Sun Fire V20z and Sun Fire V40z Servers--Server Management Guide
|
|
The access command validates a user's authority or controls authorization services. Using the access command, you can retrieve information about user groups, add a user to or delete a user from a group, and specify a mapping between site-defined administrative groups and the administrative groups that are used to authorize actions on the service processor.
Note - TABLE B-1 lists the groups of access subcommands. Every subcommand returns a return code upon completion.
|
TABLE B-1 Access Subcommand Groups
Subcommand Group
|
Description
|
access config-sharing
|
Controls configuration sharing in order to perform autoconfiguration.
|
access groups
|
Returns the authorization group for a specific user or a list of defined groups.
|
access map
|
Maps, unmaps, and returns a list of existing site-specified group names (the directory service group) mapped to one of the standard administrative groups.
|
access public key
|
Manages public keys and public key users.
|
access services
|
Enables, disables, or defines a directory services mechanism that determines a user's group memberships.
|
access trust
|
Creates a host-based trust relationship for the specified host.
|
access user
|
Manages local users or a group of users.
|
Access Config-Sharing Subcommands
The subcommands in TABLE B-2 control the configuration-sharing feature. This feature is required for autoconfiguration.
TABLE B-2 Access Config-Sharing Subcommands
Subcommand
|
Description
|
access enable config-sharing
|
Allows the SP to be a source for configuration settings for other SPs.
|
access disable config-sharing
|
Prevents the SP from being a source for configuration settings for other SPs.
|
access get config-sharing
|
Returns the value of the configuration sharing setting.
|
Access Enable Config-Sharing Subcommand
Description: This command is run on the SP. It enables one SP to be a source of configuration settings for other SPs. After you enable the config-sharing setting on one SP, any other SP with network access to the first server can replicate the configuration settings of the first server.
Format
access enable config-sharing
Return Codes
TABLE B-3 lists the return codes for this subcommand.
TABLE B-3 Return Codes for Subcommand access enable config-sharing
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Disable Config-Sharing Subcommand
Description: This command is run on the SP. It prevents an SP from being a source of configuration settings for other SPs.
Format
access disable config-sharing
Return Codes
TABLE B-4 lists the return codes for this subcommand.
TABLE B-4 Return Codes for Subcommand access disable config-sharing
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Get Config-Sharing Subcommand
Description: This command returns the value of the configuration-sharing setting.
Format
access get config-sharing
Values
TABLE B-5 lists the values for this subcommand.
TABLE B-5 Values for Subcommand access get config-sharing
Value
|
Description
|
Enabled
|
Allows configuration-settings sharing. The SP is a source of configuration settings for other SPs.
|
Disabled
|
Prevents configuration-settings sharing. The SP is blocked from being a source of configuration settings for other SPs.
|
Return Codes
TABLE B-6 lists the return codes for this subcommand.
TABLE B-6 Return Codes for Subcommand access get config-sharing
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Group Subcommands
The subcommands in TABLE B-7 return the authorization group for a specific user or for a list of defined groups.
TABLE B-7 Access Group Subcommands
Subcommand
|
Description
|
access get group
|
Returns the authorization group for the specified user.
|
access get groups
|
Returns a list of the groups defined, including the standard groups.
|
Access Get Group Subcommand
Description: Returns the authorization group for the specified user.
Format
access get group
Return Codes
TABLE B-8 lists the return codes for this subcommand.
TABLE B-8 Return Codes for Subcommand access get group
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, or other) was not found.
|
Access Get Groups Subcommand
Description: Returns a list of the groups defined, including the standard groups.
Format
access get groups
Return Codes
TABLE B-9 lists the return codes for this subcommand.
TABLE B-9 Return Codes for Subcommand access get groups
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, or other) was not found.
|
Access Map Subcommands
The subcommands in TABLE B-10 manage mappings between existing site-specified groups and one of the standard administrative groups.
TABLE B-10 Access Map Subcommands
Subcommand
|
Description
|
access get map
|
Returns the names of all the site-specified groups mapped to a specific administrative group.
|
access map
|
Maps an existing site-specified group name (the directory-service group) to one of the standard administrative groups.
|
access unmap
|
Removes the directory-service group and administrative group mapping.
|
Access Get Map Subcommand
Description: Returns the names of all the site-specified groups mapped to a specific administrative group.
Format
access get map LOGICAL_GROUP_NAME [{-D | --Delim}] [{-H | --noheader}]
Note - To return mappings for all groups, omit the group name from the command line.
|
TABLE B-11 lists the arguments for this subcommand.
