smexec(1M)
NAME
smexec - manage entries in the exec_attr database
SYNOPSIS
/usr/sadm/bin/smexec subcommand [ auth_args] --
[subcommand_args]
DESCRIPTION
The smexec command manages an entry in the exec_attr(4)
database in the local /etc files name service or a NIS or
NIS+ name service.
subcommands
smexec subcommands are:
add Adds a new entry to the exec_attr(4) database. To add
an entry to the exec_attr database, the administrator
must have the solaris.profmgr.execattr.write authori-
zation.
delete
Deletes an entry from the exec_attr(4) database. To
delete an entry from the exec_attr database, the
administrator must have the
solaris.profmgr.execattr.write authorization.
modify
Modifies an entry in the exec_attr(4) database. To
modify an entry in the exec_attr database, the
administrator must have the
solaris.profmgr.execattr.write authorization.
OPTIONS
The smexec authentication arguments, auth_args, are derived
from the smc(1M) arg set and are the same regardless of
which subcommand you use. The smexec command requires the
Solaris Management Console to be initialized for the command
to succeed (see smc(1M)). After rebooting the Solaris
Management Console server, the first Solaris Management Con-
sole connection might time out, so you might need to retry
the command.
The subcommand-specific options, subcommand_args, must come
after the auth_args and must be separated from them by the
-- option.
auth_args
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are
all optional. If no auth_args are specified, certain
defaults will be assumed and the user may be prompted for
additional information, such as a password for authentica-
tion purposes. These letter options can also be specified by
their equivalent option words preceded by a double dash. For
example, you can use either -D or --domain with the domain
argument.
-D | --domain domain
Specifies the default domain that you want to manage.
The syntax of domain is type:/host_name/domain_name,
where type is nis, nisplus, dns, ldap, or file;
host_name is the name of the machine that serves the
domain; and domain_name is the name of the domain you
want to manage. (Note: Do not use nis+ for nisplus.)
If you do not specify this option, the Solaris Manage-
ment Console assumes the file default domain on what-
ever server you choose to manage, meaning that changes
are local to the server. Toolboxes can change the
domain on a tool-by-tool basis; this option specifies
the domain for all other tools.
-H | --hostname host_name:port
Specifies the host_name and port to which you want to
connect. If you do not specify a port, the system con-
nects to the default port, 898. If you do not specify
host_name:port, the Solaris Management Console con-
nects to the local host on port 898. You may still
have to choose a toolbox to load into the console. To
override this behavior, use the smc(1M) -B option, or
set your console preferences to load a "home toolbox"
by default.
-l | --rolepassword role_password
Specifies the password for the role_name. If you
specify a role_name but do not specify a
role_password, the system prompts you to supply a
role_password. Passwords specified on the command line
can be seen by any user on the system, hence this
option is considered insecure.
-p | --password password
Specifies the password for the user_name. If you do
not specify a password, the system prompts you for
one. Passwords specified on the command line can be
seen by any user on the system, hence this option is
considered insecure.
-r | --rolename role_name
Specifies a role name for authentication. If you do
not specify this option, no role is assumed.
-u | --username user_name
Specifies the user name for authentication. If you do
not specify this option, the user identity running the
console process is assumed.
-- This option is required and must always follow the
preceding options. If you do not enter the preceding
options, you must still enter the -- option.
subcommand_args
Note: Descriptions and other arg options that contain white
spaces must be enclosed in double quotes.
o For subcommand add:
-c command_path
Specifies the full path to the command associ-
ated with the new exec_attr entry.
-g egid
(Optional) Specifies the effective group ID that
executes with the command.
-G gid
(Optional) Specifies the real group ID that exe-
cutes with the command.
-h (Optional) Displays the command's usage state-
ment.
-n profile_name
Specifies the name of the profile associated
with the new exec_attr entry.
-t type
Specifies the type for the command. Currently,
the only acceptable value for type is cmd.
-u euid
(Optional) Specifies the effective user ID that
executes with the command.
-U uid
(Optional) Specifies the real user ID that exe-
cutes with the command.
o For subcommand delete:
-c command_path
Specifies the full path to the command associ-
ated with the exec_attr entry.
-h (Optional) Displays the command's usage state-
ment.
-n profile_name
Specifies the name of the profile associated
with the exec_attr entry.
-t type
Specifies the type cmd for command. Currently,
the only acceptable value for type is cmd.
o For subcommand modify:
-c command_path
Specifies the full path to the command associ-
ated with the exec_attr entry that you want to
modify.
-g egid
(Optional) Specifies the new effective group ID
that executes with the command.
-G gid
(Optional) Specifies the new real group ID that
executes with the command.
-h (Optional) Displays the command's usage state-
ment.
-n profile_name
Specifies the name of the profile associated
with the exec_attr entry.
-t type
Specifies the type cmd for command. Currently,
the only acceptable value for type is cmd.
-u euid
(Optional) Specifies the new effective user ID
that executes with the command.
-U uid
(Optional) Specifies the new real user ID that
executes with the command.
EXAMPLES
Example 1: Creating an exec_attr database entry
The following creates a new exec_attr entry for the User
Manager profile on the local file system. The entry type is
cmd for the command /usr/bin/cp. The command has an effec-
tive user ID of 0 and an effective group ID of 0.
./smexec add -H myhost -p mypasswd -u root -- -n "User Manager" \
-t cmd -c /usr/bin/cp -u 0 -g 0
Example 2: Deleting an exec_attr database entry
The following example deletes an exec_attr database entry
for the User Manager profile from the local file system. The
entry designated for the command /usr/bin/cp is deleted.
./smexec delete -H myhost -p mypasswd -u root -- -n "User Manager" \
-t cmd -c /usr/bin/cp
Example 3: Modifying an exec_attr database Entry
The following modifies the attributes of the exec_attr data-
base entry for the User Manager profile on the local file
system. The /usr/bin/cp entry is modified to execute with
the real user ID of 0 and the real group ID of 0.
./smexec modify -H myhost -p mypasswd -u root -- -n "User Manager" \
-t cmd -c /usr/bin/cp -U 0 -G 0
ENVIRONMENT VARIABLES
See environ(5) for a description of the JAVA_HOME environ-
ment variable, which affects the execution of the smexec
command. If this environment variable is not specified, the
/usr/java location is used. See smc(1M).
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 Invalid command syntax. A usage message displays.
2 An error occurred while executing the command. An
error message displays.
FILES
The following file is used by the smexec command:
/etc/security/exec_attr
Execution profiles database. See exec_attr(4).
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWmga |
|_____________________________|_____________________________|
SEE ALSO
smc(1M), exec_attr(4), attributes(5), environ(5)
Man(1) output converted with
man2html