summaryrefslogtreecommitdiff
path: root/server/wallet-backend.8
diff options
context:
space:
mode:
Diffstat (limited to 'server/wallet-backend.8')
-rw-r--r--server/wallet-backend.871
1 files changed, 53 insertions, 18 deletions
diff --git a/server/wallet-backend.8 b/server/wallet-backend.8
index 1ecad1a..980455f 100644
--- a/server/wallet-backend.8
+++ b/server/wallet-backend.8
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.14)
+.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.26)
.\"
.\" Standard preamble:
.\" ========================================================================
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "WALLET-BACKEND 8"
-.TH WALLET-BACKEND 8 "2010-08-25" "0.12" "wallet"
+.TH WALLET-BACKEND 8 "2013-03-27" "1.0" "wallet"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -161,16 +161,17 @@ syslog.
.SH "COMMANDS"
.IX Header "COMMANDS"
Most commands are only available to wallet administrators (users on the
-\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0). The exceptions are \f(CW\*(C`autocreate\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR,
-\&\f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
-and \f(CW\*(C`history\*(C'\fR. All of those commands have their own ACLs except
-\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`setattr\*(C'\fR,
-which uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0. If the appropriate \s-1ACL\s0 is set, it alone is
-checked to see if the user has access. Otherwise, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR,
-\&\f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR access is permitted if the
-user is authorized by the owner \s-1ACL\s0 of the object. \f(CW\*(C`autocreate\*(C'\fR is
-permitted if the user is listed in the default \s-1ACL\s0 for an object for that
-name.
+\&\f(CW\*(C`ADMIN\*(C'\fR \s-1ACL\s0). The exceptions are \f(CW\*(C`acl check\*(C'\fR, \f(CW\*(C`check\*(C'\fR, \f(CW\*(C`get\*(C'\fR,
+\&\f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`flag clear\*(C'\fR, \f(CW\*(C`flag set\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR,
+\&\f(CW\*(C`setattr\*(C'\fR, and \f(CW\*(C`history\*(C'\fR. \f(CW\*(C`acl check\*(C'\fR and \f(CW\*(C`check\*(C'\fR can be run by
+anyone. All of the rest of those commands have their own ACLs except
+\&\f(CW\*(C`getattr\*(C'\fR and \f(CW\*(C`history\*(C'\fR, which use the \f(CW\*(C`show\*(C'\fR \s-1ACL\s0, \f(CW\*(C`setattr\*(C'\fR, which
+uses the \f(CW\*(C`store\*(C'\fR \s-1ACL\s0, and \f(CW\*(C`comment\*(C'\fR, which uses the owner or \f(CW\*(C`show\*(C'\fR \s-1ACL\s0
+depending on whether one is setting or retrieving the comment. If the
+appropriate \s-1ACL\s0 is set, it alone is checked to see if the user has access.
+Otherwise, \f(CW\*(C`destroy\*(C'\fR, \f(CW\*(C`get\*(C'\fR, \f(CW\*(C`store\*(C'\fR, \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`getattr\*(C'\fR, \f(CW\*(C`setattr\*(C'\fR,
+\&\f(CW\*(C`history\*(C'\fR, and \f(CW\*(C`comment\*(C'\fR access is permitted if the user is authorized
+by the owner \s-1ACL\s0 of the object.
.PP
Administrators can run any command on any object or \s-1ACL\s0 except for \f(CW\*(C`get\*(C'\fR
and \f(CW\*(C`store\*(C'\fR. For \f(CW\*(C`get\*(C'\fR and \f(CW\*(C`store\*(C'\fR, they must still be authorized by
@@ -179,14 +180,18 @@ either the appropriate specific \s-1ACL\s0 or the owner \s-1ACL\s0.
If the locked flag is set on an object, no commands can be run on that
object that change data except the \f(CW\*(C`flags\*(C'\fR commands, nor can the \f(CW\*(C`get\*(C'\fR
command be used on that object. \f(CW\*(C`show\*(C'\fR, \f(CW\*(C`history\*(C'\fR, \f(CW\*(C`getacl\*(C'\fR,
-\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR or \f(CW\*(C`expires\*(C'\fR without an argument can still be
-used on that object.
+\&\f(CW\*(C`getattr\*(C'\fR, and \f(CW\*(C`owner\*(C'\fR, \f(CW\*(C`comment\*(C'\fR, or \f(CW\*(C`expires\*(C'\fR without an argument
+can still be used on that object.
.PP
For more information on attributes, see \s-1ATTRIBUTES\s0.
.IP "acl add <id> <scheme> <identifier>" 4
.IX Item "acl add <id> <scheme> <identifier>"
-Adds an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be
+Add an entry with <scheme> and <identifier> to the \s-1ACL\s0 <id>. <id> may be
either the name of an \s-1ACL\s0 or its numeric identifier.
