adminrole(1M)

adminrole -- display, add, change, delete roles in the TFM database

Synopsis

adminrole [-n] [-a [cmd:path[:priv[:priv ...]][,...]] role ...

adminrole [-a [cmd:path[:priv[:priv ...]][, ...]] role ... [-r cmd[:priv[:priv ...]][, ...]] role ...

adminrole [-d] role ...

adminrole

Description

The adminrole command allows administrators to display, add, change, and delete roles in the Trusted Facility Management database. The TFM database is the vehicle through which unprivileged user processes run privileged commands.

A role contains a list of commands. Each command contains a (possibly empty) list of privileges. The tfadmin command will use these privileges to set up its process before it invokes this command for a member of the role. The adminrole command has the following options:

-n: For every role in the list, create a new role description.
-a: Add a command to a role, add the role to the database if it does not already exist.
-r: Remove a command from a role or remove privileges from a command within a role.
-d: Delete a role.
No options: List the contents of the specified roles.
No Arguments: List the contents of all roles in the database.

The adminrole command takes as its arguments the list of roles to which the actions specified by the options applies. The argument to the -a or -r option is a comma-separated list of command descriptions. For the -a option, the command description includes the name of the command to be added, the full path at which the command file resides, and the privilege set, represented by a colon-separated list of privilege names (for example, mount:/etc/mount:macread:mount). There is no limit on the length of the path name; however, / (``root'' or ``slash'') alone may not be specified.

The command description for the -r option is the same as for the -a option except that the full path and the separating colon are not given (for example, mount:macread:mount).

If users in the specified role(s) get no privilege when they invoke the command, the privilege description may be omitted; that is, if the definition to be removed does not have any privileges associated with it (it merely provides an alias for the command), then you do not have to specify privileges when removing that definition.

Note that in any case when you use the -r option and you do not specify privileges, the definition is removed entirely from that role. Future attempts to use that command in that role with tfadmin will return errors. If you do specify privileges, then only those privileges are removed from the definition. This can leave you with a definition that has no privilege associated with it. In this case, users in that role can run the command with tfadmin, but will gain no privileges by doing so. The command will function solely as an alias for the path provided in the definition.

The -n and -r options may not be used together. Doing so will cause an error, since incompatible options have been specified.

If the -d is used in an attempt to delete a non-existent role, an error will result.

Diagnostics

This command exits with a 0 if all requested operations succeeded, 1 if any operation failed.

The following diagnostic messages are printed by adminrole:

command name ``cmd'' already exists
role name ``role'' already exists
undefined role name ``role''
process privilege ``priv'' does not exist in command ``cmd''
insufficient command specification: ``string''
full command pathname must be specified
duplicate process privilege: ``priv''
cannot add role ``role''
cannot alter role ``role''
role ``role'' currently being changed, try again later
cannot remove role ``role''
cannot change command ``cmd''
full path to TFM database must be specified
undefined command name ``cmd''
TFM database does not exist
cannot initialize TFM database
improper command name: ``string''
invalid process privilege: ``string''
unrecognized privilege number: ``number''
incompatible options specified

References

adminuser(1M), intro(2), tfadmin(1M)