2. Administrative Utilities Client
2.24 sa_admin Command-line security administration utility
The command-line version of the system administrator program, sa_admin, can be used to perform many user operations directly from shell scripts.
sa_admin [-a<adminuserid>] [-p<adminpassword>] [-f<filepassword>] [-s<servername>] <option>
option is one of the following:
Options Users
-oua Add a user account
-oud Change user account description
-oue Change user account extended settings
-oug Add a user to a group
-oul List user accounts
-oum Change user account memory limit
-oup Change user account password
-our Delete a user account
-ous Show user account information
-oux Remove a user from a group
Options Group
-oga Add a group
-ogd Change group description
-ogl List groups
-ogm Change group memory limit
-ogr Delete a group
-ogs Show group information
Options File
-ofg Change file group
-ofl List files matching filename
-ofo Change file owner
-ofp Change file password
-ofs Change file permissions
Wildcard specifiers with sa_admin
sa_admin, -ofp, -ofs, -ofg, and -ofo options support specifying filenames with wildcard
utility retrieves a list of files matching the filename wildcard specifier and executes the specified command for each file.
Retrieve a List of Filenames from the server with sa_admin
-ofl (list files) is used to list the files on the c-treeACE Server system matching the specified filename including wildcard characters.
sa_admin Support for Encrypted Password Files
The sa_admin utility supports the use of an encrypted password file. Encrypted password files are created with the ctcmdset utility and keep user IDs and passwords from plain view within script files. An encrypted password file name is specified using the command-line option:
-1 <filename>
ADMINISTRATOR OPTIONS
-a System administrator User ID. -p System administrator password.
-f Optional server system file password.
-s Optional server name.
Note: There is no space between the switch and its parameter.
USER OPTIONS
The following options, all beginning with -ou, allow changes to user information. Additional group and file options are described below.
Note: To use any optional entry, you must use all the previous entries even if they would otherwise be optional. For example, to add a user with the -oua option and specify a group, you must also enter the userid, desc, and password.
Option User Add
-oua <userid> [-d <desc>] [-w <password>] [-g <group>] [-m <memory>[<rule>]]
[-b <begdat>] [-e <enddat>] [-l <loglimit>] [-r <rsmlogon>] [-t <mstlogon>] userid: User id (required)
-d desc: Optional user description
-w password: Optional user password
-g group: Optional user group
-m memory: Optional user memory limit.
• rule: Optional user memory rule. Used only with memory. The optional <rule> is A for absolute, D for default, or G for guideline (example -m 10485760a specifies an absolute memory limit of 10 MB). NULL for Default.
-b begdat: Optional starting validity date. Specify as mm/dd/yyyy. NULL for Default.
-e enddat: Optional ending validity date. Specify as mm/dd/yyyy. NULL for Default.
-r rsmlogon is the logon block period in minutes. Specifying a value of “block” (e.g., -r block) blocks the account indefinitely (until it is unblocked by an administrator, and specifying a value of “unblock” (e.g., -r unblock) unblocks the account immediately.
-t mstlogon is the interval in minutes during the user must logon at least once, otherwise the account is blocked.
Option User Remove
-our userid
userid: User id (required)
Option User List
-oul
Option User Change Password
-oup userid password
userid: User id (required)
password: New password (required)
Option User Add user to Group
-oug userid group
userid: User id (required)
group: Group name (required)
Option User (group) Extract - Remove a user from a group.
-oux userid group
userid: User id (required)
group: Group name (required)
Option User Change Description
-oud userid desc
userid: User id (required)
desc: New user description
Option User Memory
-oum userid memory rule userid: User id (required)
memory: New memory limit. This can be a number of bytes or ‘D’ for default or left NULL for
no limit
rule: Optional user memory rule. Used only with memory. This may be ‘A’ for Absolute, ‘G’
for Guideline, ‘D’ for Default, or NULL for Default
Option User Change Extended Settings
-oue <userid> [-b <begdat>] [-e <enddat>] [-l <loglimit>] [-r <rsmlogon>] [-t <mstlogon>] userid: User id (required)
-b begdat: Optional starting validity date. Specify as mm/dd/yyyy. NULL for Default
-l loglimit: Optional maximum invalid logon attempts. 0 for Default. -1 to disable invalid logon check.
