Lists information about the least-privilege (LP) resources on one or more nodes in a domain.
lslpcmd [ –A | resource_name1 [ , resource_name2 , … ] | –R RunCmdName1 [ , RunCmdName2 , … ] ] [-h] [-TV]
lslpcmd -a [ –A | resource_name1 [ , resource_name2 , … ] | –R RunCmdName1 [ , RunCmdName2 , … ] ] [-h] [-TV]
lslpcmd -n host1 [,host2,…] [ –A | resource_name1 [ , resource_name2 , … ] | –R RunCmdName1 [ , RunCmdName2 , … ] ] [-h] [-TV]
The lslpcmd command displays information about LP resources on one or more nodes in a domain. LP resources are root commands or scripts to which users are granted access based on permissions in the LP access control lists (ACLs). Use this command to display the attributes of one or more LP commands by specifying the resource_name1,[resource_name2,…] parameter. If you omit this parameter, the lslpcmd command lists the names of all of the LP commands. Use the –A flag to list all of the LP commands and all of their attributes and values. Use the –R flag to list one or more LP resources that have a particular RunCmdName value.
Field | Description |
---|---|
Name | The name of the LP resource. |
CommandPath | The fully-qualified path of the LP resource. |
Description | A description of the LP resource. |
Lock | The lock setting. Valid values are: 0 (the lock is not set) and 1 (the lock is set). |
CheckSum | The CheckSum value of the LP resource to which CommandPath points. The LP resource manager assigns a value of 0 if the LP resource does not exist or if the user did not update the CheckSum value after the LP resource was made available. |
RunCmdName | The LP resource name that is used as a parameter with the runlpcmd command. |
FilterScript | The path to the filter script. |
FilterArg | The list of arguments to pass to FilterScript. |
This command runs on any node. If you want this command to run on all of the nodes in a domain, use the -a flag. If you want this command to run on a subset of nodes in a domain, use the -n flag. Otherwise, this command runs on the local node.
The lslpcmd command runs once for the first valid scope that the LP resource manager finds.
As an alternative, the Resource ACL can direct the use of the Resource Shared ACL if this permission exists in the Resource Shared ACL.
If this environment variable is not set, local scope is used.
This command is part of the Reliable Scalable Cluster Technology (RSCT) fileset for AIX®.
When the -h flag is specified, this command's usage statement is written to standard output. When the -V flag is specified, this command's verbose messages are written to standard output.
All trace messages are written to standard error.
lslpcmd
The output will look like this:
lpcommand1
lpcommand2
lslpcmd -A
The output will look
like this: Name=lpcommand1
CommandPath=/tmp/my_command
Description=
Lock=1
CheckSum=112
RunCmdName=lpcommand1
FilterScript=
FilterArg=
----------------------------------
Name=lpcommand2
CommandPath=/tmp/cmds/this_command
Description=
Lock=0
CheckSum=0
RunCmdName=lpcommand2
FilterScript=
FilterArg=
----------------------------------
lslpcmd lpcommand1
The
output will look like this: Name=lpcommand1
CommandPath=/tmp/my_command
Description=
Lock=1
CheckSum=100
RunCmdName=lpcommand1
FilterScript=
FilterArg=
lslpcmd -R rpower
The
output will look like this: Name=lpcommand1
CommandPath=/opt/csm/bin/rpower
Description=
Lock=1
CheckSum=112
RunCmdName=rpower
FilterScript=/tmp/test1
FilterArg=node1,node2,node3
-------------------------------
Name=lpcommand2
CommandPath=/opt/csm/bin/rpower
Description=
Lock=0
CheckSum=112
RunCmdName=rpower
FilterScript=/tmp/test1
FilterArg=node4,node5,node6
-------------------------------
⋮