Sun Fire V20z and Sun Fire V40z Servers--Server Management Guide
|
|
The access command validates a user's authority or controls authorization services. Using the access command, you can retrieve information about user groups, add a user to or delete a user from a group, and specify a mapping between site-defined administrative groups and the administrative groups that are used to authorize actions on the Service Processor.
TABLE B-1 lists the groups of access subcommands.
TABLE B-1 Access Subcommand Groups
Subcommand Group
|
Description
|
access groups
|
Returns the authorization group for a specific user or a list of defined groups.
|
access map
|
Maps, unmaps and returns a list of existing site-specified group names (the directory service group) mapped to one of the standard administrative groups.
|
access public key
|
Manages public keys and public key users.
|
access services
|
Enables, disables, or defines a directory services mechanism that determines a user's group memberships.
|
access trust
|
Creates a host-based trust relationship for the specified host.
|
access user
|
Manages local users or a group of users.
|
Note - Every command returns a return code upon completion.
|
Access Groups Subcommands
The subcommands in TABLE B-2 return the authorization group for a specific user or a list of defined groups.
TABLE B-2 Access Group Subcommands
Subcommand
|
Description
|
access get group
|
Returns the authorization group for the specified user.
|
access get groups
|
Returns a list of the groups defined, including the standard groups.
|
Access Get Group Subcommand
Description: Returns the authorization group for the specified user.
Format
Command format:
access get group
Return Codes
TABLE B-3 lists the return codes for this subcommand.
TABLE B-3 Return Codes for Subcommand access get group
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, etc.) was not found.
|
Access Get Groups Subcommand
Description: Returns a list of the groups defined, including the standard groups.
Format
Command format:
access get groups
Return Codes
TABLE B-4 lists the return codes for this subcommand.
TABLE B-4 Return Codes for Subcommand access get groups
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
Access Map Subcommands
The subcommands in TABLE B-5 manage mappings between existing site-specified groups and one of the standard administrative groups.
TABLE B-5 Access Map Subcommands
Subcommand
|
Description
|
access get map
|
Returns the names of all the site-specified groups mapped to a specific administrative group.
|
access map
|
Maps an existing site-specified group name (the directory-service group) to one of the standard administrative groups.
|
access unmap
|
Removes the directory-service group and administrative group mapping.
|
Access Get Map Subcommand
Description: Returns the names of all the site-specified groups mapped to a specific administrative group.
Format
Command format:
access get map [{-H | --noheader}][{-D | --delim <DELIMITER>}]
TABLE B-6 lists the arguments for this subcommand.
TABLE B-6 Arguments for Subcommand access get map
Argument
|
Description
|
{ -H | --noheader }
|
Suppresses column headings.
|
{ -D | --delim }
|
Delimits columns with the specified delimiter. Headings are also delimited unless suppressed. The delimiter can be any character or string.
|
To return mappings for all groups, omit the group name from the command line.
Return Codes
TABLE B-7 lists the return codes for this subcommand.
TABLE B-7 Return Codes for Subcommand access get map
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
Access Map Subcommand
Description: Maps an existing site-specified group name (the directory-services group) to one of the standard administrative groups.
Format
Command format:
access map {-d | --dsgroup} DIRECTORY-SERVICES-GROUP {-g | --group} LOCAL-GROUP {-v | --verify}
TABLE B-8 lists the arguments for this subcommand.
TABLE B-8 Arguments for Subcommand access map
Argument
|
Description
|
{-d | --dsgroup}
|
The name of the directory-services group for which you wish to map to a standard administrative group.
|
{-g | --group}
|
The name of the standard administrative group to which you wish to map to the directory-services group.
|
{-v | --verify}
|
Verifies the group existence.
|
Return Codes
TABLE B-9 lists the return codes for this subcommand.
TABLE B-9 Return Codes for Subcommand access map
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_InvalidOpForState
|
22
|
Invalid operation for current state.
|
Access Unmap Subcommand
Description: Removes the directory service group and administrative group mapping.
Format
Command format:
access unmap [-a | --all] DIRECTORY-SERVICES-GROUP
TABLE B-10 lists the arguments for this subcommand.
