smattrpop(1M) System Administration Commands smattrpop(1M)NAMEsmattrpop - populate security attribute databases in a name service
SYNOPSISsmattrpop [-c ] [-f] [-m] [-p policy] [-r] -s scope -t scope [-v] data‐
base
DESCRIPTION
The smattrpop command updates the auth_attr(4), exec_attr(4),
prof_attr(4), and user_attr(4) role-based access control databases in a
target NIS, NIS+, LDAP, or local /etc files name service from the cor‐
responding databases in a source name service or files.
This command processes the table entries from the source database and
merges each source entry field into the same field in the corresponding
table entry in the target database. If a source entry does not exist in
the target database, the entry is created. If the source entry exists
in the target database, the fields are merged or replaced according to
the command options.
Any errors encountered while updating the target entry are reported to
stdout, and the command continues with the next source database entry.
OPTIONS
The following options are supported:
-c Performs cross-table checking. If you specify this
option and a check error occurs, a message identifying
the check error is written to stdout.
The target entry values are checked against entries in
related databases:
· auths values — Each value must exist as the name
of an authorization in the auth_attr(4) database.
· profiles values — Each value must exist as a name
of a profile in the prof_attr(4) database.
· roles values — Each value must exist as the name
of a role identity in the user_attr(4) database.
· For each exec_attr(4) entry in the source data‐
base, the name must exist as the name of a profile
in the prof_attr(4) database.
-f Specifies that the value in each field in the source
entry replaces the value in the corresponding field in
the target entry, if the source entry field has a non-
empty value.
-m For the auths, profiles, and roles attributes, speci‐
fies that the values in each field in the source entry
are merged with the values in the corresponding target
entry field. If a source value does not exist in the
target field, the value is appended to the set of tar‐
get values. If the target field is empty, the source
values replace the target field. The attribute values
that merge depend on the database being updated:
· prof_attr(4) — the auths and profiles attribute
values are merged.
· user_attr(4) — the auths, profiles, and roles
attribute values are merged.
· exec_attr(4) — the uid, gid, euid, and egid values
are merged.
-p policy Specifies the value of the policy field in the
exec_attr(4) database. Valid values are suser (standard
Solaris superuser) and tsol (Trusted Solaris). If you
specify this option, only the entries in the source
exec_attr database with the specified policy are pro‐
cessed. If you omit this option, all entries in the
source exec_attr database are processed.
-r Specifies that role identities in the user_attr(4)
database in the source name service are processed. If
you omit this option, only the normal user entries in
the user_attr source database are processed.
-s scope Specifies the source name service or local file direc‐
tory for database updates, using the following syntax:
type:/server/domain
where type indicates the type of name service. Valid
values for type are:
· file — local files
· nis — NIS name service
· nisplus — NIS+ name service
· ldap — LDAP name service
server indicates the local host name of the Solaris
system on which the smattrpop command is executed, and
on which both the source and target databases exist.
domain specifies the management domain name for the
name service.
You can use two special cases of scope values:
· To indicate the databases in the /etc/security
local system directory, use the scope
file:/server, where server is the name of the
local system.
· To load from databases in an arbitrary directory
on the Solaris server, use the scope
file:/server/pathname, where where server is the
name of the local system and pathname is the
fully-qualified directory path name to the data‐
base files.
-t scope Specifies the target name service or local file direc‐
tory for database updates, using the following syntax:
type:/server/domain
where type indicates the type of name service. Valid
values for type are:
· file — local files
· nis — NIS name service
· nisplus — NIS+ name service
· ldap — LDAP name service
server indicates the local host name of the Solaris
system on which the smattrpop command is executed, and
on which both the source and target databases exist.
domain specifies the management domain name for the
name service.
You can use two special cases of scope values:
· To indicate the databases in the /etc/security
local system directory, use the scope
file:/server, where server is the name of the
local system.
· To update to databases in an arbitrary directory
on the Solaris server, use the scope
file:/server/pathname, where where server is the
name of the local system and pathname is the
fully-qualified directory path name to the data‐
base files.
-v Specifies that verbose messages are written. A message
is written to stdout for each entry processed.
OPERANDS
The following operands are supported:
database Populates one or all databases. You can specify either
the name of the database you want to process (for exam‐
ple, auth_attr), or all to process all databases. If
you specify all, the databases are processed in the
following order:
1. auth_attr(4)
2. prof_attr(4)
3. exec_attr(4)
4. user_attr(4)EXAMPLES
Example 1: Populating all tables in the NIS name service
The following example merges the values from all four attribute data‐
bases in the /etc/security directory of the local system into the cor‐
responding tables in the NIS domain, east.example.com. The command is
executed on the master server, hoosier, for the NIS domain and the
source files are in the /etc and /etc/security directories on the NIS
master server. No cross-table checking is performed. A summary message
indicating the number of entries processed and updated for each table
is written to stdout.
/usr/sadm/bin/smattrpop -s file:/hoosier \
-t nis:/hoosier/east.example.com all
Example 2: Updating the authorization table in the NIS+ name service
This example merges new authorization data from a local system file in
the auth_attr text format into the existing auth_attr database in the
NIS+ domain, east.example.com. The command is executed on the NIS+ mas‐
ter server, foobar. Values from the source auth_attr file replace the
corresponding field values in the NIS+ tables for each entry. A message
is written to stdout for each entry processed. Database cross-checking
is performed and any check error is written to stdout. A summary mes‐
sage indicating the number of entries processed and updated for the
auth_attr database is written to stdout.
/usr/sadm/bin/smattrpop -c -f -v -s file:/foobar/var/temp \
-t nisplus:/foobar/East.Sun.COM auth_attr
ENVIRONMENT VARIABLES
See environ(5) for a description of the JAVA_HOME environment variable,
which affects the execution of the smattrpop command. If this environ‐
ment variable is not specified, the /usr/java location is used. See
smc(1M).
EXIT STATUS
Any errors encountered while updating the target entry are reported to
stdout. The following exit values are returned:
0 The specified tables were updated. Individual entries may have
encountered checking errors.
1 A syntax error occurred in the command line.
2 A fatal error occurred and the tables were not completely pro‐
cessed. Some entries may have been updated before the failure.
FILES
/etc/security/auth_attr Authorization description database. See
auth_attr(4).
/etc/security/exec_attr Execution profiles database. See
exec_attr(4).
/etc/security/prof_attr Profile description database. See
prof_attr(4).
/etc/user_attr Extended user attribute database. See
user_attr(4).
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWmga │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOsmc(1M), smexec(1M), smprofile(1M), auth_attr(4), exec_attr(4),
prof_attr(4), user_attr(4), attributes(5), environ(5)SunOS 5.10 16 Jun 2000 smattrpop(1M)
