Statistics
| Branch: | Tag: | Revision:

one / share / man / oneuser.1 @ f93e2be0

History | View | Annotate | Download (9.17 KB)

1
.\" generated with Ronn/v0.7.3
2
.\" http://github.com/rtomayko/ronn/tree/0.7.3
3
.
4
.TH "ONEUSER" "1" "July 2017" "" "oneuser(1) -- manages OpenNebula users"
5
.
6
.SH "NAME"
7
\fBoneuser\fR \- manages OpenNebula users
8
.
9
.SH "SYNOPSIS"
10
\fBoneuser\fR \fIcommand\fR [\fIargs\fR] [\fIoptions\fR]
11
.
12
.SH "OPTIONS"
13
.
14
.nf
15

    
16
 \-\-group id|name           Comma\-separated list of Groups for the new User\.
17
                           The first Group will be the main one\.
18
 \-r, \-\-read\-file           Read password from file
19
 \-\-sha1                    The password will be hashed using the sha1
20
                           algorithm
21
 \-\-ssh                     SSH Auth system
22
 \-\-x509                    x509 Auth system for x509 certificates
23
 \-k, \-\-key path_to_private_key_pem Path to the Private Key of the User
24
 \-c, \-\-cert path_to_user_cert_pem Path to the Certificate of the User
25
 \-\-driver driver           Driver to authenticate this user
26
 \-a, \-\-append              Append new attributes to the current template
27
 \-\-x509_proxy              x509 Auth system based on x509 proxy certificates
28
 \-\-proxy path_to_user_proxy_pem Path to the user proxy certificate
29
 \-\-time x                  Token duration in seconds, defaults to 36000 (10
30
                           h)\. To reset the token set time to 0\.To generate
31
                           a non\-expiring token use \-1 (not valid for ssh
32
                           and x509 tokens)\.
33
 \-\-force                   Force one_auth file rewrite
34
 \-\-stdin_password          enable stdin password
35
 \-l, \-\-list x,y,z          Selects columns to display with list command
36
 \-c, \-\-listconf conf       Selects a predefined column list
37
 \-d, \-\-delay x             Sets the delay in seconds for top command
38
 \-f, \-\-filter x,y,z        Filter data\. An array is specified with
39
                           column=value pairs\.
40
 \-\-csv                     Write table in csv format
41
 \-x, \-\-xml                 Show the resource in xml format
42
 \-n, \-\-numeric             Do not translate user and group IDs
43
 \-\-describe                Describe list columns
44
 \-\-token token_hint        The Token to be loaded\.
45
 \-\-global                  Find a global Token\.
46
 \-v, \-\-verbose             Verbose mode
47
 \-h, \-\-help                Show this message
48
 \-V, \-\-version             Show version and copyright information
49
 \-\-user name               User name used to connect to OpenNebula
50
 \-\-password password       Password to authenticate with OpenNebula
51
 \-\-endpoint endpoint       URL of OpenNebula xmlrpc frontend
52
.
53
.fi
54
.
55
.SH "COMMANDS"
56
.
57
.IP "\(bu" 4
58
create \fIusername\fR [\fIpassword\fR] Creates a new User Examples: oneuser create my_user my_password oneuser create my_user \-r /tmp/mypass oneuser create my_user my_password \-\-group users,102,testers oneuser create my_user \-\-ssh \-\-key /tmp/id_rsa oneuser create my_user \-\-ssh \-r /tmp/public_key oneuser create my_user \-\-x509 \-\-cert /tmp/my_cert\.pem valid options: group, read_file, sha1, ssh, x509, key, cert, driver
59
.
60
.IP "\(bu" 4
61
update \fIuserid\fR [\fIfile\fR] Update the template contents\. If a path is not provided the editor will be launched to modify the current content\. valid options: append
62
.
63
.IP "\(bu" 4
64
quota \fIuserid\fR [\fIfile\fR] Set the quota limits for the user\. If a path is not provided the editor will be launched to modify the current quotas\.
65
.
66
.IP "\(bu" 4
67
batchquota \fIrange|userid_list\fR [\fIfile\fR] Sets the quota limits in batch for various users\. If a path is not provided the editor will be launched to create new quotas\.
68
.
69
.IP "\(bu" 4
70
defaultquota [\fIfile\fR] Sets the default quota limits for the users\. If a path is not provided the editor will be launched to modify the current default quotas\.
71
.
72
.IP "\(bu" 4
73
umask \fIrange|userid_list\fR [\fImask\fR] Changes the umask used to create the default permissions\. In a similar way to the Unix umask command, the expected value is a three\-digit base\-8 number\. Each digit is a mask that disables permissions for the owner, group and other, respectively\.
74
.
75
.IP "" 4
76
.
77
.nf
78