TABLE B-10 Arguments for Subcommand access unmap
Argument
|
Description
|
DIRECTORY-SERVICES-GROUP
|
The name of the directory services group for which you wish to remove a mapping.
|
[-a | --all]
|
Removes mappings for all of the directory services groups.
|
Return Codes
TABLE B-11 lists the return codes for this subcommand.
TABLE B-11 Return Codes for Subcommand access unmap
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Directory Services Subcommands
Services defines a directory-services mechanism that determines the group memberships for a user. Remote users gain access to the Service Processor features only through these group mappings that relate a directory-services group to a local Service-Processor administrative group.
Therefore, using the command access map, the administrator must set up the appropriate directory-services configuration and create mappings from the directory-services groups to local Service-Processor administrative groups.
TABLE B-12 lists the Access Directory Services subcommands.
TABLE B-12 Access Directory Services Subcommands
Subcommand
|
Description
|
access disable service
|
Disables a directory service.
|
access enable service
|
Enables a directory service.
|
access get services
|
Defines a directory services mechanism that determines the group memberships for a user.
|
Access Disable Service Subcommand
Description: Disables a directory service (either NIS or ADS) from the name-service lookup system on the SP.
Format
Command format:
access disable service {nis | ads}
TABLE B-13 lists the argument for this subcommand.
TABLE B-13 Argument for Subcommand access disable service
Argument
|
Description
|
{nis | ads }
|
Specifies the service type: NIS or ADS.
|
Return Codes
TABLE B-14 lists the return codes for this subcommand.
TABLE B-14 Return Codes for Subcommand access disable service
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_InvalidOpForState
|
22
|
Invalid operation for current state.
|
Access Enable Service Subcommand
Description: Enables a directory service (either NIS or ADS) to name-service lookup system on the SP.
Format
Command format:
access enable service nis {-d | --domain} DOMAIN NAME {-s | --server } SERVER
access enable service ads {-d | --domain} DOMAIN NAME {-s | --server } SERVER {-k | --keytab} KEYTAB FILENAME {-o | --ou} ORGANIZATIONAL UNIT {-l|--logon} LOGON
TABLE B-15 lists the arguments for this subcommand.
TABLE B-15 Arguments for Subcommand access enable service
Argument
|
Description
|
{-d | --domain}
|
Specifies the domain name.
|
{-s | --server}
|
Specifies the server.
|
{-k | --keytab}
|
For ADS only: Specifies the ADS keytab file name.
|
{-o | --ou}
|
For ADS only: Specifies the organizational unit under which the name-service library looks for group data.
|
{-l | --logon}
|
For ADS only: Specifies the logon ID for the active directory account.
|
To use ADS as a directory service on the SP, you must create an active directory account. The name-service library on the SP uses this account to authenticate itself to the LDAP interface of the active directory server. A Windows administrator can create the keytab for this account using the following command:
ktpass -princ <logon>@<domain> -pass <password> -mapuser <logon> -out <output filename>
The keytab file must then be securely transferred to the SP using an encrypted file-transfer mechanism.
The clock on the SP must be accurate and DNS must be set up (meaning that the SP must have a DNS record).
If a directory service has been previously enabled, you can specify the following command and options; the saved settings are then used to re-enable the service.
access enable service -t <nis | ads>
Return Codes
TABLE B-16 lists the return codes for this subcommand.
TABLE B-16 Return Codes for Subcommand access enable service
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path, etc.) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_FileError
|
18
|
File open, file missing, or a read or write error occurred.
|
NWSE_InvalidOpForState
|
22
|
Invalid operation for current state.
|
Access Get Services Subcommand
Description: Returns a string containing the current naming services option (NIS or ADS).
Format
Command format:
access get services [ {-t | --type } nis [{-d | --domain} | {-s | --server}] [-H | --noheader]] [{-D | --delim <DELIMITER>}]
access get services [ {-t | --type } ads [{ -d | --domain} | {-s | --server} | {-l | --logonID} | {-o | --ou}] [-H | --noheader]] [{-D | --delim <DELIMITER>}
TABLE B-17 lists the arguments for this subcommand.
