pmadm(1M)
pmadm --
port monitor administration
Synopsis
pmadm -a [-p pmtag | -t type] -s svctag [-i id] -m `pmspecific`
-v `version` [-f xu] [-S "scheme"] [-y "comment"] [-z script]
pmadm -r -p pmtag -s svctag
pmadm -e -p pmtag -s svctag
pmadm -d -p pmtag -s svctag
pmadm -l [-p pmtag | -t type] [-s svctag]
pmadm -L [-p pmtag | -t type] [-s svctag]
pmadm -g -p pmtag -s svctag [-z script]
pmadm -g -s svctag -t type -z script
pmadm -c -S "scheme" [-i id] -p pmtag -s svctag
pmadm -c -i id [-S "scheme"] -p pmtag -s svctag
Description
pmadm is the administrative command for the lower level
of the Service Access Facility hierarchy, that is, for service
administration.
A port may have only one service associated with it
although the same service may be available through more than one port.
In order to uniquely identify an instance of a service the
pmadm command must
identify both the port monitor or port monitors through which the
service is available (-p or -t) and the service
(-s).
See the option descriptions
below.
pmadm performs the following functions:
-
add or remove a service
-
enable or disable a service
-
add or delete authentication scheme and user ID information
-
install or replace a per-service configuration script
-
print requested service information
Any user on the system may invoke pmadm to request
service status (-l or -L) or to print
per-service configuration scripts
(-g without the -z option).
The options have the following meanings:
-a-
Add a service.
pmadm adds
an entry for the new service
to
the port monitor's administrative file.
Because of the complexity of the options and arguments that follow
the -a option,
it may be convenient to use a command script to add services.
-c-
Used with -i or -S to
change the authentication scheme or user ID
associated with the named service.
To identify the service, both
-p and -s options
are required.
-c may be used with either
-i or -S
separately or it may be used with both options.
See -i and -S.
-d-
Disable a service.
Add ``x'' to the flag field in the entry for service
svctag in the port monitor's administrative file.
See the -f option, below, for a description of the flags
available.
-e-
Enable a service.
Remove ``x'' from the flag field in the entry for service
svctag in the port monitor administrative file.
See the -f option, below, for a description of the flags
available.
-f xu-
Used with the -a option.
The -f option
specifies one or both of the two flags listed below.
The flags are then
included in the flag
field of the port monitor administrative file entry for the new service.
If the -f option is not included, no flags are set
and the default conditions prevail.
By default, a new service is enabled and no utmp entry
is created for it.
A -f option without a following argument is illegal.
x-
Disable the service svctag available through
port monitor pmtag. When x is present in the
flag field, the service is no started until
explicitly enabled.
u-
Create a utmp entry for service svctag available through
port monitor pmtag.
-g-
Used with the options described below,
the -g option prints, installs, or replaces a per-service
configuration script.
-g -p pmtag -s svctag-
Prints the per-service configuration script
for service svctag available
through port monitor pmtag.
-g -p pmtag -s svctag -z script-
Installs the per-service configuration
script contained in the file script
as the per-service
configuration script for service svctag available through
port monitor pmtag.
-g -s svctag -t type -z script-
Installs
the file script as the per-service
configuration script for service
svctag available through any port monitor of type type.
Other combinations of options with -g are invalid.
-i id-
Used with -a or -c.
id is the identity that is to be assigned to service
svctag when it is started.
id must be an entry in /etc/passwd.
The -i argument is optional
when a service is being added (that is, with the -a option).
If the -i option is omitted, the port monitor determines
the user ID from information supplied
by the authentication scheme.
If the -i option is omitted and no authentication scheme is specified,
an error is returned when the service is executed.
When the user ID is specified using -i and an
authentication scheme
is also specified,
the port monitor performs the authentication using the scheme-supplied identity.
The identity specified by the -i option
takes precedence when the service is invoked.
Used with the -c option,
the argument to -i replaces the user ID in the
port monitor-generic
field of the port monitor administrative file entry for the named service.
If id is not the null string, pmadm
ensures that it is a valid user ID on the machine.
Changing a user ID to the null string (``'')
removes the ID from the
port monitor administrative file entry for the service.
-l-
The -l option requests service information.
Used by itself and with the options described below it
provides a filter for extracting information in several
different groupings.
-l-
By itself, the -l option lists all services on the system.
-l -p pmtag-
Lists all services available through port monitor pmtag.
-l -s svctag-
Lists all services with tag svctag.
-l -p pmtag -s svctag-
Lists service svctag available through the port monitor pmtab.
-l -t type-
Lists all services available through port monitors of type type.
-l -t type -s svctag-
Lists all services
with tag svctag
available through a port monitor of
type type.
Other combinations of options with -l are invalid.-
-L-
The -L option is identical to the -l
option except
that output is printed in a condensed format and without column headers.
-m `pmspecific`-
pmspecific is a port monitor-specific command.