TABLE B-11 Arguments for Subcommand access get map
Argument
|
Description
|
{ -H | --noheader }
|
Suppresses column headings.
|
{ -D | --Delim }
|
Delimits columns with the specified delimiter. Headings are also delimited unless suppressed. The delimiter can be any character or string.
|
Return Codes
TABLE B-12 lists the return codes for this subcommand.
TABLE B-12 Return Codes for Subcommand access get map
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
Access Map Subcommand
Description: Maps an existing site-specified group name (the directory-services group) to one of the standard administrative groups.
Format
access map {-d | --dsgroup} DIRECTORY-SERVICES-GROUP {-g | --group} LOCAL-GROUP {-v | --verify}
TABLE B-13 lists the arguments for this subcommand.
TABLE B-13 Arguments for Subcommand access map
Argument
|
Description
|
{-d | --dsgroup}
|
The name of the directory-services group for which you want to map to a standard administrative group.
|
{-g | --group}
|
The name of the standard administrative group to which you want to map to the directory-services group.
|
{-v | --verify}
|
Verifies the group existence.
|
Return Codes
TABLE B-14 lists the return codes for this subcommand.
TABLE B-14 Return Codes for Subcommand access map
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_InvalidOpForState
|
22
|
Invalid operation for current state.
|
Access Unmap Subcommand
Description: Removes the directory service group and administrative group mapping.
Format
access unmap [-a | --all] DIRECTORY-SERVICES-GROUP
TABLE B-15 lists the arguments for this subcommand.
TABLE B-15 Arguments for Subcommand access unmap
Argument
|
Description
|
DIRECTORY-SERVICES-GROUP
|
The name of the directory services group for which you want to remove a mapping.
|
[-a | --all]
|
Removes mappings for all of the directory services groups.
|
Return Codes
TABLE B-16 lists the return codes for this subcommand.
TABLE B-16 Return Codes for Subcommand access unmap
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Directory Services Subcommands
Services defines a directory-services mechanism that determines the group memberships for a user. Remote users gain access to the SP features only through these group mappings that relate a directory-services group to a local SP administrative group.
Therefore, using the command access map, the administrator must set up the appropriate directory-services configuration and create mappings from the directory-services groups to local SP administrative groups.
TABLE B-17 lists the Access Directory Services subcommands.
TABLE B-17 Access Directory Services Subcommands
Subcommand
|
Description
|
access disable service
|
Disables a directory service.
|
access enable service
|
Enables a directory service.
|
access get services
|
Defines a directory-services mechanism that determines the group memberships for a user.
|
Access Disable Service Subcommand
Description: Disables a directory service (either NIS or ADS) from the name-service lookup system on the SP.
Format
access disable service {nis | ads}
TABLE B-18 lists the argument for this subcommand.
TABLE B-18 Argument for Subcommand access disable service
Argument
|
Description
|
{nis | ads }
|
Specifies the service type: NIS or ADS.
|
Return Codes
TABLE B-19 lists the return codes for this subcommand.
TABLE B-19 Return Codes for Subcommand access disable service
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_InvalidOpForState
|
22
|
Invalid operation for current state.
|
Access Enable Service Subcommand
Description: Enables a directory service (either NIS or ADS) to name-service lookup system on the SP.
Format
access enable service NIS {-d | --domain} DOMAIN NAME {-s | --server } SERVER
access enable service ADS {-d | --domain} DOMAIN NAME {-s | --server } SERVER {-k | --keytab} KEYTAB FILENAME {-o | --ou} ORGANIZATIONAL UNIT {-l|--logon} LOGON
TABLE B-20 lists the arguments for this subcommand.
TABLE B-20 Arguments for Subcommand access enable service
Argument
|
Description
|
{-d | --domain}
|
Specifies the domain name.
|
{-s | --server}
|
Specifies the server.
|
{-k | --keytab}
|
For ADS only: Specifies the ADS keytab file name.
|
{-o | --ou}
|
For ADS only: Specifies the organizational unit under which the name-service library looks for group data.
|
{-l | --logon}
|
For ADS only: Specifies the login ID for the active directory account.
|
To use ADS as a directory service on the SP, you must create an active directory account. The name-service library on the SP uses this account to authenticate itself to the LDAP interface of the active directory server. A Microsoft Windows administrator can create the keytab for this account using the following command:
ktpass -princ <logon>@<domain> -pass <password> -mapuser <logon> -out <output filename>
The keytab file must then be securely transferred to the SP using an encrypted file-transfer mechanism.