TABLE B-17 Arguments for Subcommand access get services
Argument
|
Description
|
{-t | --type }
|
Returns information about the configuration of either the NIS or ADS service. You must specify -t to return a list of enabled services.
|
{-d | --domain}
|
Returns domain information. Only one of the parameters -d and -s are permitted at a time.
|
{-s | --server}
|
Returns server information. Only one of the parameters -d and -s are permitted at a time.
|
{-l | --ID}
|
For ADS only: Returns the ADS logon ID. Only one of the parameters -o and -l are permitted at a time.
|
{-o | --ou}
|
For ADS only: Returns the organization unit information. Only one of the parameters -o and -l are permitted at a time.
|
[-H | --noheader]
|
Suppresses header output.
|
{-D | --delim <DELIMITER>}
|
Delimits columns with the specified delimiter. Headings are also delimited unless suppressed. The delimiter can be any character or string.
|
Return Codes
TABLE B-18 lists the return codes for this subcommand.
TABLE B-18 Return Codes for Subcommand access get services
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
Access Trust Subcommands
Adding host-based trusts provides many-to-one scripting solutions. Once a host equivalence relationship has been created with a client, users on that client can remotely execute commands on the SP without being prompted for a password.
TABLE B-19 lists the commands related to trusted-host relationships.
TABLE B-19 Access Trust Subcommands
Subcommand
|
Description
|
access add trust
|
Creates a host-based trust relationship for the specified host.
|
access delete trust
|
Removes a host-based trust relationship for the specified host.
|
access get trusts
|
Requests a list of hosts involved in trust relationships with the SP.
|
Access Add Trust Subcommand
Description: Creates a host-based trust relationship for the specified host. Adding host-based trusts provides many-to-one scripting solutions. Once a host equivalence relationship has been created with a client, users on that client can remotely execute commands on the SP without being prompted for a password, provided one of the following conditions is met:
- their login on the client has the same user name as a local user on the SP
- their login on the client is in a directory-service group that is mapped to an SP administrative group
Format
Command format:
access add trust {-c | --client} HOST {-k | --keyfile} PUBLIC KEY FILE
TABLE B-20 lists the arguments for this subcommand.
TABLE B-20 Arguments for Subcommand access add trust
Arguments
|
Description
|
{-c | --client}
|
Specifies the host for which to create the relationship.
|
{-k | --keyfile}
|
Specifies the public key file.
|
If the login is authorized through a mapping of a directory-service group, the ssh command is executed as the proxy user on the SP, either rmonitor, radmin or rmanager.
Support is available for SSH protocol version 2 key types (RSA or DSA) only.
If DNS is enabled on the SP, the client machine must be specified with its DNS name, (and not the IP address).
Generating Host Keys
The host's ssh install should generate the host keys. If it does not, follow these steps to manually generate the key pair:
1. Enter the following command:
ssh-keygen -q -t rsa -f rsa_key -C '' -N ''
2. Copy rsa_key to /etc/ssh/ssh_host_rsa_key.
3. Ensure that only root has read or write permission to this file. The rsa_key.pub file is the file you will transfer to the SP.
Note - Only protocol version 2 key types and 1024 bit key sizes (the default generated by ssh-keygen) are supported.
|
4. Copy the host's public key (the rsa_key.pub file) to the SP using scp (secure copy) or by copying the host key to an external file system that has been mounted on the SP.
Note - Use scp to copy the files to either /tmp or to your home directory. The sp commands will then install the file specified on the command line to /pstore.
|
Note - If DNS is enabled on the SP, you must specify the client that is used in the trust commands with its DNS name (and not the IP address).
|
Return Codes
TABLE B-21 lists the return codes for this subcommand.
TABLE B-21 Return Codes for Subcommand access add trust
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_FileError
|
18
|
FileFile open, file missing, or a read or write error occurred.
|
NWSE_Exist
|
19
|
Entity (user, service or other) already exists.
|
Access Delete Trust Subcommand
Description: Removes a host-based trust relationship for the specified host.
Format
Command format:
access delete trust CLIENT HOSTNAME [-a | --all] [-q | --quiet]
TABLE B-22 lists the arguments for this subcommand.
TABLE B-22 Arguments for Subcommand access delete trust
Argument
|
Description
|
CLIENT HOSTNAME
|
Specifies the name of the client to remove.
|
[-a | --all]
|
Removes all trust relationships.
|
[-q | --quiet]
|
If the trust relationship to delete is not found, this argument specifies that no error be returned.
|
Return Codes
TABLE B-23 lists the return codes for this subcommand.
