pmadm(1M)


pmadm -- port monitor administration

Synopsis

pmadm -a [-p pmtag | -t type] -s svctag [-i id] -m `pmspecific` -v `version` [-f xu] [-S "scheme"] [-y "comment"] [-z script]

pmadm -r -p pmtag -s svctag

pmadm -e -p pmtag -s svctag

pmadm -d -p pmtag -s svctag

pmadm -l [-p pmtag | -t type] [-s svctag]

pmadm -L [-p pmtag | -t type] [-s svctag]

pmadm -g -p pmtag -s svctag [-z script]

pmadm -g -s svctag -t type -z script

pmadm -c -S "scheme" [-i id] -p pmtag -s svctag

pmadm -c -i id [-S "scheme"] -p pmtag -s svctag

Description

pmadm is the administrative command for the lower level of the Service Access Facility hierarchy, that is, for service administration. A port may have only one service associated with it although the same service may be available through more than one port. In order to uniquely identify an instance of a service the pmadm command must identify both the port monitor or port monitors through which the service is available (-p or -t) and the service (-s). See the option descriptions below.

pmadm performs the following functions:

Any user on the system may invoke pmadm to request service status (-l or -L) or to print per-service configuration scripts (-g without the -z option).

The options have the following meanings:


-a
Add a service. pmadm adds an entry for the new service to the port monitor's administrative file. Because of the complexity of the options and arguments that follow the -a option, it may be convenient to use a command script to add services.

-c
Used with -i or -S to change the authentication scheme or user ID associated with the named service. To identify the service, both -p and -s options are required. -c may be used with either -i or -S separately or it may be used with both options. See -i and -S.

-d
Disable a service. Add ``x'' to the flag field in the entry for service svctag in the port monitor's administrative file. See the -f option, below, for a description of the flags available.

-e
Enable a service. Remove ``x'' from the flag field in the entry for service svctag in the port monitor administrative file. See the -f option, below, for a description of the flags available.

-f xu
Used with the -a option. The -f option specifies one or both of the two flags listed below. The flags are then included in the flag field of the port monitor administrative file entry for the new service. If the -f option is not included, no flags are set and the default conditions prevail. By default, a new service is enabled and no utmp entry is created for it. A -f option without a following argument is illegal.

x
Disable the service svctag available through port monitor pmtag. When x is present in the flag field, the service is no started until explicitly enabled.


u
Create a utmp entry for service svctag available through port monitor pmtag.

-g
Used with the options described below, the -g option prints, installs, or replaces a per-service configuration script.

-g -p pmtag -s svctag
Prints the per-service configuration script for service svctag available through port monitor pmtag.

-g -p pmtag -s svctag -z script
Installs the per-service configuration script contained in the file script as the per-service configuration script for service svctag available through port monitor pmtag.

-g -s svctag -t type -z script
Installs the file script as the per-service configuration script for service svctag available through any port monitor of type type.
Other combinations of options with -g are invalid.

-i id
Used with -a or -c. id is the identity that is to be assigned to service svctag when it is started. id must be an entry in /etc/passwd.

The -i argument is optional when a service is being added (that is, with the -a option). If the -i option is omitted, the port monitor determines the user ID from information supplied by the authentication scheme. If the -i option is omitted and no authentication scheme is specified, an error is returned when the service is executed. When the user ID is specified using -i and an authentication scheme is also specified, the port monitor performs the authentication using the scheme-supplied identity. The identity specified by the -i option takes precedence when the service is invoked.

Used with the -c option, the argument to -i replaces the user ID in the port monitor-generic field of the port monitor administrative file entry for the named service. If id is not the null string, pmadm ensures that it is a valid user ID on the machine. Changing a user ID to the null string (``'') removes the ID from the port monitor administrative file entry for the service.


-l
The -l option requests service information. Used by itself and with the options described below it provides a filter for extracting information in several different groupings.

-l
By itself, the -l option lists all services on the system.

-l -p pmtag
Lists all services available through port monitor pmtag.

-l -s svctag
Lists all services with tag svctag.

-l -p pmtag -s svctag
Lists service svctag available through the port monitor pmtab.

-l -t type
Lists all services available through port monitors of type type.

-l -t type -s svctag
Lists all services with tag svctag available through a port monitor of type type.

Other combinations of options with -l are invalid.

-L
The -L option is identical to the -l option except that output is printed in a condensed format and without column headers.

