[osol-discuss] Obtaining nameservice-independent "user_attr" and "publickey" data from a shell script ?
Darren J Moffat
Darren.Moffat at Sun.COM
Fri Jan 5 03:35:22 PST 2007
Roland Mainz wrote:
> Hi!
>
> ----
>
> Is there a nameservice-independent way to obtain the values for
> "user_attr" and "publickey" from a shell script (if not I would propose
> to add a extension to "getent") ?
publickey no there isn't.
For user_attr it depends which values you want.
user_attr is a little problematic because in some cases it isn't just
user_attr you need to look at but you might then need to look at
prof_attr, auth_attr and exec_attr as well as policy.conf.
There are a couple of shell tools for some of the user_attr data.
auths(1) will tell you all the authorisations a user has from user_attr,
all included profiles and defaults from policy.conf.
profiles(1) will tell you all the profiles a user has assigned to them
from user_attr, and policy.conf and any profiles included in a profile.
roles(1) will tell you the roles a user has - currently you can only
assign a role directly in user_attr(4) but we want to change that so you
can do it as part of a profile in prof_attr(4) as well.
That still leaves:
project, defaultpriv, limitpriv, lock_after_retries,
idletime, idlecmd, labelview, clearance, min_label, type.
For the user_attr(4) database what exactly is it you are trying to do
from shell script ?
I think having a getent for each of the nsswitch databases is a good
idea but I want to be sure you are actually using the data in an
appropriate way for user_attr(4).
--
Darren J Moffat
More information about the opensolaris-discuss
mailing list