TABLE B-23 Return Codes for Subcommand access delete trust
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_DeviceError
|
25
|
Error deleting trusted host. Insufficient space in /tmp.
|
Access Get Trusts Subcommand
Description: Requests a list of hosts involved in trust relationships with the SP.
Format
Command format:
access get trusts
Return Codes
TABLE B-24 lists the return codes for this subcommand.
TABLE B-24 Return Codes for Subcommand access get trusts
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Public Key Subcommands
The subcommands listed in TABLE B-25 allow you to manage public keys and public-key users.
TABLE B-25 Access Public Key Subcommands
Subcommand
|
Description
|
access add public key
|
Installs a public key for SSH authentication.
|
access get public key users
|
Determines which users have public keys installed.
|
access delete public key
|
Removes a user's public key.
|
Access Add Public Key Subcommand
Description: Installs a public key for SSH authentication which enables SSH logins and remote command execution without being prompted for a password. You must first generate a key pair (RSA or DSA) which you can generate using the ssh-keygen command included with OpenSSH.
- Only local users can install public keys (not users who gain authorization through a mapping of a directory-services group)
- Managers can add keys for any local user.
- Up to 10 users can install public keys; one key per user.
- The maximum key length supported is 4096 bits.
Format
Command format:
access add public key {-k | --keyfile} PUBLIC_KEY_FILE [-u | --user] USER
TABLE B-26 lists the arguments for this subcommand.
TABLE B-26 Arguments for Subcommand access add public key
Arguments
|
Description
|
{-k | --keyfile}
|
Specifies the user's public RSA or DSA key.
|
{-u | --user}
|
Specifies the user for which this key will be installed. The default is the current user if no user is specified.
|
Return Codes
TABLE B-27 lists the return codes for this subcommand.
TABLE B-27 Return Codes for Subcommand access add public key
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid. The group specified with -g is an invalid local SP administrative group or the length of the username or password exceeds the maximum length.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_Exist
|
19
|
The user already exists.
|
NWSE_LimitExceeded
|
26
|
Limit has been exceeded.
|
Access Get Public Key Users Subcommand
Description: Determines which users have public keys installed.
Format
Command format:
access get public key users
Return Codes
TABLE B-28 lists the return codes for this subcommand.
TABLE B-28 Return Codes for Subcommand access get public key users
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Delete Public Key Subcommand
Description: All users can execute this command to remove their own public key. Manager-level users can execute this command to remove the public key for any user.
Format
Command format:
access delete public key [-u | --user] USER [-a | --all] [-q | --quiet]
TABLE B-29 lists the arguments for this subcommand.
TABLE B-29 Arguments for Subcommand access delete public key
Arguments
|
Description
|
[-u | --user]
|
The user whose public key will be removed. Defaults to the current user If USER is not specified. This argument is repeatable to remove multiple public keys at one time.
|
[-a | --all]
|
Removes all public keys.
|
[-q | --quiet]
|
If the user to delete is not found, this argument specifies that no error be returned.
|
Return Codes
TABLE B-30 lists the return codes for this subcommand.
TABLE B-30 Return Codes for Subcommand access delete public key
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access User Subcommands
The subcommands listed in TABLE B-31 allow you to manage a single user or group of users.
TABLE B-31 Access User Subcommands
Subcommand
|
Description
|
access add user
|
Adds the specified local user to the specified group.
|
access delete user
|
Deletes the specified user.
|
access get users
|
Retrieves all the users in an administrative group or all users in all groups.
|
access update password
|
Updates the password of the specified user.
|
access update user
|
Updates the login information for the specified user.
|
Access Add User Subcommand
Description: Adds the specified local user to the specified group with the specified user ID and password.
Format
Command format:
access add user {-p | --password} PASSWORD {-g | --group} GROUP {-u | --user} USERNAME
TABLE B-32 lists the arguments for this subcommand.
TABLE B-32 Arguments for Subcommand access add user
Arguments
|
Description
|
{-p | --password}
|
Specifies the password for the new user. The password is optional and if not specified, a prompt displays requesting confirmation.
|
{-g | --group}
|
Specifies the group to which the new user will belong.
|
{-u | --user}
|
Specifies the name of the new user to add. This argument is repeatable to add multiple users at one time.
|
Return Codes
TABLE B-33 lists the return codes for this subcommand.
