nicl(1) BSD General Commands Manual nicl(1)
nicl -- NetInfo command line utility
nicl [options] datasource [command]
-c create new datasource
-p prompt for password
-u user authenticate as user
-P password authentication password
-raw datasource is a NetInfo directory
-t datasource is host/tag
-v verbose output
-q quiet - no interactive prompt
-x500 X.500 names
-read dir [key ...]
-list dir [key]
-search dir scopemin scopemax key val [key val] ...
-load [delim key val ...] ...
-create [path [key [val ...]]]
-append dir key val ...
-merge dir key val ...
-insert dir key val index
-rename dir old_key new_key
-delete dir [key [val ...]]
-copy dir new_parent
-move dir new_parent
-history [<=>] [version]
available only in interactive mode:
-auth [user [password]]
support for experimental X.500 mode:
-setrdn dir key
nicl is general-purpose utility for operating on NetInfo databases. Its commands allow one
to create, read, and manage NetInfo data. If invoked without any commands, nicl runs in an
interactive mode, reading commands from standard input. Interactive processing is termi-
nated by the quit command, or by end of file. Leading dashes ("-") are optional for all
nicl operates on a datasource specified on the command line. This may be a domain name, a
NetInfo server of the form "host/tag", or a file. Domain names may be absolute paths begin-
ning with a slash ("/"), or relative domain paths beginning with a dot (".") character,
which specifies the local domain, or "..", specifying the local domain's parent. If the -t
option has been specified, then the datasource is a host/tag specification. Hosts may be
given by name or IP address. If the -raw option has been specified, then the datasource is
a NetInfo-format database, for example "/var/db/netinfo/local.nidb". The user invoking nicl
must have sufficient file-system permissions to read the database files.
In "raw" mode, nicl operates directly on the database without communicating with a server
for that database.
Many commands take a directory as an option. Directories may be specified as a directory ID
number or as a path. NetInfo paths are specified by a list of slash-separated components.
Each component is of the form:
In the first form, the key defaults to "name". Thus the following two paths are equivalent:
Note that NetInfo does not require any key to have unique values. When matching a directory
path, NetInfo will match the first directory it finds with a given key and value. For exam-
ple, the following path will locate a user with a gid of "100":
Many users may have a gid value of 100. This path will match the first in some search
order. The only unique identifier for NetInfo directories is the directory ID number. This
number is printed in the output of the list command, and is printed by the read command if
the nicl is invoked with the -v (verbose) flag.
If path components contain keys or values with embedded slash characters, the slash charac-
ters must be escaped with a leading backslash character. Since the shell also processes
escape characters, an extra backslash is required to correctly specify an escape. For exam-
ple, to read a directory with the name "/Alpha" in the "/exports" directory, one of the fol-
lowing paths could be used:
nicl . -read /exports/\\/Alpha
nicl . -read /exports/name=\\/Alpha
nicl was developed using an internal datastore "engine" with operations supporting both the
legacy NetInfo network protocol and LDAP Version 3. Development work is still in progress
in this area. Some nicl commands have been written for use in "X.500" mode, invoked by use
of the -x500 flag. Support for X.500-style data organization, naming, and access is still
experimental and under active development.
The action of each command is described below. Some commands have aliases. For example,
"cat" and "." are aliases for "read". Command aliases are listed in parentheses.
read (cat .)
Usage: read dir [key ...]
Prints a directory. Each properties are printed one per line. The property key is followed
by a colon, then a space-separated list of the values for that property. Note that a value
which contains embedded spaces will appear identical to a pair of values. If The -v flag
for verbose output has been given, then read prints the directory (record) ID number, its
version number, serial number, a count of child directories and a list of child directory ID
numbers. Attributes are printed separately from meta-attributes (those having a leading
Usage: list dir [key]
Lists the subdirectories of the given directory. Subdirectories are listed one per line.
The directory ID number is printed first, then the values of "name" key. If an optional key
argument is given, then the values for that key are used, rather than the values for the
Note that subdirectories that do not have a "name" key (or the key given as an option) are
path scopemin scopemax key val [key val] ...
Searches for directories that match a pattern. The search is rooted at the given directory.
The following two arguments control the scope of the search by specifying the starting and
ending depth of the search. If scopemin argument is 0, for example, the search will include
the starting directory itself. A value of 1 will start searching at the subdirectories of
the starting directory. The value of scopemax specifies the maximum depth of the search. A
value of 0 stops the search at the starting directory. A value of 1 stops the search one
level down. A value of -1 causes the search to have no maximum depth.
Following the scope arguments are one or more key and value pairs. Directories that have
matching keys and values will be printed.
Usage: path path
Prints the directories from the given directory to the root directory.
