clsnmpuser(1CL) Sun Cluster Maintenance Commands clsnmpuser(1CL)
NAME
clsnmpuser - administer Sun Cluster SNMP users
SYNOPSIS
/usr/cluster/bin/clsnmpuser -V
/usr/cluster/bin/clsnmpuser [subcommand] -?
/usr/cluster/bin/clsnmpuser [subcommand] [options]
-v [operand]
/usr/cluster/bin/clsnmpuser create -i {- | clconfigfile}
[-a authentication] -f passwdfile [-n node[,...]]
{+ | user ...}
/usr/cluster/bin/clsnmpuser delete [-a authentication]
[-n node[,...] ] {+ | user ...}
/usr/cluster/bin/clsnmpuser export [-o {- | clconfigfile}]
[-a authentication] [-n node[,...] ] [ {+ | user ...}]
/usr/cluster/bin/clsnmpuser list [-a authentication]
[-n node[,...] ] {-d | + | user ...}
/usr/cluster/bin/clsnmpuser set [-a authentication]
[-n node[,...] ] {+ | user ...}
/usr/cluster/bin/clsnmpuser set-default {-l seclevel [,...] }
{+ | user ...}
/usr/cluster/bin/clsnmpuser show [-a authentication]
[-n node[,...] ] [-d | + | user ...]
DESCRIPTION
The clsnmpuser command administers the roles of Simple Network Management Protocol (SNMP) users who can administer the control mechanisms
on cluster Management Information Bases (MIBs). For more information about cluster MIBs, see the clsnmpmib(1CL) man page. If the cluster
contains a MIB that is configured to use SNMP Version 3 (SNMPv3), you must define an SNMP user. SNMP users are not the same users as
Solaris OS users, and SNMP users do not need to have the same user names as existing OS users.
This command has no short form.
The general form of this command is as follows:
clsnmpuser [subcommand] [options] [operands]
You can omit subcommand only if options specifies the option -? or -V.
Each option of this command has a long form and a short form. Both forms of each option are provided with the description of the option in
the OPTIONS section.
See the Intro(1CL) man page for more information.
You can use this command only in the global zone.
SUBCOMMANDS
The following subcommands are supported:
create
Creates a user and adds the user to the SNMP user configuration on the specified node.
You can use this subcommand only in the global zone.
Use the -n option with this subcommand to specify the cluster node on which to create the SNMP user. If you do not specify the -n
option, the user is created and added only to the SNMP configuration on the current node.
To create and add all of the users that are configured in the clconfiguration file, use the -i option and the -n option.
To assign an authentication type to the SNMP user that you are creating, specify the -a option.
You can include the password for the SNMP user by specifying the -f option. The -f option is required if you are using the -i option.
If you specify the -i option, the configuration information from the clconfiguration(5CL) file is used. When you specify the -i option,
you can also specify the plus sign (+) operand or a list of users.
Users other than superuser require solaris.cluster.modify role-based access control (RBAC) authorization to use this command. See the
rbac(5) man page.
delete
Deletes an SNMPv3 user from the specified node.
You can use this subcommand only in the global zone.
When you use the delete subcommand and specify only a user name, the subcommand removes all instances of the user. To delete users by
authentication type, use the -a option. If you do not use the -n option, the user is deleted from only the current node.
Users other than superuser require solaris.cluster.modify RBAC authorization to use this subcommand. See the rbac(5) man page.
export
Exports the SNMP user information from the specified node.
You can use this subcommand only in the global zone.
If you do not use the -n option, the SNMP user information is exported only from the current node. For the format of the output from
the export subcommand, see the clconfiguration(5CL) man page. By default, all output is sent to standard output. Use the -o option fol-
lowed by a file name to redirect the output to the file.
You can use the -a option to provide output only for those users with a specific authentication type. If you specify one or more users
as operands, the output is restricted to only the information about those users.
Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.
list
Prints a list of SNMPv3 users that are configured on the specified node.
You can use this subcommand only in the global zone.
By default, the list subcommand displays all SNMPv3 users on the specified node. To display only the default SNMP user, specify the -d
option with no operands. To restrict the output to a specified authentication type, use the -a option.
Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.
set
Changes the configuration of a user on the specified node.
You can use this subcommand only in the global zone.
If you do not specify the -n option, the configuration of a user is modified only on the current node.
Users other than superuser require solaris.cluster.modify RBAC auhorization to use this subcommand. See the rbac(5) man page.
set-default
Specifies the name of the default SNMP user and the security level that is used when a MIB sends a trap notification.
You can use this subcommand only in the global zone.
You use the -l option to specify the security level.
If the MIB is configured to use SNMPv3, you must specify a specific user name and security level with which to authenticate the traps.
If a configuration has more than one user, you must specify the default user that the MIB will use when it sends the trap notifica-
tions.
If the configuration contains only one user, that user automatically becomes the default SNMP user. If the default SNMP user is
deleted, another existing user, if any, becomes the default.
Users other than superuser require solaris.cluster.modify RBAC auhorization to use this subcommand. See the rbac(5) man page.
show
Prints information about the users on the specified node.
You can use this subcommand only in the global zone.
By default, the show subcommand displays information about all users on the node. To display information about only the default SNMP
user, specify the -d option and do not provide an operand. To limit the output to specific authentication types, use the -a option. If
you do not use the -n option, the command displays only user information from the current node.
Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.
OPTIONS
The following options are supported:
-?
--help
Prints help information.
You can specify this option with or without a subcommand.
o If you use this option without a subcommand, the list of available subcommands is displayed.
o If you use this option with a subcommand, the usage options for that subcommand are displayed.
When this option is used, no other processing is performed.
