This chapter describes the commands that you need to use to manage users and groups.
The CLI includes the following sets of commands for managing users and groups.
Table 13–1 Sets of Commands for User Accounts, Groups, and Logins
CLI Prefix |
Description of Command Set |
---|---|
udb.g |
Commands for managing user groups. |
udb.login udb.logout udb.whoami |
Commands for managing login sessions |
udb.p |
Commands for managing permissions |
udb.u |
Commands for managing user accounts |
udb.sv |
Commands for managing session variables. |
udb.l |
Command for listing all login configurations. |
This chapter describes all the commands in each of these sets.
You can use the udb.g commands to define, modify, delete, and list user groups.
Table 13–2 Summary of udb.g Commands
Command Name |
Description |
---|---|
udb.g.add |
Adds a new user group |
udb.g.del |
Deletes a user group |
udb.g.la |
Lists all the user groups |
udb.g.lo |
Retrieves information about the specified user group. |
udb.g.lp |
Lists the permissions granted to the specified group |
udb.g.lu |
Lists the users who are members of the specified group |
udb.g.mod |
Modifies an existing user group |
This command adds a new group.
Table 13–3 Arguments and Result for the udb.g.add Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
n |
[R] |
String |
The new group name |
d |
[O] |
String |
The new group description |
hostWrite |
[O] |
Boolean |
Whether the new group has write permission on hosts; default is false |
notRuleWrite |
[O] |
Boolean |
Whether the new group has write permission on notification rules; default is false |
adminWrite |
[O] |
Boolean |
Whether the new group has write permission on ``admin: users and groups;'' default is false |
diffWrite |
[O] |
Boolean |
Whether the new group has write permission on comparisons; default is false |
diffRun |
[O] |
String |
The hostSet ID for which the new group has execute permission for comparisons. An empty value removes the execute permission on any hostsets. To set this permission for ``all'' hostsets, clients use the ``allhosts'' sentinel value. |
ua |
[O] |
UserArray |
The new group users |
pga |
[O] |
GroupArray |
The new group parent groups |
cga |
[O] |
GroupArray |
The new group child groups |
result |
Group |
The new group |
This command deletes the specified group.
Deleting a group does not delete the user accounts in the group. It simply deletes the group as a classification for the user accounts.
Argument |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
GroupID |
The group ID |
This command lists all the groups defined in the Sun N1 Service Provisioning System software.
Table 13–5 Result for the udb.g.la Command
Result |
Syntax |
Description |
---|---|---|
result |
GroupArray |
The groups |
This command retrieves the specified group.
Table 13–6 Argument and Result for the udb.g.lo Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
GroupID |
The group ID |
result |
Group |
The group |
This command lists the permissions granted to a group
Table 13–7 Argument and Result for the udb.g.lp
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
GroupID |
The group ID |
result |
PermissionArray |
The permissions |
This command lists the members of the specified group
Table 13–8 Argument and Result for the udb.g.lu Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
GroupID |
The group ID |
result |
UserArray |
The users |
This command modifies an existing group. Omitted arguments preserve current values
Table 13–9 Arguments and Result for the udb.g.mod Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
GroupID |
The group ID |
n |
[O] |
String |
The new group name |
d |
[O] |
String |
The new group description |
hostWrite |
[O] |
Boolean |
Whether the new group has write permission on hosts |
notRuleWrite |
[O] |
Boolean |
Whether the new group has write permission on notification rules |
adminWrite |
[O] |
Boolean |
Whether the new group has write permission on ``admin: users and groups'' |
diffWrite |
[O] |
Boolean |
Whether the new group has write permission on comparisons |
diffRun |
[O] |
String |
The hostSet ID for which the new group has execute permission for comparisons. An empty value removes the execute permission on any hostsets. To set this permission for ``all'' hostsets, clients use the ``allhosts'' sentinel value. |
ua |
[O] |
UserArray |
The new group users |
pga |
[O] |
GroupArray |
The new group parent groups |
cga |
[O] |
GroupArray |
The new group child groups |
result |
Group |
The modified group |
You can use the udb.u commands to manage individual user accounts.