    
79
If mask is not given, or if it is an empty string, the umask will
80
be unset
81
.
82
.fi
83
.
84
.IP "" 0
85

    
86
.
87
.IP "\(bu" 4
88
login [\fIusername\fR] Alias of token\-create\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
89
.
90
.IP "\(bu" 4
91
key Shows a public key from a private SSH key\. Use it as password for the SSH authentication mechanism\. valid options: key
92
.
93
.IP "\(bu" 4
94
delete \fIrange|userid_list\fR Deletes the given User
95
.
96
.IP "\(bu" 4
97
passwd \fIuserid\fR [\fIpassword\fR] Changes the given User\'s password valid options: read_file, sha1, ssh, x509, key, cert, driver
98
.
99
.IP "\(bu" 4
100
chgrp \fIrange|userid_list\fR \fIgroupid\fR Changes the User\'s primary group
101
.
102
.IP "\(bu" 4
103
addgroup \fIrange|userid_list\fR \fIgroupid\fR Adds the User to a secondary group
104
.
105
.IP "\(bu" 4
106
delgroup \fIrange|userid_list\fR \fIgroupid\fR Removes the User from a secondary group
107
.
108
.IP "\(bu" 4
109
chauth \fIuserid\fR [\fIauth\fR] [\fIpassword\fR] Changes the User\'s auth driver and its password (optional) Examples: oneuser chauth my_user core oneuser chauth my_user core new_password oneuser chauth my_user core \-r /tmp/mypass oneuser chauth my_user \-\-ssh \-\-key /home/oneadmin/\.ssh/id_rsa oneuser chauth my_user \-\-ssh \-r /tmp/public_key oneuser chauth my_user \-\-x509 \-\-cert /tmp/my_cert\.pem valid options: read_file, sha1, ssh, x509, key, cert, driver
110
.
111
.IP "\(bu" 4
112
list Lists Users in the pool valid options: list, listconf, delay, filter, csv, xml, numeric, describe
113
.
114
.IP "\(bu" 4
115
show [\fIuserid\fR] Shows information for the given User valid options: xml
116
.
117
.IP "\(bu" 4
118
encode \fIusername\fR [\fIpassword\fR] Encodes user and password to use it with ldap
119
.
120
.IP "\(bu" 4
121
passwdsearch \fIdriver\fR \fIpassword\fR Searches for users with a specific auth driver that has the given string in their password field valid options: csv, xml
122
.
123
.IP "\(bu" 4
124
token\-create [\fIusername\fR] Creates the login token for authentication\. The token can be used together with any authentication driver\. The token will be stored in $HOME/\.one/one_auth, and can be used subsequently to authenticate with oned through API, CLI or Sunstone\.
125
.
126
.IP "" 4
127
.
128
.nf
129

    
130
If <username> is ommited, it will infer it from the ONE_AUTH file\.
131

    
132
Example, request a valid token for a generic driver (e\.g\. core auth, LDAP\.\.\.):
133
  oneuser token\-create my_user \-\-time 3600
134

    
135
Example, request a group spefici token (new resources will be created in that
136
group and only resources that belong to that group will be listed):
137
  oneuser token\-create my_user \-\-group <id|group>
138

    
139
Example, generate and set a token for SSH based authentication:
140
  oneuser token\-create my_user \-\-ssh \-\-key /tmp/id_rsa \-\-time 72000
141

    
142
Example, same using X509 certificates:
143
  oneuser token\-create my_user \-\-x509 \-\-cert /tmp/my_cert\.pem
144
                        \-\-key /tmp/my_key\.pk \-\-time 72000
145

    
146
Example, now with a X509 proxy certificate
147
  oneuser token\-create my_user \-\-x509_proxy \-\-proxy /tmp/my_cert\.pem
148
                        \-\-time 72000
149
valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
150
.
151
.fi
152
.
153
.IP "" 0
154

    
155
.
156
.IP "\(bu" 4
157
token\-set [\fIusername\fR] Generates a ONE_AUTH file that contains the token\.
158
.
159
.IP "" 4
160
.
161
.nf
162

    
163
You must provide one (and only one) of the following options:
164

    
165
\-\-token <token>    searches for a token that starts with that string\. It must be
166
                   unique
167

    
168
\-\-group <id|group> returns the most durable token that provides access to that
169
                   specific group\.
170

    
171
\-\-global           returns the most durable global token (non group specific)\.
172

    
173
The argument \'username\' is optional, if omitted it is inferred from the ONE_AUTH
174
file\.
175

    
176
Example, set a token:
177
  $ oneuser token\-set my_user \-\-token 1d47
178
  export ONE_AUTH=/var/lib/one/\.one/<file>\.token; export ONE_EGID=\-1
179

    
180
You can copy & paste the output of the command and will load the proper
181
environment variables\.
182
valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password, token, global
183
.
184
.fi
185
.
186
.IP "" 0
187

    
188
.
189
.IP "\(bu" 4
190
token\-delete [\fIusername\fR] \fItoken\fR Expires a token and removes the associated ONE_AUTH file if present\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
191
.
192
.IP "\(bu" 4
193
token\-delete\-all \fIusername\fR Delete all the tokens of a user\. This command is intented to be executed by a user that has MANAGE permissions of the target user\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
194
.
195
.IP "" 0
196
.
197
.SH "ARGUMENT FORMATS"
198
.
199
.IP "\(bu" 4
200
file Path to a file
201
.
202
.IP "\(bu" 4
203
range List of id\'s in the form 1,8\.\.15
204
.
205
.IP "\(bu" 4
206
text String
207
.
208
.IP "\(bu" 4
209
groupid OpenNebula GROUP name or id
210
.
211
.IP "\(bu" 4
212
userid OpenNebula USER name or id
213
.
214
.IP "\(bu" 4
215
userid_list Comma\-separated list of OpenNebula USER names or ids
216
.
217
.IP "\(bu" 4
218
password User password
219
.
220
.IP "" 0
221
.
222
.SH "LICENSE"
223
OpenNebula 5\.4\.0 Copyright 2002\-2017, OpenNebula Project, OpenNebula Systems
224
.
225
.P
226
Licensed under the Apache License, Version 2\.0 (the "License"); you may not use this file except in compliance with the License\. You may obtain a copy of the License at http://www\.apache\.org/licenses/LICENSE\-2\.0