The clock on the SP must be accurate and DNS must be set up (meaning that the SP must have a DNS record).
If a directory service has been previously enabled, you can specify the following command and options; the saved settings are then used to re-enable the service.
access enable service -t <nis | ads>
Return Codes
TABLE B-21 lists the return codes for this subcommand.
TABLE B-21 Return Codes for Subcommand access enable service
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, etc.) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_FileError
|
18
|
File open, file missing, or a read or write error occurred.
|
NWSE_InvalidOpForState
|
22
|
Invalid operation for current state.
|
Access Get Services Subcommand
Description: Returns a string containing the current naming services option (NIS or ADS).
Format
access get services [ {-t | --type } NIS [{-d | --domain} | {-s | --server}] [-H | --noheader]] [{-D | --Delim <DELIMITER>}]
access get services [ {-t | --type } ADS [{ -d | --domain} | {-s | --server} | {-l | --logonID} | {-o | --ou}] [-H | --noheader]] [{-D | --Delim <DELIMITER>}
TABLE B-22 lists the arguments for this subcommand.
TABLE B-22 Arguments for Subcommand access get services
Argument
|
Description
|
{-t | --type }
|
Returns information about the configuration of either the NIS or ADS service. You must specify -t to return a list of enabled services.
|
{-d | --domain}
|
Returns domain information. Only one of the parameters -d and -s are permitted at a time.
|
{-s | --server}
|
Returns server information. Only one of the parameters -d and -s are permitted at a time.
|
{-l | --ID}
|
For ADS only: Returns the ADS login ID. Only one of the parameters -o and -l are permitted at a time.
|
{-o | --ou}
|
For ADS only: Returns the organization unit information. Only one of the parameters -o and -l are permitted at a time.
|
[-H | --noheader]
|
Suppresses header output.
|
{-D | --Delim <DELIMITER>}
|
Delimits columns with the specified delimiter. Headings are also delimited unless suppressed. The delimiter can be any character or string.
|
Return Codes
TABLE B-23 lists the return codes for this subcommand.
TABLE B-23 Return Codes for Subcommand access get services
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
Access Trust Subcommands
Adding host-based trusts provides many-to-one scripting solutions. Once a host-equivalence relationship has been created with a client, users on that client can remotely execute commands on the SP without being prompted for a password.
TABLE B-24 lists the commands related to trusted-host relationships.
TABLE B-24 Access Trust Subcommands
Subcommand
|
Description
|
access add trust
|
Creates a host-based trust relationship for the specified host.
|
access delete trust
|
Removes a host-based trust relationship for the specified host.
|
access get trusts
|
Requests a list of hosts involved in trust relationships with the SP.
|
Access Add Trust Subcommand
Description: Creates a host-based trust relationship for the specified host. Adding host-based trusts provides many-to-one scripting solutions. Once a host-equivalence relationship has been created with a client, users on that client can remotely execute commands on the SP without being prompted for a password, provided one of the following conditions is met:
- Their login on the client has the same user name as a local user on the SP.
- Their login on the client is in a directory-service group that is mapped to an SP administrative group.
Format
access add trust {-c | --client} HOST {-k | --keyfile} PUBLIC KEY FILE
TABLE B-25 lists the arguments for this subcommand.
TABLE B-25 Arguments for Subcommand access add trust
Arguments
|
Description
|
{-c | --client}
|
Specifies the host for which to create the relationship.
|
{-k | --keyfile}
|
Specifies the public key file.
|
If the login is authorized through a mapping of a directory-service group, the ssh command is executed as the proxy user on the SP: either rmonitor, radmin, or rmanager.
Support is available for SSH protocol version 2 key types (RSA or DSA) only.
If DNS is enabled on the SP, the client machine must be specified with its DNS name, (and not the IP address).
Generating Host Keys
The host's ssh installation should generate the host keys. If it does not, follow these steps to manually generate the key pair:
1. Type the following command:
ssh-keygen -q -t rsa -f rsa_key -C '' -N ''
2. Copy rsa_key to /etc/ssh/ssh_host_rsa_key.
3. Ensure that only the root user has read or write permission to this file. The rsa_key.pub file is the file you will transfer to the SP.
Note - Only protocol version 2 key types and 1024-bit key sizes (the default generated by ssh-keygen) are supported.
|
4. Copy the host's public key (the rsa_key.pub file) to the SP using scp (secure copy), or by copying the host key to an external file system that has been mounted on the SP.