+.IP "acl check <id>" 4
+.IX Item "acl check <id>"
+Check whether an \s-1ACL\s0 with the \s-1ID\s0 <id> already exists. If it does, prints
+\&\f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR.
.IP "acl create <name>" 4
.IX Item "acl create <name>"
Create a new, empty \s-1ACL\s0 with name <name>. When setting an \s-1ACL\s0 on an
@@ -226,6 +231,14 @@ object will be created with that default \s-1ACL\s0 set as the object owner.
.IX Item "check <type> <name>"
Check whether an object of type <type> and name <name> already exists. If
it does, prints \f(CW\*(C`yes\*(C'\fR; if not, prints \f(CW\*(C`no\*(C'\fR.
+.IP "comment <type> <name> [<comment>]" 4
+.IX Item "comment <type> <name> [<comment>]"
+If <comment> is not given, displays the current comment for the object
+identified by <type> and <name>, or \f(CW\*(C`No comment set\*(C'\fR if none is set.
+.Sp
+If <comment> is given, sets the comment on the object identified by
+<type> and <name> to <comment>. If <comment> is the empty string, clears
+the comment.
.IP "create <type> <name>" 4
.IX Item "create <type> <name>"
Create a new object of type <type> with name <name>. With some backends,
@@ -346,12 +359,34 @@ This attribute is ignored if the \f(CW\*(C`unchanging\*(C'\fR flag is set on a k
Keytabs retrieved with \f(CW\*(C`unchanging\*(C'\fR set will contain all keys present in
the \s-1KDC\s0 for that Kerberos principal and therefore may contain different
enctypes than those requested by this attribute.
+.SH "AUTHOR"
+.IX Header "AUTHOR"
+Russ Allbery <rra@stanford.edu>
+.SH "COPYRIGHT AND LICENSE"
+.IX Header "COPYRIGHT AND LICENSE"
+Copyright 2007, 2008, 2010, 2011, 2012, 2013 The Board of Trustees of the
+Leland Stanford Junior University
+.PP
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the \*(L"Software\*(R"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+.PP
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+.PP
+\&\s-1THE\s0 \s-1SOFTWARE\s0 \s-1IS\s0 \s-1PROVIDED\s0 \*(L"\s-1AS\s0 \s-1IS\s0\*(R", \s-1WITHOUT\s0 \s-1WARRANTY\s0 \s-1OF\s0 \s-1ANY\s0 \s-1KIND\s0, \s-1EXPRESS\s0 \s-1OR\s0
+\&\s-1IMPLIED\s0, \s-1INCLUDING\s0 \s-1BUT\s0 \s-1NOT\s0 \s-1LIMITED\s0 \s-1TO\s0 \s-1THE\s0 \s-1WARRANTIES\s0 \s-1OF\s0 \s-1MERCHANTABILITY\s0,
+\&\s-1FITNESS\s0 \s-1FOR\s0 A \s-1PARTICULAR\s0 \s-1PURPOSE\s0 \s-1AND\s0 \s-1NONINFRINGEMENT\s0. \s-1IN\s0 \s-1NO\s0 \s-1EVENT\s0 \s-1SHALL\s0
+\&\s-1THE\s0 \s-1AUTHORS\s0 \s-1OR\s0 \s-1COPYRIGHT\s0 \s-1HOLDERS\s0 \s-1BE\s0 \s-1LIABLE\s0 \s-1FOR\s0 \s-1ANY\s0 \s-1CLAIM\s0, \s-1DAMAGES\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1LIABILITY\s0, \s-1WHETHER\s0 \s-1IN\s0 \s-1AN\s0 \s-1ACTION\s0 \s-1OF\s0 \s-1CONTRACT\s0, \s-1TORT\s0 \s-1OR\s0 \s-1OTHERWISE\s0, \s-1ARISING\s0
+\&\s-1FROM\s0, \s-1OUT\s0 \s-1OF\s0 \s-1OR\s0 \s-1IN\s0 \s-1CONNECTION\s0 \s-1WITH\s0 \s-1THE\s0 \s-1SOFTWARE\s0 \s-1OR\s0 \s-1THE\s0 \s-1USE\s0 \s-1OR\s0 \s-1OTHER\s0
+\&\s-1DEALINGS\s0 \s-1IN\s0 \s-1THE\s0 \s-1SOFTWARE\s0.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
\&\fIWallet::Server\fR\|(3), \fIremctld\fR\|(8)
.PP
This program is part of the wallet system. The current version is
available from <http://www.eyrie.org/~eagle/software/wallet/>.
-.SH "AUTHOR"
-.IX Header "AUTHOR"
-Russ Allbery <rra@stanford.edu>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 20:07:09 +0000