NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | ENVIRONMENT VARIABLES | EXIT STATUS | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO
The smexec command manages an entry in the exec_attr(4) database in the local /etc files name service or a NIS or NIS+ name service.
Symlinked commands should not be used as an argument to smexec. If a non-existent command is passed, the smexec command accepts it, but it does not work.
smexec subcommands are:
Adds a new entry to the exec_attrp(4) database.To
add an entry to the exec_attr database, the administrator must have the solaris.profmgr.execattr.write
authorization.
Deletes an entry from the exec_attr(4) database. To delete an entry from the exec_attr database, the administrator must have the solaris.profmgr.execattr.write
authorization.
Modifies an entry in the exec_attr(4) database. To modify an entry in the exec_attr database, the administrator must have the solaris.profmgr.execattr.write
authorization.
The smexec authentication arguments, auth_args, are derived from the smc(1M) arg set and are the same regardless of which subcommand you use.The smexec command requires the SMC to be initialized for the command to succeed (see smc(1M)). After rebooting the SMC server, the first smc connection may time out, so you may need to retry the command.
The subcommand-specific options, subcommand_args, must come after the auth_args and must be separated from them by the -- option.
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are all optional. If no auth_args are specified, certain defaults will be assumed and the user may be prompted for additional information, such as a password for authentication purposes. These letter options can also be specified by their equivalent option words preceded by a double dash. For example, you can use either -D or --domain with the domain argument.
Specifies the default domain that you want to manage. The syntax of domain is type:/host_name/domain_name, where type is nis, nisplus, dns, ldap, or file; host_name is the name of the machine that serves the domain; and domain_name is the name of the domain you want to manage. (Note: Do not use nis+ for nisplus.)
If you do not specify this option, the SMC assumes the file default domain on whatever server you choose to manage, meaning that changes are local to the server. Toolboxes can change the domain on a tool-by-tool basis; this option specifies the domain for all other tools.
Specifies the host_name and port to which you want to connect. If you do not specify a port, the system connects to the default port, 898. If you do not specify host_name:port, the SMC connects to the local host on port 898. You may still have to choose a toolbox to load into the console. To override this behavior, use the smc(1M) -B option, or set your console preferences to load a "home toolbox" by default.
Specifies the password for the role_name. If you specify a role_name but do not specify a role_password, the system prompts you to supply a role_password. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies the password for the user_name. If you do not specify a password, the system prompts you for one. Passwords specified on the command line can be seen by any user on the system, hence this option is considered insecure.
Specifies a role name for authentication. If you do not specify this option, no role is assumed.
Specifies the user name for authentication. If you do not specify this option, the user identity running the console process is assumed.
This option is required and must always follow the preceding options. If you do not enter the preceding options, you must still enter the -- option.
Note: Descriptions and other arg options that contain white spaces must be enclosed in double quotes.
(Optional) Specifies the human-readable string or hex representation of the clearance. It is a valid option when the tsol policy is specified.
Specifies the full path to the command or CDE action associated with the new exec_attr entry.
(Optional) Specifies the real group ID that executes with the command or CDE action.
(Optional) Specifies the effective group ID that executes with the command or CDE action.
(Optional) Displays the command's usage statement.
(Optional) Specifies the the human-readable string or hex representation of the label. It is a valid option when the tsol policy is specified.
Specifies the name of the profile associated with the new exec_attr entry.
Specifies the privilege name(s) or privilege number(s) to add to the new exec_attr entry. Additional privileges may be specified by specifying the -P multiple times. It is a valid option when the tsol policy is specified.
Specifies the policy (tsol or suser) associated with the new exec_attr entry. If this option is not specified, the default is suser.
Specifies the type cmd for command, or type act for CDE action.
(Optional) Specifies the real user ID that executes with the command or CDE action.
(Optional) Specifies the effective user ID that executes with the command or CDE action.
Specifies the full path to the command or CDE action associated with the exec_attr entry.
(Optional) Displays the command's usage statement.
Specifies the name of the profile associated with the exec_attr entry.
(Optional) Specifies the policy (tsol or suser) associated with the new exec_attr entry. If this option is not specified, the default is suser.
Specifies the type cmd for command, or type act for CDE action.
(Optional) Specifies the human-readable string or hex representation of the clearance. It is a valid option when the tsol policy is specified.
Specifies the full path to the command or CDE action associated with the exec_attr entry that you want to modify.
(Optional) Specifies the new real group ID that executes with the command or CDE action.
(Optional) Specifies the new effective group ID that executes with the command or CDE action.
(Optional) Displays the command's usage statement.
(Optional) Specifies the the human-readable string or hex representation of the label. It is a valid option when the tsol policy is specified.
Specifies the name of the profile associated with the exec_attr entry.
Specifies the privilege name(s) or privilege number(s) to add to the modified exec_attr entry. Additional privileges may be specified by specifying the -P multiple times. It is a valid option when the tsol policy is specified.
Specifies the policy (tsol or suser) associated with the new exec_attr entry. If this option is not specified, the default is suser.
Specifies the privilege name(s) or privilege number(s) to delete from the exec_attr entry. Additional privileges may be specified by specifying the -R multiple times. It is a valid option when the tsol policy is specified.
Specifies the type cmd for command, or type act for CDE action.
(Optional) Specifies the new real user ID that executes with the command or CDE action.
(Optional) Specifies the new effective user ID that executes with the command or CDE action.
The admin role connects to port 898 (which happens to also be the default) of the aviary server on the nis:/birds/aves.Sun.COM domain, and adds a new exec_attr entry for the User Manager profile. The entry type is act for the CDE action ReloadApps;*;*;*;0. The action has a clearance of Top Secret Able Baker, a label of confidential, and a policy of tsol. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smexec add -D nis:/birds/aves.Sun.COM \ -H aviary:898 -- -n "User Manager" -t act -c "ReloadApps;*;*;*;0" \ -C "TS A B" -L confidential -p tsol |
The admin role deletes the ReloadResources;*;*;*;0 CDE action entry in the exec_attr database for the User Manager profile. Since no authorization arguments were specified, the administrator connects to port 898 of the local host on the local server with the file domain type, which are the defaults. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smexec delete -- -n "User Manager" -p tsol \ -t act -c "ReloadResources;*;*;*;0" |
The admin role modifies the attributes of the exec_attr database entry for the User Manager profile. The ReloadApps;*;*;*;0 CDE action entry is modified to execute with a clearance of Secret Able. The administrator is prompted for the admin password.
$ /usr/sadm/bin/smexec modify -- -n "User Manager" -p tsol \ -t act -c "ReloadApps;*;*;*;0" -C "S A" |
See environ(5) for a description of the JAVA_HOME environment variable, which affects the execution of the smexec command. If this environment variable is not specified, the /usr/java location is used. See smc(1M).
The following exit values are returned:
Successful completion.
Invalid command syntax. A usage message displays.
An error occurred while executing the command. An error message displays.
The following file is used by the smexec command:
Execution profiles database. See exec_attr(4).
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Availability | SUNWmga |
To add, modify, or delete an entry in the exec_attr database, the administrator must have the solaris.profmgr.execattr.write
authorization.
The -C, -L, and -P options may be specified for the add and modify subcommands. The -p option may be specified for the add, modify, and delete subcommands. Input for a CDE action may be specified with most options.
smc(1M), smprofile(1M), smrole(1M), exec_attr(4)
NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | ENVIRONMENT VARIABLES | EXIT STATUS | FILES | ATTRIBUTES | SUMMARY OF TRUSTED SOLARIS CHANGES | SEE ALSO