Note - Use scp to copy the files to either /tmp or to your home directory. The SP commands will then install the file specified on the command line to /pstore.
|
Note - If DNS is enabled on the SP, you must specify the client that is used in the trust commands with its DNS name (and not the IP address).
|
Return Codes
TABLE B-26 lists the return codes for this subcommand.
TABLE B-26 Return Codes for Subcommand access add trust
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_FileError
|
18
|
File open, file missing, or a read or write error occurred.
|
NWSE_Exist
|
19
|
Entity (user, service, or other) already exists.
|
Access Delete Trust Subcommand
Description: Removes a host-based trust relationship for the specified host.
Format
access delete trust CLIENT HOSTNAME [-a | --all] [-q | --quiet]
TABLE B-27 lists the arguments for this subcommand.
TABLE B-27 Arguments for Subcommand access delete trust
Argument
|
Description
|
CLIENT HOSTNAME
|
Specifies the name of the client to remove.
|
[-a | --all]
|
Removes all trust relationships.
|
[-q | --quiet]
|
If the trust relationship to delete is not found, this argument specifies that no error be returned.
|
Return Codes
TABLE B-28 lists the return codes for this subcommand.
TABLE B-28 Return Codes for Subcommand access delete trust
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_DeviceError
|
25
|
Error deleting trusted host. Insufficient space in /tmp.
|
Access Get Trusts Subcommand
Description: Requests a list of hosts involved in trust relationships with the SP.
Format
access get trusts
Return Codes
TABLE B-29 lists the return codes for this subcommand.
TABLE B-29 Return Codes for Subcommand access get trusts
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Public Key Subcommands
The subcommands listed in TABLE B-30 allow you to manage public keys and public-key users.
TABLE B-30 Access Public Key Subcommands
Subcommand
|
Description
|
access add public key
|
Installs a public key for SSH authentication.
|
access get public key users
|
Determines which users have public keys installed.
|
access delete public key
|
Removes a user's public key.
|
Access Add Public Key Subcommand
Description: Installs a public key for SSH authentication, which enables SSH logins and remote command execution without being prompted for a password. You must first generate a key pair (RSA or DSA), which you can generate using the ssh-keygen command included with OpenSSH.
- Only local users can install public keys (not users who gain authorization through a mapping of a directory-services group).
- Manager-level users can add keys for any local user.
- Admin-level users can add only themselves.
- Service-level users can not add anyone.
- Up to 10 users can install public keys; each user can install only one key.
- The maximum key length supported is 4096 bits.
Format
access add public key {-k | --keyfile} PUBLIC_KEY_FILE [-u | --user] USER
TABLE B-31 lists the arguments for this subcommand.
TABLE B-31 Arguments for Subcommand access add public key
Arguments
|
Description
|
{-k | --keyfile}
|
Specifies the user's public RSA or DSA key.
|
{-u | --user}
|
Specifies the user for which this key will be installed. The default is the current user if no user is specified.
|
Return Codes
TABLE B-32 lists the return codes for this subcommand.
TABLE B-32 Return Codes for Subcommand access add public key
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid. The group specified with -g is an invalid local SP administrative group or the length of the user name or password exceeds the maximum length.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_Exist
|
19
|
The user already exists.
|
NWSE_LimitExceeded
|
26
|
Limit has been exceeded.
|
Access Get Public Key Users Subcommand
Description: Determines which users have public keys installed.
Format
access get public key users
Return Codes
TABLE B-33 lists the return codes for this subcommand.
TABLE B-33 Return Codes for Subcommand access get public key users
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Delete Public Key Subcommand
Description: All users can execute this command to remove their own individual public key. Manager-level users can execute this command to remove the public key for any user.
Format
access delete public key [-u | --user] USER [-a | --all] [-q | --quiet]
TABLE B-34 lists the arguments for this subcommand.
TABLE B-34 Arguments for Subcommand access delete public key
Arguments
|
Description
|
[-u | --user]
|
The user whose public key will be removed. Defaults to the current user If USER is not specified. This argument is repeatable to remove multiple public keys at one time.
|
[-a | --all]
|
Removes all public keys.
|
[-q | --quiet]
|
If the user to delete is not found, this argument specifies that no error be returned.
|
Return Codes
TABLE B-35 lists the return codes for this subcommand.
TABLE B-35 Return Codes for Subcommand access delete public key
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access User Subcommands
The subcommands listed in TABLE B-36 allow you to manage a single user or group of users.
