- administer Oracle Solaris Cluster SNMP users
/usr/cluster/bin/clsnmpuser -V
/usr/cluster/bin/clsnmpuser [subcommand] -?
/usr/cluster/bin/clsnmpuser [subcommand] [options] -v [operand]
/usr/cluster/bin/clsnmpuser create -i {- | clconfigfile} [-a authentication] -f passwdfile [-n node[,…]] {+ | user ...}
/usr/cluster/bin/clsnmpuser delete [-a authentication] [-n node[,…] ] {+ | user ...}
/usr/cluster/bin/clsnmpuser export [-o {- | clconfigfile}] [-a authentication] [-n node[,…] ] [ {+ | user ...}]
/usr/cluster/bin/clsnmpuser list [-a authentication] [-n node[,…] ] {-d | + | user ...}
/usr/cluster/bin/clsnmpuser set [-a authentication] [-n node[,…] ] {+ | user ...}
/usr/cluster/bin/clsnmpuser set-default {-l seclevel [,…] } {+ | user ...}
/usr/cluster/bin/clsnmpuser show [-a authentication] [-n node[,…] ] [-d | + | user ...]
The clsnmpuser command administers the roles of Simple Network Management Protocol (SNMP) users who can administer the control mechanisms on cluster Management Information Bases (MIBs). For more information about cluster MIBs, see the clsnmpmib(1CL) man page. If the cluster contains a MIB that is configured to use SNMP Version 3 (SNMPv3), you must define an SNMP user. SNMP users are not the same users as Solaris OS users, and SNMP users do not need to have the same user names as existing OS users.
This command has no short form.
The general form of this command is as follows:
clsnmpuser [subcommand] [options] [operands]
You can omit subcommand only if options specifies the option -? or -V.
Each option of this command has a long form and a short form. Both forms of each option are provided with the description of the option in the OPTIONS section.
See the Intro(1CL) man page for more information.
You can use this command only in the global zone.
The following subcommands are supported:
Creates a user and adds the user to the SNMP user configuration on the specified node.
You can use this subcommand only in the global zone.
Use the -n option with this subcommand to specify the cluster node on which to create the SNMP user. If you do not specify the -n option, the user is created and added only to the SNMP configuration on the current node.
To create and add all of the users that are configured in the clconfiguration file, use the -i option and the -n option.
To assign an authentication type to the SNMP user that you are creating, specify the -a option.
You can include the password for the SNMP user by specifying the -f option. The -f option is required if you are using the -i option.
If you specify the -i option, the configuration information from the clconfiguration(5CL) file is used. When you specify the -i option, you can also specify the plus sign (+) operand or a list of users.
Users other than superuser require solaris.cluster.modify role-based access control (RBAC) authorization to use this command. See the rbac(5) man page.
Deletes an SNMPv3 user from the specified node.
You can use this subcommand only in the global zone.
When you use the delete subcommand and specify only a user name, the subcommand removes all instances of the user. To delete users by authentication type, use the -a option. If you do not use the -n option, the user is deleted from only the current node.
Users other than superuser require solaris.cluster.modify RBAC authorization to use this subcommand. See the rbac(5) man page.
Exports the SNMP user information from the specified node.
You can use this subcommand only in the global zone.
If you do not use the -n option, the SNMP user information is exported only from the current node. For the format of the output from the export subcommand, see the clconfiguration(5CL) man page. By default, all output is sent to standard output. Use the -o option followed by a file name to redirect the output to the file.
You can use the -a option to provide output only for those users with a specific authentication type. If you specify one or more users as operands, the output is restricted to only the information about those users.
Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.
Prints a list of SNMPv3 users that are configured on the specified node.
You can use this subcommand only in the global zone.
By default, the list subcommand displays all SNMPv3 users on the specified node. To display only the default SNMP user, specify the -d option with no operands. To restrict the output to a specified authentication type, use the -a option.
Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.
Changes the configuration of a user on the specified node.
You can use this subcommand only in the global zone.
If you do not specify the -n option, the configuration of a user is modified only on the current node.
Users other than superuser require solaris.cluster.modify RBAC auhorization to use this subcommand. See the rbac(5) man page.
Specifies the name of the default SNMP user and the security level that is used when a MIB sends a trap notification.
You can use this subcommand only in the global zone.
You use the -l option to specify the security level.
If the MIB is configured to use SNMPv3, you must specify a specific user name and security level with which to authenticate the traps. If a configuration has more than one user, you must specify the default user that the MIB will use when it sends the trap notifications.
If the configuration contains only one user, that user automatically becomes the default SNMP user. If the default SNMP user is deleted, another existing user, if any, becomes the default.
Users other than superuser require solaris.cluster.modify RBAC auhorization to use this subcommand. See the rbac(5) man page.
Prints information about the users on the specified node.
You can use this subcommand only in the global zone.
