pmadm(1M) pmadm(1M)
NAME
pmadm - port monitor administration
SYNOPSIS
pmadm -a [-p pmtag | -t type] -s svctag [-i id] -m "pmspecific"
-v version [-f xu] [-S "scheme"] [-y "comment"] [-z script]
pmadm -r -p pmtag -s svctag
pmadm -e -p pmtag -s svctag
pmadm -d -p pmtag -s svctag
pmadm -l [-p pmtag | -t type] [-s svctag]
pmadm -L [-p pmtag | -t type] [-s svctag]
pmadm -g -p pmtag -s svctag [-z script]
pmadm -g -s svctag -t type -z script
pmadm -c -S "scheme" [-i id] -p pmtag -s svctag
pmadm -c -i id [-S "scheme"] -p pmtag -s svctag
DESCRIPTION
pmadm is the administrative command for the lower level of the
Service Access Facility hierarchy, that is, for service
administration. A port may have only one service associated
with it although the same service may be available through
more than one port. In order to uniquely identify an instance
of a service the pmadm command must identify both the port
monitor or port monitors through which the service is
available (-p or -t) and the service (-s). See the option
descriptions below.
pmadm performs the following functions:
add or remove a service
enable or disable a service
add or delete authentication scheme and user ID
information
install or replace a per-service configuration script
print requested service information
Any user on the system may invoke pmadm to request service
status (-l or -L) or to print per-service configuration
scripts (-g without the -z option).
Copyright 1994 Novell, Inc. Page 1
pmadm(1M) pmadm(1M)
The options have the following meanings:
-a Add a service. pmadm adds an entry for the new service
to the port monitor's administrative file. Because of
the complexity of the options and arguments that follow
the -a option, it may be convenient to use a command
script or the menu system to add services. If you use
the menu system, enter sysadm ports, then choose the
port_services option.
-c Used with -i or -S to change the authentication scheme or
user ID associated with the named service. To identify
the service, both -p and -s options are required. -c may
be used with either -i or -S separately or it may be used
with both options. See -i and -S.
-d Disable a service. Add x to the flag field in the entry
for service svctag in the port monitor's administrative
file. See the -f option, below, for a description of the
flags available.
-e Enable a service. Remove x from the flag field in the
entry for service svctag in the port monitor
administrative file. See the -f option, below, for a
description of the flags available.
-f xu
Used with the -a option. The -f option specifies one or
both of the two flags listed below. The flags are then
included in the flag field of the port monitor
administrative file entry for the new service. If the -f
option is not included, no flags are set and the default
conditions prevail. By default, a new service is enabled
and no utmp entry is created for it. A -f option without
a following argument is illegal.
x Disable the service svctag available through
port monitor pmtag. When x is present in the
flag field, the service is no started until
explicitly enabled.
u Create a utmp entry for service svctag available
through
port monitor pmtag.
-g Used with the options described below, the -g option
prints, installs, or replaces a per-service configuration
script.
Copyright 1994 Novell, Inc. Page 2
pmadm(1M) pmadm(1M)
-g -p pmtag -s svctag
Prints the per-service configuration script for
service svctag available through port monitor
pmtag.
-g -p pmtag -s svctag -z script
Installs the per-service configuration script
contained in the file script as the per-service
configuration script for service svctag
available through port monitor pmtag.
-g -s svctag -t type -z script
Installs the file script as the per-service
configuration script for service svctag
available through any port monitor of type
type.
Other combinations of options with -g are invalid.
-i id
Used with -a or -c. id is the identity that is to be
assigned to service svctag when it is started. id must
be an entry in /etc/passwd.
The -i argument is optional when a service is being added
(that is, with the -a option). If the -i option is
omitted, the port monitor determines the user ID from
information supplied by the authentication scheme. If
the -i option is omitted and no authentication scheme is
specified, an error is returned when the service is
executed. When the user ID is specified using -i and an
authentication scheme is also specified, the port monitor
performs the authentication using the scheme-supplied
identity. The identity specified by the -i option takes
precedence when the service is invoked.
Used with the -c option, the argument to -i replaces the
user ID in the port monitor-generic field of the port
monitor administrative file entry for the named service.
If id is not the NULL string, pmadm ensures that it is a
valid user ID on the machine. Changing a user ID to the
NULL string ("") removes the ID from the port monitor
administrative file entry for the service.
Copyright 1994 Novell, Inc. Page 3
pmadm(1M) pmadm(1M)
-l The -l option requests service information. Used by
itself and with the options described below it provides a
filter for extracting information in several different
groupings.
-l By itself, the -l option lists all services on
the system.
-l -p pmtag
Lists all services available through port monitor
pmtag.
-l -s svctag
Lists all services with tag svctag.
-l -p pmtag -s svctag
Lists service svctag available through the port
monitor pmtab.
-l -t type
Lists all services available through port
monitors of type type.
-l -t type -s svctag
Lists all services with tag svctag available
through a port monitor of type type.
Other combinations of options with -l are invalid.
-L The -L option is identical to the -l option except that
output is printed in a condensed format and without
column headers.