TABLE B-36 Access User Subcommands
Subcommand
|
Description
|
access add user
|
Adds the specified local user to the specified group.
|
access delete user
|
Deletes the specified user.
|
access get users
|
Retrieves all the users in an administrative group or all users in all groups.
|
access update password
|
Updates the password of the specified user.
|
access update user
|
Updates the login information for the specified user.
|
Access Add User Subcommand
Description: Adds the specified local user to the specified group with the specified user name and password.
Format
access add user {-p | --password} PASSWORD {-g | --group} GROUP {-u | --user} USERNAME
TABLE B-37 lists the arguments for this subcommand.
TABLE B-37 Arguments for Subcommand access add user
Arguments
|
Description
|
{-p | --password}
|
Specifies the password for the new user. The password is optional and if not specified, a prompt displays requesting confirmation.
|
{-g | --group}
|
Specifies the group to which the new user will belong.
|
{-u | --user}
|
Specifies the name of the new user to add. This argument is repeatable to add multiple users at one time.
|
Return Codes
TABLE B-38 lists the return codes for this subcommand.
TABLE B-38 Return Codes for Subcommand access add user
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid. The group specified with -g is an invalid local SP administrative group or the length of the user name or password exceeds the maximum length.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_Exist
|
19
|
The user already exists.
|
Access Delete User Subcommand
Description: Deletes a user.
Format
access delete user USERNAME [-a | --all] [-q | --quiet]
TABLE B-39 lists the arguments for this subcommand.
TABLE B-39 Arguments for Subcommand access delete user
Argument
|
Description
|
USERNAME
|
Specifies the name of the user to remove. This argument is repeatable to remove multiple users at one time.
|
[-a | --all]
|
Removes all user accounts. The manager-level user executing the command is not removed.
|
[-q | --quiet]
|
If the user to delete is not found, this argument specifies that no error be returned.
|
Return Codes
TABLE B-40 lists the return codes for this subcommand.
TABLE B-40 Return Codes for Subcommand access delete user
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Specified user was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Get Users Subcommand
Description: Retrieves all the local users in an administrative group.
Format
access get users {-g | --group} [{-H | noheader}][{-D | --Delim <DELIMITER>}]
TABLE B-41 lists the arguments for this subcommand.
TABLE B-41 Arguments for Subcommand access get users
Argument
|
Description
|
{-g | --group}
|
Specifies that group from which to retrieve all users.
|
{ -H | --noheader }
|
Specifies that column headings should be suppressed.
|
{ -D | --Delim }
|
Specifies to delimit columns with the specified delimiter. Headings are also delimited unless suppressed. The delimiter can be any character or string.
|
Return Codes
TABLE B-42 lists the return codes for this subcommand.
TABLE B-42 Return Codes for Subcommand access get users
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
Access Update Password Subcommand
Note - This command is for managers to change other users' passwords; all users can change their own passwords.
|
Description: Changes the password of an existing user.
Format
access update password {-p | --password} PASSWORD {u | --user} USER
TABLE B-43 lists the arguments for this subcommand.
TABLE B-43 Arguments for Subcommand access update password
Argument
|
Description
|
{-u | --user}
|
The name of the user whose password you want to update. If a user name is not specified, the current user is implied. You must have manager-level access to change another user's password. This argument is repeatable to update multiple user's passwords at one time.
|
{-p | --password}
|
The user's new password. If a password is not specified, a prompt appears to enter the password and again to confirm the password.
|
Return Codes
TABLE B-44 lists the return codes for this subcommand.
TABLE B-44 Return Codes for Subcommand access update password
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Update User Subcommand
Description: Updates the login information (password or group) for the user.
Format
access update user {-u | --user} USER {-p | --password} PASSWORD {-g | --group} GROUP
TABLE B-45 lists the arguments for this subcommand.
Note - The -p and -g arguments are optional but you must specify at least one.
|
TABLE B-45 Arguments for Subcommand access update user
Argument
|
Description
|
{-u | --user}
|
The name of the user to update.
|
{-p | --password}
|
The user's new password. The -p and -g options are optional but you must specify at least one.
|
{-g | --group}
|
The new group to which to reassign to the user. The -p and -g options are optional but you must specify at least one.
|
Return Codes
TABLE B-45 lists the return codes for this subcommand.
TABLE B-46 Return Codes for Subcommand access update user
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Sun Fire V20z and Sun Fire V40z Servers--Server Management Guide
|
817-5249-17
|
|
Copyright © 2004-2007, Sun Microsystems, Inc. All Rights Reserved.