Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

smattrpop


NAME
     smattrpop - populate security attribute databases in a  name
     service

SYNOPSIS
     smattrpop [-c ] [-f] [-m] [-p policy] [-r] -s scope -t scope
     [-v] database

DESCRIPTION
     The   smattrpop   command    updates    the    auth_attr(4),
     exec_attr(4),   prof_attr(4),  and  user_attr(4)  role-based
     access control databases in a target  NIS,  NIS+,  LDAP,  or
     local  /etc  files name service from the corresponding data-
     bases in a source name service or files.

     This command processes the table  entries  from  the  source
     database  and  merges  each source entry field into the same
     field in the corresponding table entry in the  target  data-
     base.  If  a source entry does not exist in the target data-
     base, the entry is created. If the source  entry  exists  in
     the  target  database,  the  fields  are  merged or replaced
     according to the command options.

     Any errors encountered while updating the target  entry  are
     reported  to stdout, and the command continues with the next
     source database entry.

OPTIONS
     The following options are supported:

     -c              Performs  cross-table   checking.   If   you
                     specify   this  option  and  a  check  error
                     occurs,  a  message  identifying  the  check
                     error is written to stdout.

                     The target entry values are checked  against
                     entries in related databases:

                       o  auths values - Each value must exist as
                          the  name  of  an  authorization in the
                          auth_attr(4) database.

                       o  profiles values - Each value must exist
                          as   a   name   of  a  profile  in  the
                          prof_attr(4) database.

                       o  roles values - Each value must exist as
                          the  name  of  a  role  identity in the
                          user_attr(4) database.

                       o  For  each  exec_attr(4)  entry  in  the
                          source database, the name must exist as
                          the  name   of   a   profile   in   the
                          prof_attr(4) database.




     -f              Specifies that the value in  each  field  in
                     the  source  entry replaces the value in the
                     corresponding field in the target entry,  if
                     the  source  entry  field  has  a  non-empty
                     value.



     -m              For the auths, profiles,  and  roles  attri-
                     butes,  specifies  that  the  values in each
                     field in the source entry  are  merged  with
                     the values in the corresponding target entry
                     field. If a source value does not  exist  in
                     the  target  field, the value is appended to
                     the set of  target  values.  If  the  target
                     field  is  empty,  the source values replace
                     the target field. The attribute values  that
                     merge depend on the database being updated:

                       o  prof_attr(4) - the auths  and  profiles
                          attribute values are merged.

                       o  user_attr(4) - the auths, profiles, and
                          roles attribute values are merged.

                       o  exec_attr(4) - the uid, gid, euid,  and
                          egid values are merged.




     -p policy       Specifies the value of the policy  field  in
                     the  exec_attr(4) database. Valid values are
                     suser (standard Solaris superuser) and  tsol
                     (Trusted   Solaris).  If  you  specify  this
                     option,  only  the  entries  in  the  source
                     exec_attr database with the specified policy
                     are processed. If you omit this option,  all
                     entries in the source exec_attr database are
                     processed.



     -r              Specifies  that  role  identities   in   the
                     user_attr(4)  database  in  the  source name
                     service are  processed.  If  you  omit  this
                     option,  only the normal user entries in the
                     user_attr source database are processed.



     -s scope        Specifies the source name service  or  local
                     file  directory  for database updates, using
                     the following syntax:


                     type:/server/domain



                     where type indicates the type of  name  ser-
                     vice. Valid values for type are:


                       o  file - local files

                       o  nis - NIS name service

                       o  nisplus - NIS+ name service

                       o  ldap - LDAP name service

                     server indicates the local host name of  the
                     Solaris  system  on which the smattrpop com-
                     mand is executed,  and  on  which  both  the
                     source and target databases exist.

                     domain specifies the management domain  name
                     for the name service.

                     You can  use  two  special  cases  of  scope
                     values:


                       o  To  indicate  the  databases   in   the
                          /etc/security  local  system directory,
                          use  the  scope   file:/server,   where
                          server is the name of the local system.

                       o  To load from databases in an  arbitrary
                          directory  on  the  Solaris server, use
                          the scope file:/server/pathname,  where
                          where  server  is the name of the local
                          system  and  pathname  is  the   fully-
                          qualified  directory  path  name to the
                          database files.


