Sun N1 Service Provisioning System 5.1 Command-Line Interface Reference Manual

Chapter 13 udb: CLI Commands for Managing Users and Groups

This chapter describes the commands that you need to use to manage users and groups.

Overview of the udb Commands

The CLI includes the following sets of commands for managing users and groups.

Table 13–1 Sets of Commands for User Accounts, Groups, and Logins

CLI Prefix 

Description of Command Set 

udb.g 

Commands for managing user groups. 

udb.login 

udb.logout 

udb.whoami 

Commands for managing login sessions 

udb.p 

Commands for managing permissions 

udb.u 

Commands for managing user accounts 

udb.sv 

Commands for managing session variables. 

udb.l 

Command for listing all login configurations. 

This chapter describes all the commands in each of these sets.

udb.g: Managing User Groups

You can use the udb.g commands to define, modify, delete, and list user groups.

Table 13–2 Summary of udb.g Commands

Command Name 

Description 

udb.g.add 

Adds a new user group 

udb.g.del 

Deletes a user group 

udb.g.la 

Lists all the user groups 

udb.g.lo 

Retrieves information about the specified user group. 

udb.g.lp 

Lists the permissions granted to the specified group 

udb.g.lu 

Lists the users who are members of the specified group 

udb.g.mod 

Modifies an existing user group 

udb.g.add

This command adds a new group.

Table 13–3 Arguments and Result for the udb.g.add Command

Argument/Result 

Syntax 

Description 

[R] 

String 

The new group name 

[O] 

String 

The new group description 

hostWrite 

[O] 

Boolean 

Whether the new group has write permission on hosts; default is false 

notRuleWrite 

[O] 

Boolean 

Whether the new group has write permission on notification rules; default is false 

adminWrite 

[O] 

Boolean 

Whether the new group has write permission on ``admin: users and groups;'' default is false 

diffWrite 

[O] 

Boolean 

Whether the new group has write permission on comparisons; default is false 

diffRun 

[O] 

String 

The hostSet ID for which the new group has execute permission for comparisons. An empty value removes the execute permission on any hostsets. To set this permission for ``all'' hostsets, clients use the ``allhosts'' sentinel value. 

ua 

[O] 

UserArray 

The new group users 

pga 

[O] 

GroupArray 

The new group parent groups 

cga 

[O] 

GroupArray 

The new group child groups 

result 

Group 

The new group 

udb.g.del

This command deletes the specified group.


Note –

Deleting a group does not delete the user accounts in the group. It simply deletes the group as a classification for the user accounts.


Table 13–4 Argument for the udb.g.del Command

Argument 

Syntax 

Description 

ID 

[R] 

GroupID 

The group ID 

udb.g.la

This command lists all the groups defined in the Sun N1 Service Provisioning System software.

Table 13–5 Result for the udb.g.la Command

Result 

Syntax 

Description 

result 

GroupArray 

The groups 

udb.g.lo

This command retrieves the specified group.

Table 13–6 Argument and Result for the udb.g.lo Command

Argument/Result 

Syntax 

Description 

ID 

[R] 

GroupID 

The group ID 

result 

Group 

The group 

udb.g.lp

This command lists the permissions granted to a group

Table 13–7 Argument and Result for the udb.g.lp

Argument/Result 

Syntax 

Description 

ID 

[R] 

GroupID 

The group ID 

result 

PermissionArray 

The permissions 

udb.g.lu

This command lists the members of the specified group

Table 13–8 Argument and Result for the udb.g.lu Command

Argument/Result 

Syntax 

Description 

ID 

[R] 

GroupID 

The group ID 

result 

UserArray 

The users 

udb.g.mod

This command modifies an existing group. Omitted arguments preserve current values

Table 13–9 Arguments and Result for the udb.g.mod Command

Argument/Result 

Syntax 

Description 

ID 

[R] 

GroupID 

The group ID 

[O] 

String 

The new group name 

[O] 

String 

The new group description 

hostWrite 

[O] 

Boolean 

Whether the new group has write permission on hosts 

notRuleWrite 

[O] 

Boolean 

Whether the new group has write permission on notification rules 

adminWrite 

[O] 

Boolean 

Whether the new group has write permission on ``admin: users and groups'' 

diffWrite 

[O] 

Boolean 

Whether the new group has write permission on comparisons 

diffRun 

[O] 

String 

The hostSet ID for which the new group has execute permission for comparisons. An empty value removes the execute permission on any hostsets. To set this permission for ``all'' hostsets, clients use the ``allhosts'' sentinel value. 

ua 

[O] 

UserArray 

The new group users 

pga 

[O] 

GroupArray 

The new group parent groups 

cga 

[O] 

GroupArray 

The new group child groups 

result 

Group 

The modified group 

udb.u: Managing User Accounts

You can use the udb.u commands to manage individual user accounts.

