JavaScript is required to for searching.
跳过导航链接
退出打印视图
手册页第 1M 部分:系统管理命令     Oracle Solaris 11.1 Information Library (简体中文)
为本文档评分
search filter icon
search icon

文档信息

前言

简介

System Administration Commands-第 1 单元

System Administration Commands-第 2 单元

luxadm(1M)

mail.local(1M)

makedbm(1M)

makemap(1M)

masfcnv(1M)

mdlogd(1M)

mdmonitord(1M)

mdnsd(1M)

medstat(1M)

metaclear(1M)

metadb(1M)

metadetach(1M)

metadevadm(1M)

metahs(1M)

metaimport(1M)

metainit(1M)

metaoffline(1M)

metaonline(1M)

metaparam(1M)

metarecover(1M)

metarename(1M)

metareplace(1M)

metaset(1M)

metassist(1M)

metastat(1M)

metasync(1M)

metattach(1M)

mib2mof(1M)

mibiisa(1M)

mkbootmedia(1M)

mkdevalloc(1M)

mkdevmaps(1M)

mkfifo(1M)

mkfile(1M)

mkfs(1M)

mkfs_pcfs(1M)

mkfs_udfs(1M)

mkfs_ufs(1M)

mknod(1M)

mkntfs(1M)

mkpwdict(1M)

modinfo(1M)

modload(1M)

modunload(1M)

mofcomp(1M)

mofreg(1M)

monacct(1M)

monitor(1M)

mount(1M)

mountall(1M)

mountd(1M)

mount_hsfs(1M)

mount_nfs(1M)

mount_pcfs(1M)

mount_smbfs(1M)

mount_tmpfs(1M)

mount_udfs(1M)

mount_ufs(1M)

mpathadm(1M)

mpstat(1M)

msgid(1M)

mvdir(1M)

named(1M)

named-checkconf(1M)

named-checkzone(1M)

named-compilezone(1M)

ncaconfd(1M)

ncheck(1M)

ncheck_ufs(1M)

ndd(1M)

ndmpadm(1M)

ndmpd(1M)

ndmpstat(1M)

netadm(1M)

netcfg(1M)

netcfgd(1M)

netservices(1M)

netstat(1M)

netstrategy(1M)

newaliases(1M)

newfs(1M)

newkey(1M)

nfs4cbd(1M)

nfsd(1M)

nfslogd(1M)

nfsmapid(1M)

nfsref(1M)

nfsstat(1M)

nscadm(1M)

nscd(1M)

nscfg(1M)

nsdb-list(1M)

nsdb-nces(1M)

nsdbparams(1M)

nsdb-resolve-fsn(1M)

nsdb-update-nci(1M)

nslookup(1M)

nsupdate(1M)

ntfscat(1M)

ntfsclone(1M)

ntfscluster(1M)

ntfscmp(1M)

ntfscp(1M)

ntfsfix(1M)

ntfsinfo(1M)

ntfslabel(1M)

ntfsls(1M)

ntfsprogs(1M)

ntfsresize(1M)

ntfsundelete(1M)

nulladm(1M)

nwamd(1M)

obpsym(1M)

oplhpd(1M)

pageout(1M)

parted(1M)

pbind(1M)

pcitool(1M)

pfedit(1M)

pginfo(1M)

pgstat(1M)

picld(1M)

ping(1M)

pkg2du(1M)

pkgadd(1M)

pkgadm(1M)

pkgask(1M)

pkgchk(1M)

pkgcond(1M)

pkg.depotd(1M)

pkgrm(1M)

pkg.sysrepo(1M)

plockstat(1M)

pntadm(1M)

polkit-is-privileged(1M)

pooladm(1M)

poolbind(1M)

poolcfg(1M)

poold(1M)

poolstat(1M)

ports(1M)

poweradm(1M)

poweroff(1M)

powertop(1M)

pppd(1M)

pppoec(1M)

pppoed(1M)

pppstats(1M)

praudit(1M)

prctmp(1M)

prdaily(1M)

projadd(1M)

projdel(1M)

projmod(1M)

prstat(1M)

prtacct(1M)

prtconf(1M)

prtdiag(1M)

prtdscp(1M)

prtfru(1M)

prtpicl(1M)

