Chapter 14 udb:
CLI Commands for Managing Users and Groups
This chapter describes the commands that you need to use to manage users
and groups.
Overview of the udb Commands
The CLI includes the following sets of commands for managing users and
groups.
Table 14–1 Sets of Commands for User Accounts, Groups, and Logins
|
CLI Prefix
|
Description of Command Set
|
|
udb.g
|
Commands for managing user groups.
|
|
udb.login
udb.logout
udb.whoami
|
Commands for managing login sessions
|
|
udb.p
|
Commands for managing permissions
|
|
udb.u
|
Commands for managing user accounts
|
|
udb.sv
|
Commands for managing session variables.
|
|
udb.l
|
Command for listing all login configurations.
|
This chapter describes all the commands in each of these sets.
udb.g: Managing User Groups
You can use the udb.g commands to define, modify,
delete, and list user groups.
Table 14–2 Summary of udb.g Commands
|
Command Name
|
Description
|
|
udb.g.add
|
Adds a new user group
|
|
udb.g.del
|
Deletes a user group
|
|
udb.g.la
|
Lists all the user groups
|
|
udb.g.lo
|
Retrieves information about the specified user group.
|
|
udb.g.lp
|
Lists the permissions granted to the specified group
|
|
udb.g.lu
|
Lists the users who are members of the specified group
|
|
udb.g.mod
|
Modifies an existing user group
|
udb.g.add
This command adds a new group.
Table 14–3 Arguments and Result for the udb.g.add Command
|
Argument/Result
|
Syntax
|
Description
|
|
n
|
Required
|
String
|
The new group name
|
|
d
|
Optional
|
String
|
The new group description
|
|
hostWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on hosts; default is false
|
|
notRuleWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on notification rules; default
is false
|
|
adminWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on ``admin: users and groups;''
default is false
|
|
diffWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on comparisons; default is
false
|
|
diffRun
|
Optional
|
String
|
The hostSet ID for which the new group has execute permission for comparisons.
An empty value removes the execute permission on any hostsets. To set this
permission for ``all'' hostsets, clients use the ``allhosts'' sentinel value.
|
|
ua
|
Optional
|
UserArray
|
The new group users
|
|
pga
|
Optional
|
GroupArray
|
The new group parent groups
|
|
cga
|
Optional
|
GroupArray
|
The new group child groups
|
|
result
|
Group
|
The new group
|
udb.g.del
This command deletes the specified group.
Note –
Deleting a group does not delete the user accounts in the group.
It simply deletes the group as a classification for the user accounts.
Table 14–4 Argument for the udb.g.del Command
|
Argument
|
Syntax
|
Description
|
|
ID
|
Required
|
GroupID
|
The group ID
|
udb.g.la
This command lists all the groups defined in the Sun N1 Service Provisioning System software.
Table 14–5 Result for the udb.g.la Command
|
Result
|
Syntax
|
Description
|
|
result
|
GroupArray
|
The groups
|
udb.g.lo
This command retrieves the specified group.
Table 14–6 Argument and Result for the udb.g.lo Command
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
GroupID
|
The group ID
|
|
result
|
Group
|
The group
|
udb.g.lp
This command lists the permissions granted to a group
Table 14–7 Argument and Result for the udb.g.lp
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
GroupID
|
The group ID
|
|
result
|
PermissionArray
|
The permissions
|
udb.g.lu
This command lists the members of the specified group
Table 14–8 Argument and Result for the udb.g.lu Command
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
GroupID
|
The group ID
|
|
result
|
UserArray
|
The users
|
udb.g.mod
This command modifies an existing group. Omitted arguments are overwritten.
Table 14–9 Arguments and Result for the udb.g.mod Command
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
GroupID
|
The group ID
|
|
n
|
Optional
|
String
|
The new group name
|
|
d
|
Optional
|
String
|
The new group description
|
|
hostWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on hosts
|
|
notRuleWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on notification rules
|
|
adminWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on ``admin: users and groups''
|
|
diffWrite
|
Optional
|
Boolean
|
Whether the new group has write permission on comparisons
|
|
diffRun
|
Optional
|
String
|
The hostSet ID for which the new group has execute permission for comparisons.
An empty value removes the execute permission on any hostsets. To set this
permission for ``all'' hostsets, clients use the ``allhosts'' sentinel value.
|
|
ua
|
Optional
|
UserArray
|
The new group users
|
|
pga
|
Optional
|
GroupArray
|
The new group parent groups
|
|
cga
|
Optional
|
GroupArray
|
The new group child groups
|
|
result
|
Group
|
The modified group
|
udb.u: Managing User Accounts
You can use the udb.u commands to manage individual
user accounts.