-t mstlogon: Optional must logon period, e.g., how often the user must log on to remain active. The interval in minutes during the user must logon at least once, otherwise the account is blocked. Specify as number of minutes. NULL for Default. -1 to disable must logon period.
-r rsmlogon: Optional logon timeout remaining. If a user has been denied access to the c-treeACE Server due to excessive invalid logon attempts, you can adjust the remaining user lockout time here. Specify as number of minutes. NULL to leave unchanged. Specifying a value of “block” (e.g., -r block) blocks the account indefinitely (until it is unblocked by an administrator), and specifying a value of “unblock” (e.g., -r unblock) unblocks the account immediately.
Option User Show
-ous userid
userid: User id (required)
GROUP OPTIONS
The following options, all beginning with -og, allow changes to group information. Additional user and file options are described elsewhere.
Note: To use any optional entry, you must use all the previous entries. For example, to specify a rule when adding a group with the -oga option, you must also enter the desc and memory options for the group.
Option Group Add
-oga <groupid> [-d <desc>] [-m <memory>][<rule>]] groupid: Group id (required)
-d desc: Optional group description
memory is the memory limit and the optional <rule> is A for absolute, D for default, or G for guideline (example -m 10485760a specifies an absolute memory limit of 10 MB).
Option Group Remove
-ogr groupid
groupid: Group id (required)
Option Groups List
-ogl
Option Group Change Description
-ogd groupid desc
groupid: Group id (required)
Option Group Memory
-ogm groupid [-m <memory>[<rule>]] groupid: Group id (required)
-m memory: New memory limit. memory is the memory limit
• <rule> (optional) is A for absolute, D for default, or G for guideline (example -m 10485760a specifies an absolute memory limit of 10 MB).
Option Group Show
-ogs groupid
groupid: Group id (required)
FILE OPTIONS
The following options, all beginning with -of, allow changes to file information. Additional user and group options are described elsewhere.
Option File Password
-ofp filename password
filename: File name (required)
password: File password (required)
Option File Security (permissions)
-ofs <filename> <permission> ... -ofs +|-<permission> ...
filename: File name (required)
permission: File permission mask.
To set a permission, set the byte at the corresponding offset to a value of ‘+’. To reset a specified permission, set the corresponding byte to ‘-’.
For example, the string “+++++---+++++” sets all OWNER and WORLD permissions, and clears all GROUP permissions.
This field is interpreted as a 15-byte permission mask containing owner, group, and world permissions:
(offset)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 ----OWNER---- ----GROUP---- ---WORLD---- r w f d p r w f d p r w f d p
r = Read w = Write f = define d = Delete p = noPass permission can also be one of the following:
ownerall, ownerread, ownerwrite, ownerdefine, ownerdelete, ownernopass, groupall, groupread, groupwrite, groupdefine, groupdelete, groupnopass, worldall, worldread, worldwrite, worlddefine, worlddelete, worldnopass
Options are evaluated left to right. For example, specifying -groupwrite +groupwrite has the effect of adding the groupwrite permission, and specifying +worldall -worldread turns on all world permissions except read permission.
Option File Group
-ofg filename groupid
filename: File name (required)
groupid: File group id (required)
Option File Owner
-ofo filename owner
filename: File name (required)
owner: File owner (required)
Examples of -ofs usage:
-ofs <filename> <permmask> is the same as current usage:
-ofs test.dat ++++++++++---
-ofs <filename> <permission> ... sets the file permissions to the specified permissions. The following command sets all owner and group permissions and resets all world permissions:
-ofs test.dat ownerall groupall
-ofs <filename> +|- <permission> ... adds/removes specified permissions to/from current file permissions. The following command adds the worldread permission to the current file permissions and removes the groupwrite permission from the current file permissions: