|
|
add administrator user to system
10-05-2009
|
|
|
|
smexec(1M) System Administration Commands smexec(1M) NAME
smexec - manage entries in the exec_attr database SYNOPSIS
/usr/sadm/bin/smexec subcommand [ auth_args] -- [subcommand_args] DESCRIPTION
The smexec command manages an entry in the exec_attr(4) database in the local /etc files name service or a NIS or NIS+ name service. subcommands smexec subcommands are: add Adds a new entry to the exec_attr(4) database. To add an entry to the exec_attr database, the administrator must have the solaris.profmgr.execattr.write authorization. delete Deletes an entry from the exec_attr(4) database. To delete an entry from the exec_attr database, the administrator must have the solaris.profmgr.execattr.write authorization. modify Modifies an entry in the exec_attr(4) database. To modify an entry in the exec_attr database, the administrator must have the solaris.profmgr.execattr.write authorization. OPTIONS
The smexec authentication arguments, auth_args, are derived from the smc(1M) arg set and are the same regardless of which subcommand you use. The smexec command requires the Solaris Management Console to be initialized for the command to succeed (see smc(1M)). After reboot- ing the Solaris Management Console server, the first Solaris Management Console connection might time out, so you might need to retry the command. The subcommand-specific options, subcommand_args, must come after the auth_args and must be separated from them by the -- option. auth_args The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user may be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain with the domain argu- ment. -D | --domain domain Specifies the default domain that you want to manage. The syntax of domain is type:/host_name/domain_name, where type is nis, nisplus, dns, ldap, or file; host_name is the name of the machine that serves the domain; and domain_name is the name of the domain you want to manage. (Note: Do not use nis+ for nisplus.) If you do not specify this option, the Solaris Management Console assumes the file default domain on whatever server you choose to man- age, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools. -H | --hostname host_name:port Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the Solaris Management Console connects to the local host on port 898. You may still have to choose a toolbox to load into the console. To override this behavior, use the smc(1M) -B option, or set your console preferences to load a "home toolbox" by default. -l | --rolepassword role_password Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to sup- ply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure. -p | --password password Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure. -r | --rolename role_name Specifies a role name for authentication. If you do not specify this option, no role is assumed. -u | --username user_name Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed. -- This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option. subcommand_args Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes. To add or change privileges, the administrator must have the solaris.admin.privilege.write authorization. See privileges(5). o For subcommand add: -c command_path Specifies the full path to the command associated with the new exec_attr entry. -g egid (Optional) Specifies the effective group ID that executes with the command. -G gid (Optional) Specifies the real group ID that executes with the command. -h (Optional) Displays the command's usage statement. -n profile_name Specifies the name of the profile associated with the new exec_attr entry. -t type Specifies the type for the command. Currently, the only acceptable value for type is cmd. -u euid (Optional) Specifies the effective user ID that executes with the command. -U uid (Optional) Specifies the real user ID that executes with the command. -M limit_privs Specifies the privilege name(s) to add to the new exec_attr(4) entry. The default is all for limit privilege. To add or change privileges, the administrator must have the solaris.admin.privilege.write authorization. See privileges(5). -I inheritable_privs Specifies the inheritable privilege name(s) to add to the new exec_attr(4) entry. o For subcommand delete: -c command_path Specifies the full path to the command associated with the exec_attr entry. -h (Optional) Displays the command's usage statement. -n profile_name Specifies the name of the profile associated with the exec_attr entry. -t type Specifies the type cmd for command. Currently, the only acceptable value for type is cmd. o For subcommand modify: -c command_path Specifies the full path to the command associated with the exec_attr entry that you want to modify. -g egid (Optional) Specifies the new effective group ID that executes with the command. -G gid (Optional) Specifies the new real group ID that executes with the command. -h (Optional) Displays the command's usage statement. -n profile_name Specifies the name of the profile associated with the exec_attr entry. -t type Specifies the type cmd for command. Currently, the only acceptable value for type is cmd. -u euid (Optional) Specifies the new effective user ID that executes with the command. -U uid (Optional) Specifies the new real user ID that executes with the command. -M limit_privs Specifies the privilege name(s) to modify in an exec_attr(4) entry. The default is all for limit privilege. To add or change privileges, the administrator must have the solaris.admin.privilege.write authorization. See privileges(5). -I inheritable_privs Specifies the inheritable privilege name(s) to modify in anexec_attr(4) entry. EXAMPLES
Example 1: Creating an exec_attr Database Entry The following creates a new exec_attr entry for the User Manager profile on the local file system. The entry type is cmd for the command /usr/bin/cp. The command has an effective user ID of 0 and an effective group ID of 0. ./smexec add -H myhost -p mypasswd -u root -- -n "User Manager" -t cmd -c /usr/bin/cp -u 0 -g 0 Example 2: Deleting an exec_attr Database Entry The following example deletes an exec_attr database entry for the User Manager profile from the local file system. The entry designated for the command /usr/bin/cp is deleted. ./smexec delete -H myhost -p mypasswd -u root -- -n "User Manager" -t cmd -c /usr/bin/cp Example 3: Modifying an exec_attr Database Entry The following modifies the attributes of the exec_attr database entry for the User Manager profile on the local file system. The /usr/bin/cp entry is modified to execute with the real user ID of 0 and the real group ID of 0. ./smexec modify -H myhost -p mypasswd -u root -- -n "User Manager" -t cmd -c /usr/bin/cp -U 0 -G 0 ENVIRONMENT VARIABLES
See environ(5) for a description of the JAVA_HOME environment variable, which affects the execution of the smexec command. If this envi- ronment variable is not specified, the /usr/java location is used. See smc(1M). EXIT STATUS
The following exit values are returned: 0 Successful completion. 1 Invalid command syntax. A usage message displays. 2 An error occurred while executing the command. An error message displays. FILES
The following file is used by the smexec command: /etc/security/exec_attr Rights profiles database. See exec_attr(4). ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWmga | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ SEE ALSO
smc(1M), exec_attr(4), attributes(5), environ(5) SunOS 5.10 24 May 2004 smexec(1M)