Usage: load [delim key val ...] ...
Creates a child directory of the current directory. This command allows a directory to be
created with a number of properties. The first character given in the input is subsequently
used as a delimiter to separate key val ... sets. For example, to create a directory with
the name "foo", and a property "bar" with the values "a", "b", and "c", and a property "baz"
with the values "abc" and "def":
load + name foo + bar a b c + baz abc def
Any single character may be used as a delimiter.
Usage: create [path [key [val ...]]]
Creates a new directory, property, or value. If a directory path is given, the create com-
mand will create the directory path if it does not exist. If a key is given, then a prop-
erty with that key will be created.
WARNING - If a property with the given key already exists, it will be destroyed and a new
property will be created in its place. To add values to an existing property, use the
append or merge commands.
If values are included in the command, these values will be set for the given key.
If it is invoked without any arguments as a single command-line argument to nicl , the
create command will create a new database. For example, to create a new database
nicl -raw /tmp/test_db -create
The "mk" alias is not available for creating a new database. Note that a new database may
also be created by using the -c option on the command line.
Usage: append path key val ...
Appends one or more values to a property in a given directory. The property is created if
it does not exist.
Usage: merge path key val ...
Appends one or more values to a property in a given directory if the property does not
already have those values. The property is created if it does not exist.
Usage: insert path key val index Inserts the given value in the list of values of the given
key in the specified directory. index is an integer value. An index of 0 specifies that
the value should be inserted at the head of the list. An index greater than the number of
values in the list causes the value to be appended. The property is created if it does not
Usage: rename path old_key new_key
Changes a property key.
Usage: delete path [key [val ...]]
Delete a directory, property, or value. If a directory path is given, the delete command
will delete the directory. If a key is given, then a property with that key will be
deleted. If one or more values are given, those values will be removed from the property
with the given key.
Usage: copy path new_parent
Recursively copies a directory to a new parent directory.
Usage: move path new_parent
Moves a directory to a new parent directory. In raw mode, move moves a directory by detach-
ing it from its parent directory and re-attaching it to a new parent. When connected to a
NetInfo server, the directory is recursively copied to the new parent directory, then the
original is removed.
Usage: history [<=>] [version]
Locates directories by reference to the database version number. When a new database is
created, it starts with a version number of zero. Each modification of the database causes
the version number to be incremented. The database version number is saved with the direc-
tory that was modified at that time. When a directory is added or removed, the parent
directory is modified, and thus the parent directory carries the version number for that
The history command lists directories that have been modified before, at, or after a spe-
cific version of the database. The < argument is used to locate directories that changed
before a specific version. The > argument locates directories that changed after a specific
version. The = after locates the single directory that changed at a specific version. This
is also the default if none of these arguments is given.
If a version number is omitted, the current database version number is used. To determine
the current database version:
nicl . -history
Prints various statistics. If the datasource is a raw database this includes the database
checksum, version number, maximum directory ID number, and counts of fetch, save, and remove
operations. If the datasource is a NetInfo server, then this command prints all statistics
available from the server.
Prints the NetInfo domain name. Not available in raw mode.
Prints the IP address and tag of the server's parent domain server. No output is printed if
the server has no parent. Not available in raw mode.
If connected to a NetInfo clone server, this command causes the clone to check its database
and re-synchronize with the master if necessary. If connected to a master server, this com-
mand causes the master to send a message to all clones, causing them all to re-synchronize.
Not available in raw mode.
Flushes the directory cache.
Usage: echo string
Prints the string to standard output. This is handy when executing a script.
Usage: source file
Redirects standard input to read commands from the named file. After the commands in the
file have been processed, control returns to the command line (if invoked interactively).
Usage: cd dir
Sets the current directory. Path names for other nicl commands may be relative to the cur-
Usage: pwd Prints the path of the current directory.
Usage: auth [user [password]]
Authenticate as the named user, or as "root" if no user is specified. If a password is sup-
plied, then that password is used for authentication, otherwise the command prompts for a
quit (q exit)
Usage: quit Ends processing of interactive commands and terminates the program.
X.500 MODE COMMANDS
Usage: refs Used with -x500 mode. Lists parent domain and child domain references. Domains
are printed as LDAP URLS.
Usage: setrdn path key
Used with -x500 mode. This command creates a meta-attribute "rdn" key in the specified
directory, with the key as the value of the "rdn" meta-attribute. When nicl is invoked with
the -x500 flag, X.500-style naming is used. The "rdn" meta-attribute of a directory speci-
fies which key will be used for the relative distinguished name (RDN). By default, the
"name" property is used to form the RDN.
nidump(8), nifind(1), nigrep(1), niload(8), nireport(1), niutil(1)
Mac OS December 15, 2000 Mac OS