Every port monitor running under the Service Access Facility must have such a command to
supply information for the port monitor-specific field of the
port monitor administrative file entry for the service.
The command and its options are enclosed in back quotes (`).
See
ttyadm(1M),
the port monitor-specific command for ttymon, and
nlsadmin(1M),
the port monitor-specific command for listen.
-p pmtag-
Specifies the tag associated with the port monitor
through which a service (specified as -s svctag)
is available.
-r-
Remove a service.
When pmadm removes a service,
the entry for the service is removed
from the port monitor's administrative file.
-s svctag-
Specifies the service tag associated with a given service.
The service tag is assigned by the system administrator
and is part of the entry for the service in the port monitor's
administrative file.
-S "scheme"-
Used with -a or -c.
The -S option
specifies the authentication scheme to be associated with svctag.
scheme may be a simple authentication scheme
name or the full pathname of the authentication scheme and can have
arguments associated with it.
Used with -c, -S replaces the authentication scheme name and
arguments in the scheme field of the port monitor's
administrative file with the new scheme name (and arguments, if any).
Changing an authentication scheme name
to the null string removes the scheme
from the port monitor administrative file entry for the service.
-t type-
Used with the -a, or -l, or -g option.
-t specifies the port monitor type.
-v `version`-
Specifies the version number of the port monitor
administrative file.
The version number may be given as
-v `pmspec -V`
where pmspec is the administrative command
for port monitor pmtag.
This command is ttyadm for ttymon and
nlsadmin for listen.
The version stamp of the port monitor is known by
the command and is returned
when pmspec is invoked with a -V option.
-y "comment"-
Associate comment with the
service
entry in the port monitor administrative file.
-z script-
Used with the -g option to specify the name
of the file that contains
the per-service configuration script.
The -z option overwrites the existing script.
It is suggested that you do the following three steps when you modify/replace
a configuration script.
First a copy of the existing script should be made (-g alone).
Then the copy should be edited.
Finally, the copy is put in place over the existing script
(-g with -z).
Output
If successful, pmadm will exit with a status of zero.
If it fails for any reason, it will exit with a nonzero status.
Options that request information write the requested information
to the standard output.
A request for information using the -l option prints
column headers and
aligns the information under the appropriate
headings.
In this format, a missing field is indicated by a hyphen.
A request for information in the
condensed format
using the -L option
prints the information in colon-separated fields;
missing fields are indicated by two successive colons.
``#'' is the comment
character.
If the id argument is specified and the user ID
given is not the null string and is not a
valid user ID on the machine,
pmadm will fail
and will print the following error message:
invalid user identity
Files
/etc/saf/pmtag/_config
/etc/saf/pmtag/svctag
/var/saf/pmtag/*
References
doconfig(3iac),
sac(1M),
sacadm(1M)
Examples
Add a service to a port monitor with tag pmtag.
Give the service the tag svctag.
Port monitor-specific information is generated by specpm.
The service defined by svctag will be invoked with identity root.
pmadm -a -p pmtag -s svctag -i root -m `specpm -a arg1 -b arg2` \
-v `specpm -V`
Add the same service to the same port monitor, but instead of specifying the user
ID root,
specify an authentication scheme (-S scheme),
which will determine the user ID.
pmadm -a -p pmtag -s svctag -S "scheme" -m `specpm -a arg1 \
-b arg2 ` -v `specpm -V`
Add a service with service tag svctag, identity guest,
and port monitor-specific information generated by specpm
to all port monitors of type type:
pmadm -a -s svctag -t type -i guest -m `specpm -a arg1 -b arg2` \
-v `specpm -V`
Remove the service svctag from port monitor pmtag:
pmadm -r -p pmtag -s svctag
Enable the service svctag available through port monitor pmtag:
pmadm -e -p pmtag -s svctag
Disable the service svctag available through port monitor pmtag:
pmadm -d -p pmtag -s svctag
List status information for all services:
pmadm -l
List status information for all services available through the port
monitor with tag ports:
pmadm -l -p ports
List the same information in condensed format:
pmadm -L -p ports
List status information for all services available through port
monitors of type listen:
pmadm -l -t listen
Print the per-service
configuration script associated with the service svctag
available through port monitor pmtag:
pmadm -g -p pmtag -s svctag
Associate authentication scheme scheme
with the service svctag on port monitor pmtag.
The service runs with user ID id:
pmadm -c -S "scheme" -i id -p pmtag -s svctag
Remove the authentication scheme from the svctag service
on port monitor pmtag:
pmadm -c -S "" -p pmtag -s svctag
A network service tag is unique for a given port monitor.
If the administrator of a server machine wants to offer a
network service with more than one authentication
scheme, a unique service tag is required for each
service/authentication scheme combination.
Similarly, if the administrator wants to change the authentication scheme
for a service, allowing a period of time when both old and new
authentication schemes are available,
then two unique service tags are required.
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004