Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ adminuser(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

adminrole(1M)

intro(2)

tfadmin(1M)






       adminuser(1M)                                          adminuser(1M)


       NAME
             adminuser - display, add, change, delete administrators in the
             TFM database.

       SYNOPSIS
             adminuser [-n] [-o role[, . . .]]
                   [-a cmd:path[:priv[:priv . . .]][, . . .]]
                   user . . .
             adminuser [-o role[, . . .]
                   [-r cmd[:priv[:priv . . .]][, . . .]]
                   [-a cmd:path[:priv[:priv . . .]][, . . .]]
                   user . . .
             adminuser [-d] user . . .
             adminuser

       DESCRIPTION
             The adminuser command allows administrators to display, add,
             change, and delete administrators in the Trusted Facility
             Management (TFM) database.  The TFM database is the vehicle
             through which unprivileged user processes run privileged
             commands.

             A user definition contains a list of commands.  Each command
             contains a list of privileges.  The tfadmin command uses these
             privileges to set up its process before invoking this command
             for the user.  In addition to the command definitions, there
             is a list of roles available to the user, and a default
             command specification.

             The options to the command are:

             -n    For every user in the list, create a new user
                   description, and, optionally, create a role list or add
                   a command to that user.

             -o    Create the specified role list for every user in the
                   list.  Note that order is significant if more than one
                   role is specified, and an individual command is in more
                   than one of the roles.  In this case, if the user
                   subsequently invokes such a command via tfadmin, and
                   does not specify a role, the roles will be searched in
                   the order specified here for a matching command
                   definition.  The first match found is the one that will
                   be used.




                           Copyright 1994 Novell, Inc.               Page 1













      adminuser(1M)                                          adminuser(1M)


            -a    Add a list of commands to the definitions of a given
                  list of users.

            -r    Remove the list of commands from the list of users.  If
                  the user supplies privileges in the command
                  descriptions, then leave the command but remove the
                  specified privileges.

            -d    Delete the given list of users from the TFM database.

            No options
                  Print out the capabilities of the given list of users.

            No arguments
                  Print the capabilities of every user in the database.

            The adminuser command takes as its arguments the list of users
            to which the actions specified by the options applies.  The
            list of users is a list of user login names.  Only
            administrative users, that is administrators to whom access to
            privileged commands is to be granted, should be added to the
            TFM database.

            The argument to the -o option is a comma-separated list of
            role names.  This list will create a new role list for the
            specified users, replacing any existing role lists.

            The argument to the -a or -r option is a comma-separated list
            of command descriptions.  For the -a option, the command
            description includes the name of the command to be added, the
            full path at which the command file resides, and the privilege
            vector, represented by a colon-separated list of privilege
            names (for example, mount:/etc/mount:macread:mount).  There is
            no limit on the length of the path name; however, / (``root''
            or ``slash'') alone may not be specified.

            The command description for the -r option is the same as for
            the -a option except that the full path and the separating
            colon are not given (for example, mount:macread:mount).  If
            the users get no privileges when they invoke the command, the
            privilege description may be omitted.

            The -n and -r options may not be used together.  If -n is
            specified with -r, an error will occur because incompatible
            options have been specified.



                          Copyright 1994 Novell, Inc.               Page 2













       adminuser(1M)                                          adminuser(1M)


       FILES
             /etc/security/tfm/users/*
             /etc/security/tfm/users/*/default
             /etc/security/tfm/users/*/roles
             /etc/security/tfm/users/*/cmds/*

       REFERENCES
             adminrole(1M), intro(2), tfadmin(1M)

       DIAGNOSTICS
             This command exits with a 0 if all requested operations
             succeeded, 1 if any operation failed.

             The following diagnostic messages are printed by adminuser:

                   command name ``cmd'' already exists

                   user ``user'' already exists

                   undefined user ``user''

                   process privilege ``priv'' does not exist in command
                   ``cmd''

                   role name ``role'' is not unique

                   insufficient command specification: ``string''

                   duplicate process privilege: ``priv''

                   full command pathname must be specified

                   full path to TFM database must be specified

                   undefined command name ``cmd''

                   cannot read role list for user ``user''

                   cannot add user ``user''

                   cannot alter user ``user''

                   user ``user'' currently being changed, try again later





                           Copyright 1994 Novell, Inc.               Page 3













      adminuser(1M)                                          adminuser(1M)


                  cannot remove user ``user''

                  cannot change command ``cmd''

                  cannot change role list for user ``user''

                  TFM database does not exist

                  cannot initialize TFM database

                  improper command name: ``string''

                  invalid process privilege: ``string''

                  unrecognized privilege number: ``number''

                  incompatible options specified































                          Copyright 1994 Novell, Inc.               Page 4








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026