Table 14–10 Summary of udb.u Commands
|
Command Name
|
Description
|
|
udb.u.add
|
Adds a new user account
|
|
udb.u.cp
|
Changes the password of the specified user
|
|
udb.u.la
|
Lists all user accounts
|
|
udb.u.lo
|
Retrieves information about the specified user.
|
|
udb.u.lp
|
Lists the permissions granted to the specified user
|
|
udb.u.mod
|
Modifies the specified user account
|
udb.u.add
This command adds a new user.
Table 14–11 Arguments and Result for the udb.u.add Command
|
Argument
|
Syntax
|
Description
|
|
nu
|
Required
|
String
|
The user name of the new user
|
|
np
|
[O/R]
|
String
|
The plaintext password for the new user; required if an encoded password
is not available or supplied.
|
|
nep
|
[O/R]
|
String
|
The encoded password for the new user; required if a plaintext password
is not available or supplied.
|
|
ng
|
Optional
|
GroupArray
|
The user groups for the new user
|
|
hide
|
Optional
|
Boolean
|
Whether the user is set to hidden, default false
|
|
loginConfig
|
[O/R]
|
String
|
Login configuration to use for this user; default is ``internal,'' if
available, otherwise required
|
|
result
|
User
|
The new user
|
udb.u.cp
This command changes the password of the specified user.
Table 14–12 Arguments for the udb.u.cp Command
|
Argument
|
Syntax
|
Description
|
|
un
|
Required
|
String
|
The user name of the user whose password should be changed.
|
|
op
|
[O/R]
|
String
|
The old plaintext password.
|
|
oep
|
[O/R]
|
String
|
The old encoded password.
|
|
np
|
[O/R]
|
String
|
The new plaintext password.
|
|
nep
|
[O/R]
|
String
|
The new encoded password.
|
udb.u.la
This command lists all user accounts.
Table 14–13 Argument and Result for the udb.u.la Command
|
Argument/Result
|
Syntax
|
Description
|
|
sh
|
Optional
|
Boolean
|
Whether hidden users are shown, default false
|
|
result
|
UserArray
|
The users
|
udb.u.lo
The udb.u.lo command retrieves the specified user.
Table 14–14 Argument and Result for the udb.u.lo Command
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
UserID
|
The user ID
|
|
result
|
User
|
The user
|
udb.u.lp
This command lists the permissions granted to a user.
Table 14–15 Argument/Result for the udb.u.lp Command
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
UserID
|
The user ID
|
|
result
|
PermissionArray
|
The permissions
|
udb.u.mod
This command modifies an existing user; omitted arguments are overwritten.
Table 14–16 Argument/Result for the udb.u.mod Command
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
UserID
|
The user ID
|
|
np
|
Optional
|
String
|
The new plaintext password for the user, cannot be used in conjunction
with the an encoded password
|
|
nep
|
Optional
|
String
|
The new encoded password for the user, cannot be used in conjunction
with the a plaintext password
|
|
ng
|
Optional
|
GroupArray
|
The new user groups for the user
|
|
hide
|
Optional
|
Boolean
|
Whether the user is set to hidden
|
|
active
|
Optional
|
Boolean
|
Whether the user is set to active
|
|
forceFlush
|
Optional
|
Boolean
|
True means flush the user's session variables, if needed, false means
abort the modification. Defaults to false.
|
|
loginConfig
|
Optional
|
String
|
The new login configuration for the user
|
|
result
|
User
|
The modified user
|
udb.sv: Managing Session Variables
You can use the udb.sv commands to manage session
variables.
Table 14–17 Summary of udb.sv Commands
|
Command Name
|
Description
|
|
udb.sv.add
|
Adds a new session variable.
|
|
udb.sv.del
|
Deletes a session variable.
|
|
udb.sv.fl
|
Flushes all of a user's session variables.
|
|
udb.sv.la
|
Lists all session variables.
|
|
udb.sv.lo
|
Retrieves information about the session variable.
|
|
udb.sv.mod
|
Modifies the specified session value.
|
|
udb.sv.re
|
Reencrypts all of a user's session variables.
|
udb.sv.add
This command adds a new session variable (a password must be set using
the -p parameter if variables are to be persisted).
Note –
If you are logged in to the HTML user interface and you add a
session variable through the CLI, the session variable name will display without
the value when you refresh the list of variables. To display the new session
variable's value, log out of the HTML user interface and log back in.
Table 14–18 Arguments and Result for the udb.sv.add Command
|
Argument
|
Syntax
|
Description
|
|
name
|
Required
|
String
|
The new session variable name
|
|
secure
|
Optional
|
Boolean
|
Whether or not the value should be displayed; true means no; default
false
|
|
desc
|
Optional
|
String
|
The new session variable value description
|
|
value
|
Required
|
String
|
The new session variable value for this user.
If the value for the variable is an empty string, enter: -
value ""
|
|
result
|
SessionVariable
|
The new session variable
|
udb.sv.del
This command deletes a session variable.
