rbacdbchk(1m) [hpux man page]
rbacdbchk(1M) rbacdbchk(1M) NAME
rbacdbchk - Verifies the syntax of the Role-Based Access Control (RBAC) database files SYNOPSIS
DESCRIPTION
verifies that there are no conflicting or inconsistent entries in and amongst the RBAC database files. also checks the syntax of the data- base files and prints messages indicating which lines contain errors. returns zero output if no errors are present in the database files. All the RBAC database files and are verified. See rbac(5) for more information on these RBAC database files. Options supports the following options: Checks the database. Checks the database. Checks the database. Checks the database. Checks the database. Cross reference checks all databases. EXTERNAL INFLUENCES
Environment Variables determines the language in which messages are displayed. International Code Set Support Single-byte character code set is supported. RETURN VALUE
0. Success 1. Incorrect syntax EXAMPLES
The following example finds an error that user is an invalid user # rbacdbchk [/etc/rbac/user_role] John: Administrator invalid user The value 'John' for the Username field is bad. The following example finds a syntax error, an extra colon at the end of a line: # rbacdbchk [/etc/rbac/user_role] root: Administrator: invalid name: Not alphanumeric The value 'Administrator:' for the Rolename field is bad. [Role in role_auth DB with no assigned user in user_role DB] Administrator:(hpux.*, *) The following example finds a field missing: # rbacdbchk [/etc/rbac/roles] : my comment invalid name: <empty> The value '' for the Rolename field is bad. The following example finds a bad role: # rbacdbchk [Role in role_auth DB with no assigned user in user_role DB] blah:(hpux.*, *) [Invalid Role in role_auth DB. Role 'blah' does not exist in the roles DB] blah:(hpux.*, *) The following example finds a bad group name: # rbacdbchk [/etc/rbac/user_role] &blah: Administrator invalid group The value 'blah' for the Group name field is bad. FILES
Database containing valid definitions of all roles. Database containing definitions of all valid authorizations. Database specifying the roles for each specified user. Database that defines the authorizations for each role. Database containing the authorization to execute specified commands, and the privileges to alter uid and gid for command execution. Database that defines the role-to-authorization to audit SEE ALSO
authadm(1M), cmdprivadm(1M), privrun(1M), rbac(5). rbacdbchk(1M)
Check Out this Related Man Page
cmdprivadm(1M) cmdprivadm(1M) NAME
cmdprivadm - noninteractive editing of a command's authorization and privilege information in the privrun database SYNOPSIS
DESCRIPTION
is a noninteractive command that allows user with appropriate permission to add or delete a command and its privileges in the Role-Base Access Control (RBAC) database, See privrun(1M) for more details on this file. When adding a line to the database, sets fields that are not specified a default value. When deleting a line, the lines matching all the given pairs will be deleted. That is, if all fields specified match, the entry will be deleted. Appends a line as specified in pairs in the file. Deletes a line as specified in pairs from file. HP recommends that only the and commands be used to edit and view the RBAC databases; do not edit the RBAC files directly. See rbac(5) for information on the RBAC databases. Options The following options are valid pairs for command should include the full path name of the command. There can be one or more arguments following the command. filename should specify the full path name of a file name. Specifies the operation. Specifies the object. Specifies the real user ID (ruid). Specifies the effective user ID (euid). Specifies the real group ID (rgid). Specifies the effective group ID (egid). Specifies the compartment. Specifies the privileges. Specifies the PAM service name to reauthenticate under. See pam.conf(4) for a list of PAM services. Specifies the flags. Note: You must enclose values that contain the space character, or any characters that may be interpreted by the shell, with single quotes. For example, if the has one or more arguments, enclose them with single quotes: Authorizations: In order to invoke the user must either be root, (running with effective UID of 0), or have the appropriate authorizations. The following is a list of the required authorizations for running with particular options: Allows user to run with options. Allows user to run with options. EXTERNAL INFLUENCES
Environment Variables determines the language in which messages are displayed. International Code Set Support Single-byte character code set is supported. RETURN VALUE
Upon completion, returns one of the following values: Success. Failure. An appropriate error message is printed on standard error. EXAMPLES
The following commands add entries into the file: The following commands delete entries from the file: FILES
Database containing valid definitions of all roles. Database containing definitions of all valid authorizations. Database specifying the roles allowed for each specified user. Database defining the authorizations for each specified role. Database containing the authorization to execute specified commands, and the privileges to alter UID and GID for command execution. SEE ALSO
authadm(1M), privrun(1M), rbacdbchk(1M), roleadm(1M), rbac(5). cmdprivadm(1M)