By default, the show subcommand displays information about all users on the node. To display information about only the default SNMP user, specify the -d option and do not provide an operand. To limit the output to specific authentication types, use the -a option. If you do not use the -n option, the command displays only user information from the current node.
Users other than superuser require solaris.cluster.read RBAC authorization to use this subcommand. See the rbac(5) man page.
The following options are supported:
Prints help information.
You can specify this option with or without a subcommand.
If you use this option without a subcommand, the list of available subcommands is displayed.
If you use this option with a subcommand, the usage options for that subcommand are displayed.
When this option is used, no other processing is performed.
Specifies the authentication protocol that is used to authorize the user. The value of the authentication protocol can be SHA or MD5.
Specify the default SNMP user that is used when a MIB sends a trap notification.
Specifies a file that contains one or more SNMP user passwords. If you do not specify this option when you create a new user, the command prompts for a password. This option is valid only with the create subcommand.
User passwords must be specified on separate lines in the following format:
user:password
Passwords cannot contain the following characters or a space:
; (semicolon)
: (colon)
\ (backslash)
\n (newline)
Specifies configuration information that is to be used to validate or modify the SNMP hosts configuration. This information must conform to the format that is defined in the clconfiguration(5CL) man page. This information can be contained in a file or supplied through standard input. To specify standard input, specify the minus sign (-) instead of a file name.
Specifies the user's security level. You specify one of the following values for seclevel:
noAuthNoPriv
AuthNoPriv
authPriv
For more information about SNMP security levels, see the snmpcmd(1M) man page.
Specifies a node or a list of nodes. You can specify each node as a node name or as a node ID.
All forms of this command accept this option.
Writes the cluster SNMP host configuration information in the format that is described by the clconfiguration(5CL) man page. This information can be written to a file or to standard output.
To write to standard output, specify the minus sign (-) instead of a file name. If you specify standard output, all other standard output for the command is suppressed.
Prints the version of the command.
Do not specify this option with subcommands, operands, or other options because they are ignored. The -V option displays only the version of the command. No other operations are performed.
Prints verbose messages and information.
You can specify this option with any form of the command, although some subcommands might not produce expanded output. For example, the export subcommand does not produce expanded output if you specify the verbose option.
The following operands are supported:
Specifies all SNMP users.
Specifies the name of the SNMP user.
If the command is successful for all specified operands, it returns zero (CL_NOERR). If an error occurs for an operand, the command processes the next operand in the operand list. The returned exit code always reflects the error that occurred first.
This command returns the following exit status codes:
No error
The command that you issued completed successfully.
Not enough swap space
A cluster node ran out of swap memory or ran out of other operating system resources.
Invalid argument
You typed the command incorrectly, or the syntax of the cluster configuration information that you supplied with the -i option was incorrect.
Permission denied
The object that you specified is inaccessible. You might need superuser or RBAC access to issue the command. See the su(1M) and rbac(5) man pages for more information.
Internal error was encountered
An internal error indicates a software defect or other defect.
I/O error
A physical input/output error has occurred.
No such object
The object that you specified cannot be found for one of the following reasons:
The object does not exist.
A directory in the path to the configuration file that you attempted to create with the -o option does not exist.
The configuration file that you attempted to access with the -i option contains errors.
Example 1 Creating an SNMPv3 User
The following command creates a new user newuser1 and adds the user to the configuration on the current node. The authentication type is SHA.
# clsnmpuser create -a SHA newuser1 Enter password for user 'newuser1':
This example requires that you enter a password for the user to be created. To automate this process, use the -f option.
Example 2 Listing Users
The following command lists all users with an authentication type of MD5.
# clsnmpuser list -a MD5 + user1 mySNMPusername
The plus sign (+) is optional, as it is the default.
Example 3 Showing Users
The following command displays the user information for all users on the current node.
# clsnmpuser show --- SNMP User Configuration on phys-schost-1 --- SNMP User Name: newuser1 Authentication Protocol: SHA Default User: Yes Default Security Level: authPriv
Example 4 Changing a User's Authentication Protocol and Status
The following command modifies the authentication protocol and default user status of the user newuser1.
# clsnmpuser set -a MD5 newuser1
Example 5 Deleting SNMP Users
The following command deletes all SNMP users.
# clsnmpuser delete +
The plus sign (+) is used in this example to specify all users.
See attributes(5) for descriptions of the following attributes:
|
clsnmphost(1CL), clsnmpmib(1CL), cluster(1CL), Intro(1CL), sceventmib(1M), snmpcmd(1M), su(1M), scha_calls(3HA), attributes(5), rbac(5), clconfiguration(5CL)
The superuser can run all forms of this command.
All users can run this command with the -? (help) or -V (version) option.
To run the clsnmpmib command with other subcommands, users other than superuser require RBAC authorizations. See the following table.
|