-m "pmspecific"
pmspecific is a port monitor-specific command. Every
port monitor running under the Service Access Facility
must have such a command to supply information for the
port monitor-specific field of the port monitor
administrative file entry for the service. The command
and its options are enclosed in back quotes (`). See
ttyadm(1M), the port monitor-specific command for ttymon,
and nlsadmin(1M), the port monitor-specific command for
listen.
Copyright 1994 Novell, Inc. Page 4
pmadm(1M) pmadm(1M)
-p pmtag
Specifies the tag associated with the port monitor
through which a service (specified as -s svctag) is
available.
-r Remove a service. When pmadm removes a service, the
entry for the service is removed from the port monitor's
administrative file.
-s svctag
Specifies the service tag associated with a given
service. The service tag is assigned by the system
administrator and is part of the entry for the service in
the port monitor's administrative file.
-S "scheme"
Used with -a or -c. The -S option specifies the
authentication scheme to be associated with svctag.
scheme may be a simple authentication scheme name or the
full pathname of the authentication scheme and can have
arguments associated with it.
Used with -c, -S replaces the authentication scheme name
and arguments in the scheme field of the port monitor's
administrative file with the new scheme name (and
arguments, if any).
Changing an authentication scheme name to the NULL string
removes the scheme from the port monitor administrative
file entry for the service.
-t type
Used with the -a, or -l, or -g option. -t specifies the
port monitor type.
-v version
Specifies the version number of the port monitor
administrative file. The version number may be given as
-v `pmspec -V`
where pmspec is the administrative command for port
monitor pmtag. This command is ttyadm for ttymon and
nlsadmin for listen. The version stamp of the port
monitor is known by the command and is returned when
pmspec is invoked with a -V option.
-y "comment"
Associate comment with the service entry in the port
monitor administrative file.
Copyright 1994 Novell, Inc. Page 5
pmadm(1M) pmadm(1M)
-z script
Used with the -g option to specify the name of the file
that contains the per-service configuration script. The
-z option overwrites the existing script. It is
suggested that you do the following three steps when you
modify/replace a configuration script. First a copy of
the existing script should be made (-g alone). Then the
copy should be edited. Finally, the copy is put in place
over the existing script (-g with -z).
OUTPUT
If successful, pmadm will exit with a status of 0. If it
fails for any reason, it will exit with a nonzero status.
Options that request information write the requested
information to the standard output. A request for information
using the -l option prints column headers and aligns the
information under the appropriate headings. In this format, a
missing field is indicated by a hyphen. A request for
information in the condensed format using the -L option prints
the information in colon-separated fields; missing fields are
indicated by two successive colons. # is the comment
character.
If the id argument is specified and the user ID given is not
the NULL string and is not a valid user ID on the machine,
pmadm will fail and will print the following error message:
invalid user identity
EXAMPLES
Add a service to a port monitor with tag pmtag. Give the
service the tag svctag. Port monitor-specific information is
generated by specpm. The service defined by svctag will be
invoked with identity root.
pmadm -a -p pmtag -s svctag -i root -m `specpm -a arg1 -b arg2` \
-v `specpm -V`
Add the same service to the same port monitor, but instead of
specifying the user ID root, specify an authentication scheme
(-S scheme), which will determine the user ID.
pmadm -a -p pmtag -s svctag -S scheme -m `specpm -a arg1 \
-b arg2` -v `specpm -V`
Copyright 1994 Novell, Inc. Page 6
pmadm(1M) pmadm(1M)
Add a service with service tag svctag, identity guest, and
port monitor-specific information generated by specpm to all
port monitors of type type:
pmadm -a -s svctag -t type -i guest -m `specpm -a arg1 -b arg2` \
-v `specpm -V`
Remove the service svctag from port monitor pmtag:
pmadm -r -p pmtag -s svctag
Enable the service svctag available through port monitor
pmtag:
pmadm -e -p pmtag -s svctag
Disable the service svctag available through port monitor
pmtag:
pmadm -d -p pmtag -s svctag
List status information for all services:
pmadm -l
List status information for all services available through the
port monitor with tag ports:
pmadm -l -p ports
List the same information in condensed format:
pmadm -L -p ports
List status information for all services available through
port monitors of type listen:
pmadm -l -t listen
Print the per-service configuration script associated with the
service svctag available through port monitor pmtag:
pmadm -g -p pmtag -s svctag
Copyright 1994 Novell, Inc. Page 7
pmadm(1M) pmadm(1M)
Associate authentication scheme scheme with the service svctag
on port monitor pmtag. The service runs with user ID id:
pmadm -c -S "scheme" -i id -p pmtag -s svctag
Remove the authentication scheme from the svctag service on
port monitor pmtag:
pmadm -c -S "" -p pmtag -s svctag
A network service tag is unique for a given port monitor. If
the administrator of a server machine wants to offer a network
service with more than one authentication scheme, a unique
service tag is required for each service/authentication scheme
combination. Similarly, if the administrator wants to change
the authentication scheme for a service, allowing a period of
time when both old and new authentication schemes are
available, then two unique service tags are required.
FILES
/etc/saf/pmtag/_config
/etc/saf/pmtag/svctag
/var/saf/pmtag/*
REFERENCES
doconfig(3I), sac(1M), sacadm(1M)
Copyright 1994 Novell, Inc. Page 8