authadm man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

authadm(1M)							   authadm(1M)

NAME
       authadm	- non-interactive command for administrating the authorization
       information in the RBAC databases

SYNOPSIS
       [object [comments]]
       [object]
       operation [object]
       subrole

DESCRIPTION
       is a non-interactive command that allows	 users	with  the  appropriate
       privileges to modify and list authorization information in the and RBAC
       databases files.

       HP recommends using only the and commands to edit  and  view  the  RBAC
       databases -- do not edit the RBAC files without these commands.

       See rbac(5) for more information on these RBAC databases.

   Options
       With  the  exception  of	 the  option,  all options recognize a default
       object.	If the parameter is specified with a non-empty	value  in  the
       security	 default  file,	 then  the value of this parameter will be the
       default object.	However, if the parameter does not exist or is set  to
       an empty value, then the default object will be set to a wild card (*).

       Here is how to specify a value to the parameter in

       For example: In sets the default object to If line is not present or is
       commented out, then the default object will be set to "*".

       recognizes the following options:

       Adds an authorization pair
	      (operation, object) to the system list of	 valid	authorizations
	      by appending a line to the file.

	      If  object  is  not  specified,  then  a	default object will be
	      assigned.	 The default object will either be a wild card (*)  or
	      the object specified in the security default configuration file,
	      A comment may not be specified when adding an entry that	refers
	      to  the  default	object	in The only way to add a comment to an
	      entry with the option is to specify the object explicitly.

       Deletes an authorization from the system list of valid authorizations.
	      If object is not	specified,  then  a  default  object  will  be
	      assumed.	 The  default object will either be a wild card (*) or
	      the object specified in the security default configuration file,

	      If the authorization exists in deletes the entry.	 If the speci‐
	      fied  authorization  is assigned to any roles in will remove the
	      authorization from the role.   If	 the  specified	 authorization
	      exists  in  an  entry  in	 will remove the entire entry.	If the
	      authorization does not exist in returns an error	message.   See
	      the section below for more information.

       Assigns an authorization pair
	      to  a  role.   verifies  the role exists in before verifying the
	      authorization pair exists in appends the	authorization  to  the
	      role  to	authorization mapping in if the role and authorization
	      pair exists.

	      If object is not	specified,  then  a  default  object  will  be
	      assigned.	  The default object will either be a wild card (*) or
	      the object specified in the security default configuration file,

       Assigns a role to another different role.
	      The role being assigned to the other different role is  referred
	      to as a A subrole is any valid role defined in the database.

	      The  option  allows  hierarchical	 role definition (one role can
	      inherit other subrole).  After assigning a  subrole  to  another
	      role,  that  role	 will  also have all the authorizations of the
	      subrole, and any of its subroles.	 More than one subrole can  be
	      assigned to other different role.	 verifies the role and subrole
	      exist in It also verifies that there is no recursive definitions
	      of  the role and subrole.	 (If "role1" has a subrole of "role2",
	      and if you try to "role1" to "role2", this will cause  a	recur‐
	      sive  definition of both "role1" and "role2").  appends the sub‐
	      role to the role to authorization mapping in

	      Revokes an authorization from the specified role in If no autho‐
	      rization	is  specified,	revokes all the authorizations for the
	      given role.  If object is not specified, then a  default	object
	      will  be assumed.	 The default object will either be a wild card
	      (*) or the object specified in the security  default  configura‐
	      tion file,

	      The file will be modified by the command.

	      Revokes  a subrole from the specified role in Note that the role
	      specified as the subrole is not revoked from the database,  just
	      the subrole assignment is revoked.

	      For instance, if these entries are in the database:

	      will modify the line to:

	      revokes  specified  the  authorizations  and/or  subrole for the
	      given role.

	      Note: The file will be modified by the command.

	      Invoking the list command without	 any  parameters  lists	 every
	      entry in Specifying a role name lists all the authorizations and
	      subroles assigned to that role name.   Specifying	 an  operation
	      name lists all the roles witch have that operation name.	Speci‐
	      fying a subrole name lists all the roles which have that subrole
	      name.  Specifying lists all the authorizations in the database.

   Authorizations
       In  order  to invoke the user must either be root, (running with effec‐
       tive uid of 0), or have the appropriate authorization(s).  The  follow‐
       ing  is a list of the required authorizations for running with particu‐
       lar options:

       Allows user to run
	   with option.

       Allows user to run
	   option.

       Allows user to run
	   with or option.

       Allows user to run
	   with or option.

       Allows user to run
	   with option.

EXTERNAL INFLUENCES
   Environment Variables
       determines the language in which messages are displayed.

   International Code Set Support
       Single-byte character code set is supported.

RETURN VALUE
       Success.
	    If is successful, it returns

       Failure.
	    returns and prints an appropriate error message to stderr.

EXAMPLES
       The following commands each add an  authorization  (operation,  object)
       entry in the database file:

       The following commands each delete an authorization (operation, object)
       entry from the database file:

       The following commands each assign an authorization (operation, object)
       pair to a role in database file:

       The  following  commands	 each  assign  a subrole to a role in database
       file:

       The following commands each revokes  an	operation  for	the  specified
       operation from a role in the file:

       The  following  commands each revokes a subrole from the specified role
       in the database file:

       The following command lists all the authorizations for the role:

       The following command lists all the entries with operation

       The following command lists all the entries with object

       The following command lists all the roles with their authorizations  in
       database:

FILES
       Database containing valid definitions of all roles.

       Database containing definitions of all valid authorizations.

       Database specifying the roles allowed for each specified user.

       Database defining the authorizations for each specified role.

SEE ALSO
       cmdprivadm(1M), privrun(1M), rbacdbchk(1M), roleadm(1M), rbac(5).

								   authadm(1M)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net