     -t scope        Specifies the target name service  or  local
                     file  directory  for database updates, using
                     the following syntax:


                     type:/server/domain



                     where type indicates the type of  name  ser-
                     vice. Valid values for type are:


                       o  file - local files

                       o  nis - NIS name service

                       o  nisplus - NIS+ name service

                       o  ldap - LDAP name service

                     server indicates the local host name of  the
                     Solaris  system  on which the smattrpop com-
                     mand is executed,  and  on  which  both  the
                     source and target databases exist.

                     domain specifies the management domain  name
                     for the name service.

                     You can  use  two  special  cases  of  scope
                     values:


                       o  To  indicate  the  databases   in   the
                          /etc/security  local  system directory,
                          use  the  scope   file:/server,   where
                          server is the name of the local system.

                       o  To update to databases in an  arbitrary
                          directory  on  the  Solaris server, use
                          the scope file:/server/pathname,  where
                          where  server  is the name of the local
                          system  and  pathname  is  the   fully-
                          qualified  directory  path  name to the
                          database files.



     -v              Specifies that verbose messages are written.
                     A  message  is  written  to  stdout for each
                     entry processed.

OPERANDS
     The following operands are supported:

     database        Populates one  or  all  databases.  You  can
                     specify  either the name of the database you
                     want to process (for example, auth_attr), or
                     all   to  process  all  databases.   If  you
                     specify all, the databases are processed  in
                     the following order:

                         1.  auth_attr(4)


                         2.  prof_attr(4)


                         3.  exec_attr(4)


                         4.  user_attr(4)





EXAMPLES
     Example 1: Populating all tables in the NIS name service

     The following example merges the values from all four attri-
     bute  databases  in the /etc/security directory of the local
     system into the corresponding  tables  in  the  NIS  domain,
     east.example.com.  The  command  is  executed  on the master
     server, hoosier, for the NIS domain and the source files are
     in  the /etc and /etc/security directories on the NIS master
     server. No cross-table checking is performed. A summary mes-
     sage  indicating the number of entries processed and updated
     for each table is written to stdout.


     /usr/sadm/bin/smattrpop -s file:/hoosier \
               -t nis:/hoosier/east.example.com all


     Example 2: Updating the authorization table in the NIS+ name
     service

     This example merges new authorization data from a local sys-
     tem  file  in  the  auth_attr  text format into the existing
     auth_attr database in the NIS+ domain, east.example.com. The
     command  is  executed  on  the  NIS+  master server, foobar.
     Values  from  the  source   auth_attr   file   replace   the
     corresponding  field  values  in  the  NIS+  tables for each
     entry. A message is written to stdout for  each  entry  pro-
     cessed.  Database  cross-checking is performed and any check
     error is written to stdout. A summary message indicating the
     number  of  entries  processed and updated for the auth_attr
     database is written to stdout.


     /usr/sadm/bin/smattrpop -c -f -v -s file:/foobar/var/temp \
               -t nisplus:/foobar/East.Sun.COM auth_attr


ENVIRONMENT VARIABLES
     See environ(5) for a description of the  JAVA_HOME  environ-
     ment  variable, which affects the execution of the smattrpop
     command.  If this environment variable is not specified, the
     /usr/java location is used. See smc(1M).

EXIT STATUS
     Any errors encountered while updating the target  entry  are
     reported to stdout. The following exit values are returned:

     0        The  specified  tables  were  updated.   Individual
              entries may have encountered checking errors.



     1        A syntax error occurred in the command line.



     2        A fatal error occurred and the tables were not com-
              pletely  processed.  Some  entries  may  have  been
              updated before the failure.



FILES
     /etc/security/auth_attr         Authorization    description
                                     database. See auth_attr(4).



     /etc/security/exec_attr         Execution profiles database.
                                     See exec_attr(4).



     /etc/security/prof_attr         Profile  description   data-
                                     base. See prof_attr(4).



     /etc/user_attr                  Extended   user    attribute
                                     database. See user_attr(4).



ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWmga                     |
    |_____________________________|_____________________________|


SEE ALSO
     smc(1M),    smexec(1M),     smprofile(1M),     auth_attr(4),
     exec_attr(4),   prof_attr(4),  user_attr(4),  attributes(5),
     environ(5)










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments