CLI User Configuration Example

To demonstrate the CLI user and roles interface, the following example adds the NIS user "brendan" to the system, and grants the authorization to restart the HTTP service. This includes creating a role for this authorization.

We will start by creating the role, which we will call "webadmin":

caji:> configuration roles
caji:configuration roles> role webadmin
caji:configuration roles webadmin (uncommitted)> set
   description="web server administrator" 
                   description = web server administrator (uncommitted)
caji:configuration roles webadmin (uncommitted)> commit
caji:configuration roles> show
Roles:

NAME             DESCRIPTION
basic            Basic administration
webadmin         web server administrator

Now that we have created the webadmin role, we will add the authorization to restart the HTTP service; This example also shows the output of tab-completion, which lists valid input and is useful when determining what are valid scopes and filter options:

caji:configuration roles> select webadmin
caji:configuration roles webadmin> authorizations
caji:configuration roles webadmin authorizations> create
caji:configuration roles webadmin auth (uncommitted)> set scope=tab 
ad           cluster      net          schema       update       
alert        hardware     replication  stat         user         
appliance    nas          role         svc          worksheet    
caji:configuration roles webadmin auth (uncommitted)> set scope=svc
                         scope = svc
caji:configuration roles webadmin auth (uncommitted)> show
Properties:
                         scope = svc
                       service = *
              allow_administer = false
               allow_configure = false
                 allow_restart = false

caji:configuration roles webadmin auth (uncommitted)> set service=tab 
*               ftp             ipmp            nis             ssh
ad              http            iscsi           ntp             tags
smb            identity        ldap            routing         vscan
datalink:igb0   idmap           ndmp            scrk            
dns             interface:igb0  nfs             snmp            
caji:configuration roles webadmin auth (uncommitted)> set service=http
                       service = http (uncommitted)
caji:configuration roles webadmin auth (uncommitted)> set allow_restart=true
                 allow_restart = true (uncommitted)
caji:configuration roles webadmin auth (uncommitted)> commit
caji:configuration roles webadmin authorizations> list
NAME       OBJECT                               PERMISSIONS
auth-000   svc.http                             restart

Now that the role has been created, we can enter the users section to create our user "brendan" and assign the role "webadmin":

caji:configuration roles webadmin authorizations> cd ../../..
caji:configuration> users
caji:configuration users> netuser brendan
caji:configuration users> show
Users:

NAME                     USERNAME                 UID        TYPE
Brendan Gregg            brendan                  130948     Dir
Super-User               root                     0          Loc

caji:configuration users> select brendan
caji:configuration users brendan> show
Properties:
                       logname = brendan
                      fullname = Brendan Gregg
              initial_password = *************
            require_annotation = false
                         roles = basic
                    kiosk_mode = false
                  kiosk_screen = status/dashboard

Children:
                       exceptions => Configure this user's exceptions
                      preferences => Configure user preferences
caji:configuration users brendan> set roles=basic,webadmin
                         roles = basic,webadmin (uncommitted)
caji:configuration users brendan> commit

The user brendan should now be able to login using their NIS password, and restart the HTTP service on the appliance.