diff options
Diffstat (limited to 'client/wallet.1')
| -rw-r--r-- | client/wallet.1 | 58 |
1 files changed, 41 insertions, 17 deletions
diff --git a/client/wallet.1 b/client/wallet.1 index 0e02fe9..959105d 100644 --- a/client/wallet.1 +++ b/client/wallet.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14) +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26) .\" .\" Standard preamble: .\" ======================================================================== @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "WALLET 1" -.TH WALLET 1 "2010-08-25" "0.12" "wallet" +.TH WALLET 1 "2013-03-27" "1.0" "wallet" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -260,30 +260,37 @@ options and commands are ignored. .SH "COMMANDS" .IX Header "COMMANDS" As mentioned above, most commands are only available to wallet -administrators. The exceptions are \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, -\&\f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. All -of those commands have their own ACLs except \f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, -which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`setattr\*(C'\fR, which uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0. -If the appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has -access. Otherwise, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, and -\&\f(CW\*(C`history\*(C'\fR access is permitted if the user is authorized by the owner \s-1ACL\s0 -of the object. +administrators. The exceptions are \f(CW\*(C`acl check\*(C'\fR, \f(CW\*(C`check\*(C'\fR, \f(CW\*(C`get\*(C'\fR, +\&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, +\&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by +anyone. All of the rest of those commands have their own ACLs except +\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which +uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0 +depending on whether one is setting or retrieving the comment. If the +appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access. +Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, +\&\f(CW\*(C`history\*(C'\fR, and \f(CW\*(C`comment\*(C'\fR access is permitted if the user is authorized +by the owner \s-1ACL\s0 of the object. .PP Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR -and \f(CW\*(C`store\*(C'\fR. For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`show\*(C'\fR, they must still be authorized by +and \f(CW\*(C`store\*(C'\fR. For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0. .PP If the locked flag is set on an object, no commands can be run on that object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR command be used on that object. \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`history\*(C'\fR, \f(CW\*(C`getacl\*(C'\fR, -\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR or \f(CW\*(C`expires\*(C'\fR without an argument can still be -used on that object. +\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR, \f(CW\*(C`expires\*(C'\fR, or \f(CW\*(C`comment\*(C'\fR without an argument +can still be used on that object. .PP For more information on attributes, see \s-1ATTRIBUTES\s0. .IP "acl add <id> <scheme> <identifier>" 4 .IX Item "acl add <id> <scheme> <identifier>" -Adds an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be +Add an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be either the name of an \s-1ACL\s0 or its numeric identifier. +.IP "acl check <id>" 4 +.IX Item "acl check <id>" +Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists. If it does, prints +\&\f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR. .IP "acl create <name>" 4 .IX Item "acl create <name>" Create a new, empty \s-1ACL\s0 with name <name>. When setting an \s-1ACL\s0 on an @@ -335,6 +342,14 @@ already exist. .IX Item "check <type> <name>" Check whether an object of type <type> and name <name> already exists. If it does, prints \f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR. +.IP "comment <type> <name> [<comment>]" 4 +.IX Item "comment <type> <name> [<comment>]" +If <comment> is not given, displays the current comment for the object +identified by <type> and <name>, or \f(CW\*(C`No comment set\*(C'\fR if none is set. +.Sp +If <comment> is given, sets the comment on the object identified by +<type> and <name> to <comment>. If <comment> is the empty string, clears +the comment. .IP "create <type> <name>" 4 .IX Item "create <type> <name>" Create a new object of type <type> with name <name>. With some backends, @@ -507,6 +522,18 @@ implementation detail and the default (\f(CW\*(C`wallet\*(C'\fR) should be fine. sometimes be useful to use a different prefix for testing a different version of the wallet code on the server. The \fB\-c\fR command-line option overrides this setting. +.SH "AUTHOR" +.IX Header "AUTHOR" +Russ Allbery <rra@stanford.edu> +.SH "COPYRIGHT AND LICENSE" +.IX Header "COPYRIGHT AND LICENSE" +Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the +Leland Stanford Junior University +.PP +Copying and distribution of this file, with or without modification, are +permitted in any medium without royalty provided the copyright notice and +this notice are preserved. This file is offered as-is, without any +warranty. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fIkadmin\fR\|(8), \fIkinit\fR\|(1), \fIkrb5.conf\fR\|(5), \fIremctl\fR\|(1), \fIremctld\fR\|(8) @@ -516,6 +543,3 @@ from <http://www.eyrie.org/~eagle/software/wallet/>. .PP \&\fBwallet\fR uses the remctl protocol. For more information about remctl, see <http://www.eyrie.org/~eagle/software/remctl/>. -.SH "AUTHOR" -.IX Header "AUTHOR" -Russ Allbery <rra@stanford.edu> |