Table 13–10 Summary of udb.u Commands
Command Name |
Description |
---|---|
udb.u.add |
Adds a new user account |
udb.u.cp |
Changes the password of the specified user |
udb.u.la |
Lists all user accounts |
udb.u.lo |
Retrieves information about the specified user. |
udb.u.lp |
Lists the permissions granted to the specified user |
udb.u.mod |
Modifies the specified user account |
This command adds a new user.
Table 13–11 Arguments and Result for the udb.u.add Command
Argument |
Syntax |
Description |
|
---|---|---|---|
nu |
[R] |
String |
The user name of the new user |
np |
[O/R] |
String |
The plaintext password for the new user; required if an encoded password is not available or supplied. |
nep |
[O/R] |
String |
The encoded password for the new user; required if a plaintext password is not available or supplied. |
ng |
[O] |
GroupArray |
The user groups for the new user |
hide |
[O] |
Boolean |
Whether the user is set to hidden, default false |
loginConfig |
[O/R] |
String |
Login configuration to use for this user; default is ``internal,'' if available, otherwise required |
result |
User |
The new user |
This command changes the password of the specified user.
Table 13–12 Arguments for the udb.u.cp Command
Argument |
Syntax |
Description |
|
---|---|---|---|
un |
[R] |
String |
The user name of the user whose password should be changed. |
op |
[O/R] |
String |
The old plaintext password. |
oep |
[O/R] |
String |
The old encoded password. |
np |
[O/R] |
String |
The new plaintext password. |
nep |
[O/R] |
String |
The new encoded password. |
This command lists all user accounts.
Table 13–13 Argument and Result for the udb.u.la Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
sh |
[O] |
Boolean |
Whether hidden users are shown, default false |
result |
UserArray |
The users |
The udb.u.lo command retrieves the specified user.
Table 13–14 Argument and Result for the udb.u.lo Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
UserID |
The user ID |
result |
User |
The user |
This command lists the permissions granted to a user.
Table 13–15 Argument/Result for the udb.u.lp Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
UserID |
The user ID |
result |
PermissionArray |
The permissions |
This command modifies an existing user; omitted arguments preserve current values
Table 13–16 Argument/Result for the udb.u.mod Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
UserID |
The user ID |
np |
[O] |
String |
The new plaintext password for the user, cannot be used in conjunction with the an encoded password |
nep |
[O] |
String |
The new encoded password for the user, cannot be used in conjunction with the a plaintext password |
ng |
[O] |
GroupArray |
The new user groups for the user |
hide |
[O] |
Boolean |
Whether the user is set to hidden |
active |
[O] |
Boolean |
Whether the user is set to active |
forceFlush |
[O] |
Boolean |
True means flush the user's session variables, if needed, false means abort the modification. Defaults to false. |
loginConfig |
[O] |
String |
The new login configuration for the user |
result |
User |
The modified user |
You can use the udb.sv commands to manage session variables.
Table 13–17 Summary of udb.sv Commands
Command Name |
Description |
---|---|
udb.sv.add |
Adds a new session variable. |
udb.sv.del |
Deletes a session variable. |
udb.sv.fl |
Flushes all of a user's session variables. |
udb.sv.la |
Lists all session variables. |
udb.sv.lo |
Retrieves information about the session variable. |
udb.sv.mod |
Modifies the specified session value. |
udb.sv.re |
Reencrypts all of a user's session variables. |
This command adds a new session variable (a password must be set using the -p parameter if variables are to be persisted).
If you are logged in to the HTML user interface and you add a session variable through the CLI, the session variable name will display without the value when you refresh the list of variables. To display the new session variable's value, log out of the HTML user interface and log back in.