Table 14–19 Arguments for the udb.sv.del Command
|
Argument
|
Syntax
|
Description
|
|
name
|
Required
|
String
|
The name of the session variable to delete
|
udb.sv.fl
This command flushes all of a user's session variables.
Table 14–20 Arguments for the udb.sv.fl Command
|
Argument
|
Syntax
|
Description
|
|
u
|
Required
|
String
|
The name of the user
|
|
p
|
[O/R]
|
String
|
The plaintext password for the user
|
|
ep
|
[O/R]
|
String
|
The encoded password for this user
|
udb.sv.la
This command lists all session variables.
Table 14–21 Argument and Result for the udb.sv.la Command
|
Argument/Result
|
Syntax
|
Description
|
|
result
|
SessionVariableSet
|
The variables available to this user
|
udb.sv.lo
This command retrieves the specified session variable
Table 14–22 Argument and Result for the udb.sv.lo Command
|
Argument/Result
|
Syntax
|
Description
|
|
name
|
Required
|
String
|
The name of the session variable to show
|
|
result
|
SessionVariable
|
The session variable
|
udb.sv.mod
This command modifies a session variable; a password must be set using
the -p parameter if variables are to be persisted.
Table 14–23 Argument/Result for the udb.sv.mod Command
|
Argument/Result
|
Syntax
|
Description
|
|
name
|
Required
|
String
|
The name of the session variable to modify
|
|
secure
|
Optional
|
String
|
Whether or not the value should be displayed; true means no; default
false
|
|
desc
|
Optional
|
String
|
The new session variable description
|
|
value
|
Optional
|
String
|
The new session variable value for this user
|
|
result
|
SessionVariable
|
The new session variable
|
udb.sv.re
This command reencrypts all of a user's session variables.
Table 14–24 Arguments for the udb.sv.re Command
|
Argument
|
Syntax
|
Description
|
|
u
|
Required
|
String
|
The name of the user
|
|
p
|
[O/R]
|
String
|
The plaintext password for the user
|
|
ep
|
[O/R]
|
String
|
The encoded password for the user
|
|
op
|
[O/R]
|
String
|
The old plaintext password used to encrypt these variables
|
|
oep
|
[O/R]
|
String
|
The old encoded password used to encrypt these variables
|
Authentication Commands
udb.login
Logs in a user and returns a SessionID that can be used for authentication.
To send the session ID to a file, the arguments -o and -of must be specified before the username and password. The usage of -o and -of options is shown inTable 1–1
Table 14–25 Result of the udb.login Command
|
Argument
|
Syntax
|
Description
|
|
u
|
Required
|
String
|
The username
|
|
p
|
[O/R]
|
String
|
The plaintext user password; required if the encoded password is not
available or supplied.
|
|
ep
|
[O/R]
|
String
|
The encoded user password; required if the plaintext password is not
available or supplied.
|
|
result
|
SessionID
|
The session ID
|
Example 14–1 Example
of Sending the Session ID to a File
This example demonstrates how to save a session ID for reuse.
- Name of formatter
-
serialized
- Name of output file
-
sessionid
# cr_cli -cmd udb.login -o serialized -of sessionid -u admin -p admin
|
udb.logout
This command logs out the user who runs it. To logout from a session using the CLI
command cr_cli, the —s (session id) argument needs to be specified. The session
id is returned after a successful execution of udb.login command. Please refer
to the udb.login command on how to save a session id to a file.
# cr_cli -cmd udb.logout -s session_id
|
Note –
The —s parameter is not
required if the command is run inside a Jython shell (clij).
udb.whoami
This command returns the owner of the current session.
Table 14–26 Result of the udb.whoami Command
|
Result
|
Syntax
|
Description
|
|
result
|
UserID
|
The current user ID
|
udb.p: Commands for Managing Permissions
The udb.p commands enable you to display information
about the permissions established in the Sun N1 Service Provisioning System software.
Table 14–27 Summary of the udb.p Commands
|
Command
|
Description
|
|
udb.p.la
|
Lists all permissions.
|
|
udb.p.lo
|
Retrieves the specified permission.
|
udb.p.la
This command lists all permissions.
Table 14–28 Result for the udb.p.la Command
|
Result
|
Syntax
|
Description
|
|
result
|
PermissionArray
|
The permissions
|
udb.p.lo
This command retrieves the specified permission..
Table 14–29 Argument and Result for the udb.p.lo Command
|
Argument/Result
|
Syntax
|
Description
|
|
ID
|
Required
|
PermissionID
|
The permission ID
|
|
result
|
Permission
|
The permission
|
udb.l: Managing Login Configurations
udb.l.la
This command lists all of the login configurations.
Table 14–30 Result for the udb.l.la Command
|
Argument
|
Syntax
|
Description
|
|
result
|
LoginConfiguration- Array
|
The list of login configurations
|
Download this book in PDF (730 KB)