Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ tfadmin(1M) — UnixWare 2.01

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

adminuser(1M)

adminrole(1M)

intro(2)






       tfadmin(1M)                                              tfadmin(1M)


       NAME
             tfadmin - invoke a command, regulating privilege based on TFM
             database information

       SYNOPSIS
             tfadmin [role:] cmd [args]
             tfadmin -t [role:] cmd[:priv[:priv. . .]]

       DESCRIPTION
             The tfadmin command invokes a command at the request of an
             administrative user.  If the user is allowed to use privileges
             with the command, tfadmin places the allowed privileges in the
             maximum and working privilege sets of the process before
             invoking the command.

             role is a role name defined in the administrative database for
             Trusted Facility Management.

             cmd can be either a command defined in the TFM database or it
             can be the full pathname of a command.  The executable file
             associated with cmd will be executed only if the user has been
             defined as an administrator and has access to cmd.

             If cmd is a full pathname, the last component of the pathname
             (the basename) will be searched for in the TFM database. If
             role was specified, the search will be limited to the
             definition for the specified role.  If not, each role assigned
             to the user will be searched, in the order that the roles were
             assigned to the user (see adminuser(1M)).  Finally, any
             individual commands, outside any assigned roles, assigned to
             the user, will be searched.

             If cmd or the basename does not exist in the user definition,
             tfadmin issues an error and exits with an error code.  If the
             path associated with cmd in the administrative database is not
             equal to the full pathname specified for cmd, tfadmin issues a
             diagnostic message.

             args are a set of command arguments to be passed to the
             program indicated by cmd.

             priv is the name of a process privilege.  (See intro(2) for a
             complete list of process privileges.)





                           Copyright 1994 Novell, Inc.               Page 1













      tfadmin(1M)                                              tfadmin(1M)


            In addition, if the -t option is used, a privilege vector,
            consisting of one or more privilege names separated by colons
            (e.g., macread:mount) may be appended to the role-command
            pair, separated from it by a colon (for example,
            SSA:mount:macread:mount).  This privilege list is meaningful
            only when the -t option is used, because it is used to test
            whether the given command can be executed by the invoking user
            with the specified privileges.

            The tfadmin command takes the following options:

            -t    Test whether the user can invoke the given command with
                  the (optionally) given privileges.  Do not execute the
                  command.

            No options
                  Execute the specified command for the invoking user
                  taking the definition from the role argument (if
                  supplied).  If the role does not exist in that user's
                  role list, print a message and fail.

      REFERENCES
            adminuser(1M), adminrole(1M), intro(2)

      DIAGNOSTICS
            If the requested operation succeeds, tfadmin executes the
            command, and, therefore, does not exit.  The invoked command
            exits with whatever value is appropriate.  If the -t option is
            used and the requested privileges would have been granted to
            the user invoking the requested command within the requested
            role, tfadmin exits with a 0.  If the -t option was specified
            and tfadmin would have denied the request, tfadmin exits with
            a 1.  If the operation fails for any reason, tfadmin exits
            with a 1 and issues a diagnostic message.

            The following diagnostic messages are printed by tfadmin:

                  cannot execute program file: ``path''

                  undefined command name ``cmd''

                  user not allowed

                  cannot set up maximum privilege set




                          Copyright 1994 Novell, Inc.               Page 2













       tfadmin(1M)                                              tfadmin(1M)


                   full path to TFM database must be specified

                   TFM database does not exist

                   improper command name: ``string''

                   invalid process privilege: ``string''

                   unrecognized privilege number: ``number''







































                           Copyright 1994 Novell, Inc.               Page 3








Typewritten Software • bear@typewritten.org • Edmonds, WA 98026