-m `pmspecific`
pmspecific is a port monitor-specific command. Every port monitor running under the Service Access Facility must have such a command to supply information for the port monitor-specific field of the port monitor administrative file entry for the service. The command and its options are enclosed in back quotes (`). See ttyadm(1M), the port monitor-specific command for ttymon, and nlsadmin(1M), the port monitor-specific command for listen.

-p pmtag
Specifies the tag associated with the port monitor through which a service (specified as -s svctag) is available.

-r
Remove a service. When pmadm removes a service, the entry for the service is removed from the port monitor's administrative file.

-s svctag
Specifies the service tag associated with a given service. The service tag is assigned by the system administrator and is part of the entry for the service in the port monitor's administrative file.

-S "scheme"
Used with -a or -c. The -S option specifies the authentication scheme to be associated with svctag. scheme may be a simple authentication scheme name or the full pathname of the authentication scheme and can have arguments associated with it.

Used with -c, -S replaces the authentication scheme name and arguments in the scheme field of the port monitor's administrative file with the new scheme name (and arguments, if any).

Changing an authentication scheme name to the null string removes the scheme from the port monitor administrative file entry for the service.


-t type
Used with the -a, or -l, or -g option. -t specifies the port monitor type.

-v `version`
Specifies the version number of the port monitor administrative file. The version number may be given as

-v `pmspec -V`

where pmspec is the administrative command for port monitor pmtag. This command is ttyadm for ttymon and nlsadmin for listen. The version stamp of the port monitor is known by the command and is returned when pmspec is invoked with a -V option.


-y "comment"
Associate comment with the service entry in the port monitor administrative file.

-z script

Used with the -g option to specify the name of the file that contains the per-service configuration script. The -z option overwrites the existing script. It is suggested that you do the following three steps when you modify/replace a configuration script. First a copy of the existing script should be made (-g alone). Then the copy should be edited. Finally, the copy is put in place over the existing script (-g with -z).

Output

If successful, pmadm will exit with a status of zero. If it fails for any reason, it will exit with a nonzero status.

Options that request information write the requested information to the standard output. A request for information using the -l option prints column headers and aligns the information under the appropriate headings. In this format, a missing field is indicated by a hyphen. A request for information in the condensed format using the -L option prints the information in colon-separated fields; missing fields are indicated by two successive colons. ``#'' is the comment character.

If the id argument is specified and the user ID given is not the null string and is not a valid user ID on the machine, pmadm will fail and will print the following error message: invalid user identity

Files

/etc/saf/pmtag/_config
/etc/saf/pmtag/svctag
/var/saf/pmtag/*

References

doconfig(3iac), sac(1M), sacadm(1M)

Examples

Add a service to a port monitor with tag pmtag. Give the service the tag svctag. Port monitor-specific information is generated by specpm. The service defined by svctag will be invoked with identity root.

pmadm -a -p pmtag -s svctag -i root -m `specpm -a arg1 -b arg2` \
-v `specpm -V`

Add the same service to the same port monitor, but instead of specifying the user ID root, specify an authentication scheme (-S scheme), which will determine the user ID.

pmadm -a -p pmtag -s svctag -S "scheme" -m `specpm -a arg1 \
-b arg2 ` -v `specpm -V`

Add a service with service tag svctag, identity guest, and port monitor-specific information generated by specpm to all port monitors of type type:

pmadm -a -s svctag -t type -i guest -m `specpm -a arg1 -b arg2` \
-v `specpm -V`

Remove the service svctag from port monitor pmtag:

pmadm -r -p pmtag -s svctag

Enable the service svctag available through port monitor pmtag:

pmadm -e -p pmtag -s svctag

Disable the service svctag available through port monitor pmtag:

pmadm -d -p pmtag -s svctag

List status information for all services:

pmadm -l

List status information for all services available through the port monitor with tag ports:

pmadm -l -p ports

List the same information in condensed format:

pmadm -L -p ports

List status information for all services available through port monitors of type listen:

pmadm -l -t listen

Print the per-service configuration script associated with the service svctag available through port monitor pmtag:

pmadm -g -p pmtag -s svctag

Associate authentication scheme scheme with the service svctag on port monitor pmtag. The service runs with user ID id:

pmadm -c -S "scheme" -i id -p pmtag -s svctag

Remove the authentication scheme from the svctag service on port monitor pmtag:

pmadm -c -S "" -p pmtag -s svctag

A network service tag is unique for a given port monitor. If the administrator of a server machine wants to offer a network service with more than one authentication scheme, a unique service tag is required for each service/authentication scheme combination. Similarly, if the administrator wants to change the authentication scheme for a service, allowing a period of time when both old and new authentication schemes are available, then two unique service tags are required.


© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004