prtvtoc(1M)

psradm(1M)

psrinfo(1M)

psrset(1M)

pwck(1M)

pwconv(1M)

quot(1M)

quota(1M)

quotacheck(1M)

quotaoff(1M)

quotaon(1M)

rad(1M)

raidctl(1M)

ramdiskadm(1M)

rarpd(1M)

rcapadm(1M)

rcapd(1M)

rctladm(1M)

rdate(1M)

rdisc(1M)

reboot(1M)

rem_drv(1M)

remove_allocatable(1M)

removef(1M)

reparsed(1M)

repquota(1M)

restricted_shell(1M)

rexd(1M)

rexecd(1M)

rlogind(1M)

rmmount(1M)

rmt(1M)

rmvolmgr(1M)

rndc(1M)

rndc-confgen(1M)

roleadd(1M)

roledel(1M)

rolemod(1M)

root_archive(1M)

route(1M)

routeadm(1M)

routed(1M)

rpcbind(1M)

rpc.bootparamd(1M)

rpcinfo(1M)

rpc.mdcommd(1M)

rpc.metad(1M)

rpc.metamedd(1M)

rpc.metamhd(1M)

rpc.rexd(1M)

rpc.rstatd(1M)

rpc.rusersd(1M)

rpc.rwalld(1M)

rpc.smserverd(1M)

rpc.sprayd(1M)

rpc.yppasswdd(1M)

rpc.ypupdated(1M)

rquotad(1M)

rsh(1M)

rshd(1M)

rstatd(1M)

rtc(1M)

rtquery(1M)

runacct(1M)

rusersd(1M)

rwall(1M)

rwalld(1M)

rwhod(1M)

sa1(1M)

sa2(1M)

sadc(1M)

sar(1M)

sasinfo(1M)

savecore(1M)

sbdadm(1M)

sched(1M)

sckmd(1M)

scmadm(1M)

sconadm(1M)

sendmail(1M)

sftp-server(1M)

shadowd(1M)

shadowstat(1M)

share(1M)

shareall(1M)

sharectl(1M)

share_nfs(1M)

share_smb(1M)

showmount(1M)

shutacct(1M)

shutdown(1M)

slpd(1M)

smattrpop(1M)

smbadm(1M)

smbd(1M)

smbiod(1M)

smbiod-svc(1M)

smbios(1M)

smbstat(1M)

smrsh(1M)

sasinfo(1M)

sndradm(1M)

sndrd(1M)

sndrsyncd(1M)

snmpdx(1M)

snmp-notify(1M)

snmpXwbemd(1M)

snoop(1M)

soconfig(1M)

soladdapp(1M)

soldelapp(1M)

solstice(1M)

sppptun(1M)

spray(1M)

sprayd(1M)

srptadm(1M)

sshd(1M)

ssh-keysign(1M)

startup(1M)

statd(1M)

stclient(1M)

stmfadm(1M)

stmsboot(1M)

strace(1M)

strclean(1M)

strerr(1M)

sttydefs(1M)

su(1M)

sulogin(1M)

suriadm(1M)

svadm(1M)

svcadm(1M)

svcbundle(1M)

svccfg(1M)

svc.configd(1M)

svc.ipfd(1M)

svc.startd(1M)

swap(1M)

sxadm(1M)

sync(1M)

syncinit(1M)

syncloop(1M)

syncstat(1M)

sysconfig(1M)

sysdef(1M)

syseventadm(1M)

syseventconfd(1M)

syseventd(1M)

syslogd(1M)

talkd(1M)

tapes(1M)

telnetd(1M)

tftpd(1M)

th_define(1M)

th_manage(1M)

tic(1M)

tncfg(1M)

tnchkdb(1M)

tnctl(1M)

tnd(1M)

tninfo(1M)

tpmadm(1M)

traceroute(1M)

trapstat(1M)

ttymon(1M)

tunefs(1M)

turnacct(1M)

txzonemgr(1M)

tzreload(1M)

tzselect(1M)

uadmin(1M)

ucodeadm(1M)

ufsdump(1M)

ufsrestore(1M)

umount(1M)

umountall(1M)

System Administration Commands-第 3 单元

请告诉我们如何提高我们的文档:
过于简略
不易阅读或难以理解
重要信息缺失
错误的内容
需要翻译的版本
其他
Your rating has been updated
感谢您的反馈!