Table 13–10 Summary of udb.u Commands

Command Name 

Description 

udb.u.add 

Adds a new user account 

udb.u.cp 

Changes the password of the specified user 

udb.u.la 

Lists all user accounts 

udb.u.lo 

Retrieves information about the specified user. 

udb.u.lp 

Lists the permissions granted to the specified user 

udb.u.mod 

Modifies the specified user account 

udb.u.add

This command adds a new user.

Table 13–11 Arguments and Result for the udb.u.add Command

Argument 

Syntax 

Description 

nu 

[R] 

String 

The user name of the new user 

np 

[O/R] 

String 

The plaintext password for the new user; required if an encoded password is not available or supplied. 

nep 

[O/R] 

String 

The encoded password for the new user; required if a plaintext password is not available or supplied. 

ng 

[O] 

GroupArray 

The user groups for the new user 

hide 

[O] 

Boolean 

Whether the user is set to hidden, default false 

loginConfig 

[O/R] 

String 

Login configuration to use for this user; default is ``internal,'' if available, otherwise required 

result 

User 

The new user 

udb.u.cp

This command changes the password of the specified user.

Table 13–12 Arguments for the udb.u.cp Command

Argument 

Syntax 

Description 

un 

[R] 

String 

The user name of the user whose password should be changed. 

op 

[O/R] 

String 

The old plaintext password.  

oep 

[O/R] 

String 

The old encoded password. 

np 

[O/R] 

String 

The new plaintext password. 

nep 

[O/R] 

String 

The new encoded password. 

udb.u.la

This command lists all user accounts.

Table 13–13 Argument and Result for the udb.u.la Command

Argument/Result 

Syntax 

Description 

sh 

[O] 

Boolean 

Whether hidden users are shown, default false 

result 

UserArray 

The users 

udb.u.lo

The udb.u.lo command retrieves the specified user.

Table 13–14 Argument and Result for the udb.u.lo Command

Argument/Result 

Syntax 

Description 

ID 

[R] 

UserID 

The user ID 

result 

User 

The user 

udb.u.lp

This command lists the permissions granted to a user.

Table 13–15 Argument/Result for the udb.u.lp Command

Argument/Result 

Syntax 

Description 

ID 

[R] 

UserID 

The user ID 

result 

PermissionArray 

The permissions 

udb.u.mod

This command modifies an existing user; omitted arguments preserve current values

Table 13–16 Argument/Result for the udb.u.mod Command

Argument/Result 

Syntax 

Description 

ID 

[R] 

UserID 

The user ID 

np 

[O] 

String 

The new plaintext password for the user, cannot be used in conjunction with the an encoded password 

nep 

[O] 

String 

The new encoded password for the user, cannot be used in conjunction with the a plaintext password 

ng 

[O] 

GroupArray 

The new user groups for the user 

hide 

[O] 

Boolean 

Whether the user is set to hidden 

active 

[O] 

Boolean 

Whether the user is set to active 

forceFlush 

[O] 

Boolean 

True means flush the user's session variables, if needed, false means abort the modification. Defaults to false. 

loginConfig 

[O] 

String 

The new login configuration for the user 

result 

User 

The modified user 

udb.sv: Managing Session Variables

You can use the udb.sv commands to manage session variables.

Table 13–17 Summary of udb.sv Commands

Command Name 

Description 

udb.sv.add 

Adds a new session variable. 

udb.sv.del 

Deletes a session variable. 

udb.sv.fl 

Flushes all of a user's session variables. 

udb.sv.la 

Lists all session variables. 

udb.sv.lo 

Retrieves information about the session variable. 

udb.sv.mod 

Modifies the specified session value. 

udb.sv.re 

Reencrypts all of a user's session variables. 

udb.sv.add

This command adds a new session variable (a password must be set using the -p parameter if variables are to be persisted).


Note –

If you are logged in to the HTML user interface and you add a session variable through the CLI, the session variable name will display without the value when you refresh the list of variables. To display the new session variable's value, log out of the HTML user interface and log back in.


