cell(1m) cell(1m)
NAME
cell - A dcecp task object that operates on a DCE cell
SYNOPSIS
cell backup [cell_name]
cell catalog [cell_name]
cell help [operation | -verbose]
cell operations
cell ping [cell_name] [-clients] [-replicas]
cell show [cell_name] [-simplename]
ARGUMENTS
The name of a single cell to operate on. The name must be a fully qualified cell name such as either of the following:
/.../their_cell.goodco.com
/.: The name of the cell operation for which to display help information.
DESCRIPTION
The cell task object represents a single DCE cell as a whole, including all machines, services, resources, principals, and so on. The
optional cell_name argument is a single cell name (not a list of cell names). If omitted, the local cell (/.:) is the default.
ATTRIBUTES
Each value is the name of a security server in the cell. Each value is the name of a machine running a Cell Directory Service (CDS) server
in the cell. The name is the simple name found under /.:/hosts. Each value is the name of a Distributed Time Service (DTS) server in the
cell. Each value is the name of a host in the cell, including machines mentioned previously as servers; for example, hosts/machine1.
See the OSF DCE Administration Guide for more information about cell attributes.
OPERATIONS
cell backup
Backs up the master security database and each clearinghouse with master replicas in the cell. The syntax is as follows: cell backup
[cell_name]
The cell backup command backs up the master security database and each clearinghouse with master replicas in the cell. It requires that
dced be running on each of the server hosts in remote access mode (with the -r option).
Prepare a cell for regular backup operations by changing the access control lists (ACLs) on two of the dced objects on the local machine
and setting up an extended registry attribute (ERA) that can specify a backup destination (typically a tape archive). Then add the new
attribute to the principals for the master DCE Security Service registry database and all CDS clearinghouses with master replicas that you
want to back up. To do this, follow these steps: Verify that the dced process is running in remote access mode (-r), then put the DCE dae-
mon into partial service mode by sending the dced process the correct signal: # kill -SIGUSR1 pid_of_dced # Invoke dcecp with the -local
option: # dcecp -local dcecp> As the machine principal (usually root), modify ACLs on the local hostdata and srvrconf objects to allow the
subsys/dce/dced-admin group access by using the following dcecp acl operations: dcecp> acl modify hostdata -add {group subsys/dce/dced-
admin -riI} -local dcecp> acl modify srvrconf -add {group subsys/dce/dced-admin -riI} -local dcecp> acl modify srvrconf -add {group sub-
sys/dce/dced-admin -d-rwx} -io -local dcecp> Put the DCE daemon back into full service mode with the following command: # kill -SIGUSR1
pid_of_dced # As the cell administrator (usually cell_admin), create an ERA as a string that specified a backup destination. Name the ERA
/.:/sec/xattrschema/bckp_dest and the type printstring. Select the ACL manager named principal and set its four permission bits to r
(read), m (manage), r (read), and D (Delete) as shown in the following command: dcecp> xattrschema create /.:/sec/xattrschema/bckp_dest >
-encoding printstring -aclmgr {principal r m r D} dcecp> As the cell administrator, add the new ERA (bckp_dest) to the principal dce-rgy
(the DCE Security Service registry database). Set the value to be the tar filename or the device that is the backup destination, as fol-
lows: dcecp> principal modify dce-rgy -add {bckp_dest tarfilename_or_device} dcecp> As the cell administrator, add the new ERA (bckp_dest)
to the principal /.:/hosts/hostname/cds-server (the CDS server). Set the value to be the tar filename or the device that is the backup
destination, as follows: dcecp> principal modify /.:/hosts/hostname/cds-server > -add {bckp_dest tarfilename_or_device} dcecp>
Now, as the cell administrator, whenever you want to back up your registry database or CDS database, you can simply invoke a cell backup
command.
You can back up another cell by including the cell name as an argument to the cell backup command. Note that you need the necessary per-
missions in the remote cell. Refer to the registry object reference page for the required privileges. This command returns the string
"DCE Cell backup complete" on success.
Privileges Required
The administrator must be logged in as the local superuser (root). It also requires the user to be authenticated to the security service
as the cell administrator.
Examples dcecp> cell backup DCE Cell gumby1 backup complete dcecp>
cell catalog
Lists the foreign cells that are known by the specified cell. The syntax is as follows: cell catalog [cell_name]
The catalog operation returns a list of the names of all cells currently registered in the specified cell. The list includes the name of
the specified cell itself and of any registered foreign cells. If no cell_name is provided, the operation returns cells registered in the
local cell.
Privileges Required
You must have r (read) permission to the /.:/sec/principal directory and r (read) permission to the specified cell principals.
Examples
dcecp> cell catalog /.: /.../gumby_cell /.../pokey_cell /.../barney_cell dcecp>
cell help
Returns help information about the cell task object and its operations. The syntax is as follows: cell help [operation | -verbose]
Options Displays information about the cell task object.