您的反馈将非常有助于我们提供更好的文档。 您是否愿意参与我们的内容改进并提供进一步的意见?

pfedit

- per-file authorized edit of administrative files

用法概要

pfedit [-r] file

描述

The pfedit command allows authorized users to edit system configuration files. The file argument is a pathname of the file to be edited. If file is not an absolute pathname, the pathname of the current working directory is prepended, and all further processing proceeds as if that were the argument. The invoking user must have the authorization solaris.admin.edit/path_to_file or the blanket authorization solaris.admin.edit. The pfedit command allows use of symbolic links, by also checking for authorization for the realpath(3C) of file.

The pfedit command creates a copy of file owned by the invoking user, then invokes an editor on that file using the id and privileges of the invoking user. The default editor is /usr/bin/vi, but can be selected through the use of the EDITOR or VISUAL environment variable; if both are set, VISUAL has precedence. When the user exits the editor and if the copied file has been updated, the updated contents are applied atomically to file. All discretionary access attributes (owner, group, permissions and ACLs) of file are retained, together with any system or extended attributes on the original file. In any case, the user-owned file copy is removed before pfedit exits.

If file does not exist the file will be created with owner root, group root, and permissions 644 (-rw-r--r--), and then the previously described operations are applied that file. If pfedit has been used to create and modify file, the -r option can be used to remove file.

The pfedit command sets a discretionary lock on file, so that simultaneous updates by means of pfedit are prohibited.

The pfedit command is careful not to break hard links to other files. Since the atomic update requires replacement of the existing file with a new one with the updated contents, pfedit will refuse to operate on a file with a link count greater than one.

The pfedit command is restricted to editing text files, and will not accept updates which include non-text characters (NULs).

If configured, in the case of a successful update, an attempt to make unauthorized use, or if an error occurs, an audit record is generated to capture the subject, the file name, the authorization used, the file change if any, and the success or failure of the operation. The audit event type and default class is one of:

AUE_admin_edit:edit administrative file:as
AUE_admin_file_create:create administrative file:as
AUE_admin_file_remove:remove administrative file:as

选项

The following option is supported:

-r

Remove specified file (if file has been created by pfedit).

示例

示例 1 Creating a Profile

To create a profile with solaris.admin.edit authorization that can be assigned to users to modify /etc/syslog.conf, use the profiles(1) command.

% profiles -p "syslog Configure"
profiles: syslog Configure> set auths=solaris.admin.edit/etc/syslog.conf
profiles: syslog Configure> set desc="Edit syslog configuration"
profiles: syslog Configure> exit

示例 2 Modifying /etc/syslog.conf

If a user has the “syslog Configure” profile as configured in the previous example then invoking:

# pfedit /etc/syslog.conf

...creates a copy of /etc/syslog.conf owned by that user, and by default invokes /usr/bin/vi running as that user on the copy. When the user exits the editor, /etc/syslog.conf is atomically updated with the contents saved by the user.

退出状态

The pfedit command has an exit value of 0 if it completes successfully, and a non-zero value if any part of the operation fails.

属性

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Availability
system/core-os
Interface Stability
Uncommitted

另请参见

auths(1), passwd(1), profiles(1), groupadd(1M), groupdel(1M), groupmod(1M), useradd(1M), userdel(1M), usermod(1M), fgetattr(3C), realpath(3C), attributes(5), fsattr(5)

附注

Oracle Solaris includes administrative configuration files for which use of pfedit and the solaris.admin.edit/path_to_file authorization is not recommended. Alternate commands exist which are both domain-specific and safer. For example, for the /etc/passwd, /etc/shadow, or /etc/user_attr files, use instead passwd(1), useradd(1M), userdel(1M), or usermod(1M). For the /etc/group file, use instead groupadd(1M), groupdel(1M), or groupmod(1M). For updating /etc/security/auth_attr, /etc/security/exec_attr, or /etc/security/prof_attr, the preferred command is profiles(1).

The ability to modify the contents of some configuration files can be used to escalate the privileges assigned to the user. Assignment of an authorization to edit such a file, or of a profile containing such an authorization, should be considered equivalent to providing full privileged access.