roleadm man page on HP-UX

Man page or keyword search:  
man Server   10987 pages
apropos Keyword Search (all sections)
Output format
HP-UX logo
[printable version]

roleadm(1M)							   roleadm(1M)

NAME
       roleadm	-  noninteractive  editing of role-related information in RBAC
       databases

SYNOPSIS
       [comments]
       [role]
DESCRIPTION
       is a noninteractive command that	 allows	 users	with  the  appropriate
       authorization to modify and list the role information in and

       See rbac(5) for information on these RBAC databases.

       HP  recommends  that only the and commands be used to edit and view the
       RBAC databases.	Do not edit the RBAC files directly.

   Options
       recognizes the following options:

       Add a role to the system list of valid roles.
	      Appends a line in file with rolename.  You can enter an optional
	      comment after the role.

       Remove a role from the system list of valid roles.
	      If  role	is  present  in remove entry.  If role is not present,
	      then returns an error code; see

       Change the name of a role.
	      This option causes a modification	 of  the  RBAC	databases  and
	      replacing each occurrence of oldrolename with newrolename.

       Assign a role to a user or a group.
	      First  verifies  that  the user is a valid user, and the role is
	      present in the file.   When  this	 is  the  case,	 the  role  is
	      appended	to  the user->role mapping in the file.	 If user argu‐
	      ment has an ampersand at the beginning (such as &users), then it
	      is assumed that what follows after the ampersand is a group name
	      - the ampersand must be shell escaped or put in quotes  such  as
	      users or "&users".

	      An administrator may specify a default set of roles by assigning
	      roles to the keyword.  If a user	is  not	 otherwise  explicitly
	      assigned	roles  in  the database, he or she will be given roles
	      assigned to the role.

       Revoke a role from the specified user.
	      If no role is specified, then all	 roles	are  revoked  for  the
	      given  user.   (The  user entry is removed from If user argument
	      has an ampersand at the beginning (such as &users), then	it  is
	      assumed  that what follows after the ampersand is a group name -
	      the ampersand must be shell escaped or put  in  quotes  such  as
	      users or "&users".

	      List user and role information from the RBAC databases, and

	      If  neither  nor	are  specified,	 then  list all the users with
	      assigned roles.

	      If is specified, then only the role(s)  of  the  specified  user
	      will be listed.  If user has an ampersand at the beginning (such
	      as &users), then it is  assumed  that  what  follows  after  the
	      ampersand	 is a group name - the ampersand must be shell escaped
	      or put in quotes such as users or "&users".  If only  is	speci‐
	      fied, then only list the user(s) assigned to the specified role.
	      If both and are specified, then the entry with the user username
	      and role rolename will be listed, if it exists.

	      If  the  specified  user	does not exist in the system and there
	      exists the special user, in the database, then the roles	listed
	      for  the specified user will be those of the user.  In the event
	      that there is more than one user defined in  the	database,  the
	      system will recognize only the last one.

	      If  is specified, then all the roles in the roles database, will
	      be listed.  When is specified, no other argument will  be	 taken
	      by

   Authorizations
       In  order  to invoke the user must either be root, (running with effec‐
       tive uid of 0), or have the appropriate authorization(s).  The  follow‐
       ing  is a list of the required authorizations for running with particu‐
       lar options:

	      hpux.security.access.role.add,*
		     Allows user to run roleadm with "add" option.

	      hpux.security.access.role.delete,*
		     Allows user to run roleadm with "delete" option.

	      hpux.security.access.role.modify,*
		     Allows user to run roleadm with "modify" option.

	      hpux.security.access.role.assign,*
		     Allows user to run roleadm with "assign" option.

	      hpux.security.access.role.revoke,*
		     Allows user to run roleadm with "revoke" option.

	      hpux.security.access.role.list,*
		     Allows user to run roleadm with "list" option.

EXTERNAL INFLUENCES
   Environment Variables
       determines the language in which messages are displayed.

   International Code Set Support
       Single-byte character code set is supported.

RETURN VALUE
       Upon completion, returns one of the following values:

	      Success.

	      Failure.
		   An appropiate error message is printed to stderr.

EXAMPLES
       The following command will append the line to file.

       The following command will append the line to the file.

       The following command will delete line in file and other databases.

       The following command will delete line from the file.

       The following command will replace role name with in and

       The following command will append line
	to file:

       The following command will remove the line from file:

       The following command will remove all the roles for user from file:

       The following command will remove all the roles	for  group  name  from
       file:

       The following command will list all the roles for user

       The following command will list all users and groups with role

       The following command will list entries with user and rolename

       The following command will list entries with group name

       The following command will list all the entries in

FILES
       Database containing valid definitions of all roles.

       Database containing definitions of all valid authorizations.

       Database specifying the roles allowed for each specified user.

       Database	 that  defines	the  allowed  authorization for each specified
       role.

       Database containing the authorization to execute specified commands
	      and the privileges to alter uid and gid for command execution.

SEE ALSO
       authadm(1M), cmdprivadm(1M), privrun(1M), rbacdbchk(1M), rbac(5).

								   roleadm(1M)
[top]

List of man pages available for HP-UX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net