Used without an argument or option, the cell help command returns brief information about each cell operation. The optional operation
argument is the name of an operation about which you want detailed information. Alternatively, you can use the -verbose option for more
detailed information about the cell task object itself.
Privileges Required
No special privileges are needed to use the cell help command.
Examples
dcecp> cell help backup Backs up master security database and known clearinghouses. catalog Returns the names of
the cells known to a cell. ping Shows the current server status of a cell. show Returns attributes describ-
ing the configuration of a cell. help Prints a summary of command-line options. operations Returns a list of the
valid operations for this command. dcecp>
cell operations
Returns a list of the operations supported by the cell task object. The syntax is as follows: cell operations
The list of available operations is in alphabetical order except for help and operations, which are listed last.
Privileges Required
No special privileges are needed to use the cell operations command.
Examples
dcecp> cell operations backup catalog ping show help operations dcecp>
cell ping
Performs quick checks to test whether a cell is running. The syntax is as follows: cell ping [cell_name] [-clients] [-replicas]
Options
This option causes the command to ping every machine in the cell. It does this by looping though /.:/hosts and doing a host ping on each
host name. In case of failure, it generates an error and returns a list of hosts that could not be contacted. On success, it returns DCE
clients available. This option causes the command to ping the master security server, each security replica in the cell, all the CDS
servers in the cell, and all the DTS servers in the cell. In case of failure, it generates an error and returns a list of servers that
could not be contacted. On success, it returns DCE servers available .
The ping operation performs a quick check to test whether a cell is running.
If called with no option, it pings (using server ping) the master security server, the CDS server that currently holds the write copy of
the the cell root directory (/.:), and all the DTS servers in the cell. In case of failure, it generates an error and returns a list of
servers that could not be contacted. On success, it returns DCE services available.
The -replicas option causes the command to ping each security replica and CDS server as well as those mentioned above. In case of failure,
it generates an error and returns a list of servers that could not be contacted. On success, it returns DCE servers available.
The -clients option causes the command to ping every machine in the cell. It does this by looping though /.:/hosts and doing a host ping
on the host name. In case of failure, it generates an error and returns a list of hosts that could not be contacted. On success, it
returns DCE clients available .
Privileges Required
You must have r (read) permission to the following directories: /.:/hosts, /.:/hosts/hostname, and /.:/subsys/dce/sec.
Examples
The following command tests whether the core services master servers are available: dcecp> cell ping /.../blue.cell.osf.org DCE services
available dcecp>
The following command tests whether the core services and their replicas are available: dcecp> cell ping -replicas DCE servers available
dcecp>
The following command tests the presence of all DCE hosts in a cell: dcecp> cell ping -clients DCE clients available dcecp>
cell show
Returns attributes describing the configuration of the specified cell. The syntax is as follows: cell show [cell_name] [-simplename]
Options
Returns the cell information without prepending the cell name.
The show operation returns attributes describing the configuration of the specified cell. The returned attributes are as follows: Each
value is the name of a security server. Each value is the name of a machine running a CDS server. The name is the simple name found under
/.:/hosts. Each value is the name of a DTS server in the cell. Each value is the name of a host in the cell, including machines mentioned
previously as servers; for example, hosts/machine1.
See the OSF DCE Administration Guide for more information about cell attributes.
Privileges Required
You must have r (read) permission to the following directories in the CDS namespace: /.:/hosts, /.:/hosts/hostname, and /.:/susbys/dce/sec
Examples
dcecp> cell show /.../dcecp.cell.osf.org {secservers
/.../dcecp.cell.osf.org/subsys/dce/sec/ice
/.../dcecp.cell.osf.org/subsys/dce/sec/fire} {cdsservers
/.../dcecp.cell.osf.org/hosts/frick} {dtsservers
/.../dcecp.cell.osf.org/hosts/frick
/.../dcecp.cell.osf.org/hosts/ice
/.../dcecp.cell.osf.org/hosts/ninja} {hosts
/.../dcecp.cell.osf.org/hosts/fire
/.../dcecp.cell.osf.org/hosts/frick
/.../dcecp.cell.osf.org/hosts/ice
/.../dcecp.cell.osf.org/hosts/ninja}
dcecp>
dcecp> cell show -simplename {secservers
subsys/dce/sec/ice
subsys/dce/sec/fire} {cdsservers
hosts/frick} {dtsservers hosts/frick hosts/ice hosts/ninja} {hosts hosts/fire hosts/frick hosts/ice hosts/ninja} dcecp>
RELATED INFORMATION
Commands: dcecp(1m), dcecp_directory(1m), dcecp_host(1m), dcecp_server(1m), dced(1m).
cell(1m)