-a authentication
--authentication authentication
Specifies the authentication protocol that is used to authorize the user. The value of the authentication protocol can be SHA or MD5.
-d
--default
Specify the default SNMP user that is used when a MIB sends a trap notification.
-f passwdfile
--file passwdfile
Specifies a file that contains one or more SNMP user passwords. If you do not specify this option when you create a new user, the com-
mand prompts for a password. This option is valid only with the create subcommand.
User passwords must be specified on separate lines in the following format:
user:password
Passwords cannot contain the following characters or a space:
o ; (semicolon)
o : (colon)
o (backslash)
o
(newline)
-i {- | clconfigfile}
--input {- | clconfigfile-}
Specifies configuration information that is to be used to validate or modify the SNMP hosts configuration. This information must con-
form to the format that is defined in the clconfiguration(5CL) man page. This information can be contained in a file or supplied
through standard input. To specify standard input, specify the minus sign (-) instead of a file name.
-l seclevel
--securitylevel seclevel
Specifies the user's security level. You specify one of the following values for seclevel:
o noAuthNoPriv
o AuthNoPriv
o authPriv
For more information about SNMP security levels, see the snmpcmd(1M) man page.
-n node[,...]
--node[s] node-[...]
Specifies a node or a list of nodes. You can specify each node as a node name or as a node ID.
All forms of this command accept this option.
-o {- | clconfigfile}
--output {- | clconfigfile-}
Writes the cluster SNMP host configuration information in the format that is described by the clconfiguration(5CL) man page. This
information can be written to a file or to standard output.
To write to standard output, specify the minus sign (-) instead of a file name. If you specify standard output, all other standard out-
put for the command is suppressed.
-V
--version
Prints the version of the command.
Do not specify this option with subcommands, operands, or other options because they are ignored. The -V option displays only the ver-
sion of the command. No other operations are performed.
-v
--verbose
Prints verbose messages and information.
You can specify this option with any form of the command, although some subcommands might not produce expanded output. For example, the
export subcommand does not produce expanded output if you specify the verbose option.
OPERANDS
The following operands are supported:
+ Specifies all SNMP users.
user Specifies the name of the SNMP user.
EXIT STATUS
If the command is successful for all specified operands, it returns zero (CL_NOERR). If an error occurs for an operand, the command pro-
cesses the next operand in the operand list. The returned exit code always reflects the error that occurred first.
This command returns the following exit status codes:
0 CL_NOERR
No error
The command that you issued completed successfully.
1 CL_ENOMEM
Not enough swap space
A cluster node ran out of swap memory or ran out of other operating system resources.
3 CL_EINVAL
Invalid argument
You typed the command incorrectly, or the syntax of the cluster configuration information that you supplied with the -i option was
incorrect.
6 CL_EACCESS
Permission denied
The object that you specified is inaccessible. You might need superuser or RBAC access to issue the command. See the su(1M) and rbac(5)
man pages for more information.
18 CL_EINTERNAL
Internal error was encountered
An internal error indicates a software defect or other defect.
35 CL_EIO
I/O error
A physical input/output error has occurred.
36 CL_ENOENT
No such object
The object that you specified cannot be found for one of the following reasons:
o The object does not exist.
o A directory in the path to the configuration file that you attempted to create with the -o option does not exist.
o The configuration file that you attempted to access with the -i option contains errors.
EXAMPLES
Example 1 Creating an SNMPv3 User
The following command creates a new user newuser1 and adds the user to the configuration on the current node. The authentication type is
SHA.
# clsnmpuser create -a SHA newuser1
Enter password for user 'newuser1':
This example requires that you enter a password for the user to be created. To automate this process, use the -f option.
Example 2 Listing Users
The following command lists all users with an authentication type of MD5.
# clsnmpuser list -a MD5 +
user1
mySNMPusername
The plus sign (+) is optional, as it is the default.
Example 3 Showing Users
The following command displays the user information for all users on the current node.
# clsnmpuser show
--- SNMP User Configuration on phys-schost-1 ---
SNMP User Name: newuser1
Authentication Protocol: SHA
Default User: Yes
Default Security Level: authPriv
Example 4 Changing a User's Authentication Protocol and Status
The following command modifies the authentication protocol and default user status of the user newuser1.
# clsnmpuser set -a MD5 newuser1
Example 5 Deleting SNMP Users
The following command deletes all SNMP users.
# clsnmpuser delete +
The plus sign (+) is used in this example to specify all users.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE |
|VALUE | |
+-----------------------------+-----------------------------+
|Availability |SUNWscu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
clsnmphost(1CL), clsnmpmib(1CL), cluster(1CL), Intro(1CL), sceventmib(1M), snmpcmd(1M), su(1M), scha_calls(3HA), attributes(5), rbac(5),
clconfiguration(5CL)
NOTES
The superuser can run all forms of this command.
All users can run this command with the -? (help) or -V (version) option.
To run the clsnmpmib command with other subcommands, users other than superuser require RBAC authorizations. See the following table.
+------------+---------------------------------------------------------+
|Subcommand | RBAC Authorization |
+------------+---------------------------------------------------------+
|create | solaris.cluster.modify |
+------------+---------------------------------------------------------+
|delete | solaris.cluster.modify |
+------------+---------------------------------------------------------+
|export | solaris.cluster.read |
+------------+---------------------------------------------------------+
|list | solaris.cluster.read |
+------------+---------------------------------------------------------+
|set | solaris.cluster.modify |
+------------+---------------------------------------------------------+
|set-default | solaris.cluster.modify |
+------------+---------------------------------------------------------+
|show | solaris.cluster.read |
+------------+---------------------------------------------------------+
Sun Cluster 3.2 17 Jul 2006 clsnmpuser(1CL)