Argument |
Syntax |
Description |
|
---|---|---|---|
name |
[R] |
String |
The new session variable name |
secure |
[O] |
Boolean |
Whether or not the value should be displayed; true means no; default false |
desc |
[O] |
String |
The new session variable value description |
value |
[R] |
String |
The new session variable value for this user. If the value for the variable is an empty string, enter: - value "" |
result |
SessionVariable |
The new session variable |
This command deletes a session variable.
Table 13–19 Arguments for the udb.sv.del Command
Argument |
Syntax |
Description |
|
---|---|---|---|
name |
[R] |
String |
The name of the session variable to delete |
This command flushes all of a user's session variables.
Table 13–20 Arguments for the udb.sv.fl Command
Argument |
Syntax |
Description |
|
---|---|---|---|
u |
[R] |
String |
The name of the user |
p |
[O/R] |
String |
The plaintext password for the user |
ep |
[O/R] |
String |
The encoded password for this user |
This command lists all session variables.
Table 13–21 Argument and Result for the udb.sv.la Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
result |
SessionVariableSet |
The variables available to this user |
This command retrieves the specified session variable
Table 13–22 Argument and Result for the udb.sv.lo Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
name |
[R] |
String |
The name of the session variable to show |
result |
SessionVariable |
The session variable |
This command modifies a session variable; a password must be set using the -p parameter if variables are to be persisted.
Table 13–23 Argument/Result for the udb.sv.mod Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
name |
[R] |
String |
The name of the session variable to modify |
secure |
[O] |
String |
Whether or not the value should be displayed; true means no; default false |
desc |
[O] |
String |
The new session variable description |
value |
[O] |
String |
The new session variable value for this user |
result |
SessionVariable |
The new session variable |
This command reencrypts all of a user's session variables.
Table 13–24 Arguments for the udb.sv.re Command
Argument |
Syntax |
Description |
|
---|---|---|---|
u |
[R] |
String |
The name of the user |
p |
[O/R] |
String |
The plaintext password for the user |
ep |
[O/R] |
String |
The encoded password for the user |
op |
[O/R] |
String |
The old plaintext password used to encrypt these variables |
oep |
[O/R] |
String |
The old encoded password used to encrypt these variables |
Logs in a user and returns a SessionID that can be used for authentication. To send the session IDto a file, the arguments -o and -of must be specified before the username and password.
Table 13–25 Result of the udb.login Command
Argument |
Syntax |
Description |
|
---|---|---|---|
o |
[O] |
String |
The name of the formatter |
of |
[O] |
String |
The name of the output file |
u |
[R] |
String |
The username |
p |
[O/R] |
String |
The plaintext user password; required if the encoded password is not available or supplied. |
ep |
[O/R] |
String |
The encoded user password; required if the plaintext password is not available or supplied. |
result |
SessionID |
The session ID |
This example demonstrates saving a session ID being saved for reuse.
serialized
sessionid
# cr_cli -cmd udb.login -o serialized -of sessionid -u admin -p admin |
This command logs out the user who runs it.
This command returns the owner of the current session.
Table 13–26 Result of the udb.whoami Command
Result |
Syntax |
Description |
---|---|---|
result |
UserID |
The current user ID |
The udb.p commands enable you to display information about the permissions established in the Sun N1 Service Provisioning System software.
Table 13–27 Summary of the udb.p Commands
Command |
Description |
---|---|
udb.p.la |
Lists all permissions. |
udb.p.lo |
Retrieves the specified permission. |
This command lists all permissions.
Table 13–28 Result for the udb.p.la Command
Result |
Syntax |
Description |
---|---|---|
result |
PermissionArray |
The permissions |
This command retrieves the specified permission..
Table 13–29 Argument and Result for the udb.p.lo Command
Argument/Result |
Syntax |
Description |
|
---|---|---|---|
ID |
[R] |
PermissionID |
The permission ID |
result |
Permission |
The permission |
This command lists all of the login configurations.
Table 13–30 Result for the udb.l.la Command
Argument |
Syntax |
Description |
|
---|---|---|---|
result |
LoginConfiguration- Array |
The list of login configurations |