TABLE B-33 Return Codes for Subcommand access add user
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid. The group specified with -g is an invalid local SP administrative group or the length of the user name or password exceeds the maximum length.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
NWSE_Exist
|
19
|
The user already exists.
|
Access Delete User Subcommand
Description: Deletes a user:
Format
Command format:
access delete user USERNAME [-a | --all] [-q | --quiet]
TABLE B-34 lists the arguments for this subcommand.
TABLE B-34 Arguments for Subcommand access delete user
Argument
|
Description
|
USERNAME
|
Specifies the name of the user to remove. This argument is repeatable to remove multiple users at one time.
|
[-a | --all]
|
Removes all user accounts. The manager-level user executing the command is not removed.
|
[-q | --quiet]
|
If the user to delete is not found, this argument specifies that no error be returned.
|
Return Codes
TABLE B-35 lists the return codes for this subcommand.
TABLE B-35 Return Codes for Subcommand access delete user
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Specified user was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Get Users Subcommand
Description: Retrieves all the local users in an administrative group.
Format
Command format:
access get users {-g | --group} [{-H | noheader}][{-D | --delim <DELIMITER>}]
TABLE B-36 lists the arguments for this subcommand.
TABLE B-36 Arguments for Subcommand access get users
Argument
|
Description
|
{-g | --group}
|
Specifies that group from which to retrieve all users.
|
{ -H | --noheader }
|
Specifies that column headings should be suppressed.
|
{ -D | --delim }
|
Specifies to delimit columns with the specified delimiter. Headings are also delimited unless suppressed. The delimiter can be any character or string.
|
Return Codes
TABLE B-37 lists the return codes for this subcommand.
TABLE B-37 Return Codes for Subcommand access get users
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
Access Update Password Subcommand
Note - This command is for managers to change other users' passwords; all users can change their own passwords.
|
Description: Changes the password of an existing user.
Format
Command format:
access update password {-p | --password} PASSWORD {u | --user} USER
TABLE B-38 lists the arguments for this subcommand.
TABLE B-38 Arguments for Subcommand access update password
Argument
|
Description
|
{-u | --user}
|
The name of the user whose password you wish to update. If a username is not specified, the current user is implied. You must have manager-level access to change another user's password. This argument is repeatable to update multiple user's passwords at one time.
|
{-p | --password}
|
The user's new password. If a password is not specified, a prompt appears to enter the password and again to confirm the password.
|
Return Codes
TABLE B-39 lists the return codes for this subcommand.
TABLE B-39 Return Codes for Subcommand access update password
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_InvalidArgument
|
4
|
One or more arguments were incorrect or invalid.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Access Update User Subcommand
Description: Updates the login information (password or group) for the user.
Format
Command format:
access update user {-u | --user} USER {-p | --password} PASSWORD {-g | --group} GROUP
TABLE B-40 lists the arguments for this subcommand.
Note - The -p and -g arguments are optional but you must specify at least one.
|
TABLE B-40 Arguments for Subcommand access update user
Argument
|
Description
|
{-u | --user}
|
The name of the user to update.
|
{-p | --password}
|
The user's new password. The -p and -g options are optional but you must specify at least one.
|
{-g | --group}
|
The new group to which to reassign to the user. The -p and -g options are optional but you must specify at least one.
|
Return Codes
TABLE B-41 lists the return codes for this subcommand.
TABLE B-41 Return Codes for Subcommand access update user
Return Code
|
ID
|
Description
|
NWSE_Success
|
0
|
Command successfully completed.
|
NWSE_InvalidUsage
|
1
|
Invalid usage: bad parameter usage, conflicting options specified.
|
NWSE_RPCTimeout
|
2
|
Request was issued, but was not serviced by the server. RPC procedure timed out and the request may or may not have been serviced by the server.
|
NWSE_RPCNotConnected
|
3
|
Unable to connect to the RPC server.
|
NWSE_NotFound
|
5
|
Entity (user, service, file, path or other) was not found.
|
NWSE_NoPermission
|
6
|
Not authorized to perform this operation.
|
Sun Fire V20z and Sun Fire V40z Servers--Server Management Guide
|
817-5249-12
|
|
Copyright © 2004, Sun Microsystems, Inc. All Rights Reserved.