Table 13–18 Arguments and Result for the udb.sv.add Command

Argument 

Syntax 

Description 

name 

[R] 

String 

The new session variable name 

secure 

[O] 

Boolean 

Whether or not the value should be displayed; true means no; default false 

desc 

[O] 

String 

The new session variable value description 

value 

[R] 

String 

The new session variable value for this user.  

If the value for the variable is an empty string, enter: - value ""

result 

SessionVariable 

The new session variable 

udb.sv.del

This command deletes a session variable.

Table 13–19 Arguments for the udb.sv.del Command

Argument 

Syntax 

Description 

name 

[R] 

String 

The name of the session variable to delete 

udb.sv.fl

This command flushes all of a user's session variables.

Table 13–20 Arguments for the udb.sv.fl Command

Argument 

Syntax 

Description 

[R] 

String 

The name of the user 

[O/R] 

String 

The plaintext password for the user 

ep 

[O/R] 

String 

The encoded password for this user 

udb.sv.la

This command lists all session variables.

Table 13–21 Argument and Result for the udb.sv.la Command

Argument/Result 

Syntax 

Description 

result 

SessionVariableSet 

The variables available to this user 

udb.sv.lo

This command retrieves the specified session variable

Table 13–22 Argument and Result for the udb.sv.lo Command

Argument/Result 

Syntax 

Description 

name 

[R] 

String 

The name of the session variable to show 

result 

SessionVariable 

The session variable 

udb.sv.mod

This command modifies a session variable; a password must be set using the -p parameter if variables are to be persisted.

Table 13–23 Argument/Result for the udb.sv.mod Command

Argument/Result 

Syntax 

Description 

name 

[R] 

String 

The name of the session variable to modify 

secure 

[O] 

String 

Whether or not the value should be displayed; true means no; default false 

desc 

[O] 

String 

The new session variable description 

value 

[O] 

String 

The new session variable value for this user 

result 

SessionVariable 

The new session variable 

udb.sv.re

This command reencrypts all of a user's session variables.

Table 13–24 Arguments for the udb.sv.re Command

Argument 

Syntax 

Description 

[R] 

String 

The name of the user 

[O/R] 

String 

The plaintext password for the user 

ep 

[O/R] 

String 

The encoded password for the user 

op 

[O/R] 

String 

The old plaintext password used to encrypt these variables 

oep 

[O/R] 

String 

The old encoded password used to encrypt these variables 

Authentication Commands

udb.login

Logs in a user and returns a SessionID that can be used for authentication. To send the session IDto a file, the arguments -o and -of must be specified before the username and password.

Table 13–25 Result of the udb.login Command

Argument 

Syntax 

Description 

[O] 

String 

The name of the formatter 

of 

[O] 

String 

The name of the output file 

[R] 

String 

The username 

[O/R] 

String 

The plaintext user password; required if the encoded password is not available or supplied. 

ep 

[O/R] 

String 

The encoded user password; required if the plaintext password is not available or supplied. 

result 

SessionID 

The session ID 


Example 13–1 Example of Sending the Session ID to a File

This example demonstrates saving a session ID being saved for reuse.

Name of formatter

serialized

Name of output file

sessionid


# cr_cli -cmd udb.login -o serialized -of sessionid -u admin -p admin

udb.logout

This command logs out the user who runs it.

udb.whoami

This command returns the owner of the current session.

Table 13–26 Result of the udb.whoami Command

Result 

Syntax 

Description 

result 

UserID 

The current user ID 

udb.p: Commands for Managing Permissions

The udb.p commands enable you to display information about the permissions established in the Sun N1 Service Provisioning System software.

Table 13–27 Summary of the udb.p Commands

Command 

Description 

udb.p.la 

Lists all permissions. 

udb.p.lo 

Retrieves the specified permission. 

udb.p.la

This command lists all permissions.

Table 13–28 Result for the udb.p.la Command

Result 

Syntax 

Description 

result 

PermissionArray 

The permissions 

udb.p.lo

This command retrieves the specified permission..

Table 13–29 Argument and Result for the udb.p.lo Command

Argument/Result 

Syntax 

Description 

ID 

[R] 

PermissionID 

The permission ID 

result 

Permission 

The permission 

udb.l: Managing Login Configurations

udb.l.la

This command lists all of the login configurations.

Table 13–30 Result for the udb.l.la Command

Argument 

Syntax 

Description 

result 

LoginConfiguration- Array 

The list of login configurations