

    See environ(5) for a description of the JAVA_HOME environment variable, which affects the execution of the smexec command. If this environment variable is not specified, the /usr/java location is used. See smc(1M).  

    EXIT STATUS

    The following exit values are returned:

    0 Successful completion.

    1 Invalid command syntax. A usage message displays.

    2 An error occurred while executing the command. An error message displays.

     

    FILES

    The following file is used by the smexec command:

    /etc/security/exec_attr Rights profiles database. See exec_attr(4).

     

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE
    AvailabilitySUNWmga
    Interface StabilityEvolving

     

    SEE ALSO

    smc(1M), exec_attr(4), attributes(5), environ(5)


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    subcommands
    OPTIONS
    auth_args
    subcommand_args
    Using Options that Require Solaris Trusted Extensions
    EXAMPLES
    ENVIRONMENT VARIABLES
    EXIT STATUS
    FILES
    ATTRIBUTES
    SEE ALSO


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру