one/share/man/oneuser.1

.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "ONEUSER" "1" "June 2017" "" "oneuser(1) -- manages OpenNebula users"
.
.SH "NAME"
\fBoneuser\fR \- manages OpenNebula users
.
.SH "SYNOPSIS"
\fBoneuser\fR \fIcommand\fR [\fIargs\fR] [\fIoptions\fR]
.
.SH "OPTIONS"
.
.nf

 \-\-group id|name           Comma\-separated list of Groups for the new User\.
                           The first Group will be the main one\.
 \-r, \-\-read\-file           Read password from file
 \-\-sha1                    The password will be hashed using the sha1
                           algorithm
 \-\-ssh                     SSH Auth system
 \-\-x509                    x509 Auth system for x509 certificates
 \-k, \-\-key path_to_private_key_pem Path to the Private Key of the User
 \-c, \-\-cert path_to_user_cert_pem Path to the Certificate of the User
 \-\-driver driver           Driver to authenticate this user
 \-a, \-\-append              Append new attributes to the current template
 \-\-x509_proxy              x509 Auth system based on x509 proxy certificates
 \-\-proxy path_to_user_proxy_pem Path to the user proxy certificate
 \-\-time x                  Token duration in seconds, defaults to 36000 (10
                           h)\. To reset the token set time to 0\.To generate
                           a non\-expiring token use \-1 (not valid for ssh
                           and x509 tokens)\.
 \-\-force                   Force one_auth file rewrite
 \-\-stdin_password          enable stdin password
 \-l, \-\-list x,y,z          Selects columns to display with list command
 \-c, \-\-listconf conf       Selects a predefined column list
 \-d, \-\-delay x             Sets the delay in seconds for top command
 \-f, \-\-filter x,y,z        Filter data\. An array is specified with
                           column=value pairs\.
 \-\-csv                     Write table in csv format
 \-x, \-\-xml                 Show the resource in xml format
 \-n, \-\-numeric             Do not translate user and group IDs
 \-\-describe                Describe list columns
 \-\-token token_hint        The Token to be loaded\.
 \-\-global                  Find a global Token\.
 \-v, \-\-verbose             Verbose mode
 \-h, \-\-help                Show this message
 \-V, \-\-version             Show version and copyright information
 \-\-user name               User name used to connect to OpenNebula
 \-\-password password       Password to authenticate with OpenNebula
 \-\-endpoint endpoint       URL of OpenNebula xmlrpc frontend
.
.fi
.
.SH "COMMANDS"
.
.IP "\(bu" 4
create \fIusername\fR [\fIpassword\fR] Creates a new User Examples: oneuser create my_user my_password oneuser create my_user \-r /tmp/mypass oneuser create my_user my_password \-\-group users,102,testers oneuser create my_user \-\-ssh \-\-key /tmp/id_rsa oneuser create my_user \-\-ssh \-r /tmp/public_key oneuser create my_user \-\-x509 \-\-cert /tmp/my_cert\.pem valid options: group, read_file, sha1, ssh, x509, key, cert, driver
.
.IP "\(bu" 4
update \fIuserid\fR [\fIfile\fR] Update the template contents\. If a path is not provided the editor will be launched to modify the current content\. valid options: append
.
.IP "\(bu" 4
quota \fIuserid\fR [\fIfile\fR] Set the quota limits for the user\. If a path is not provided the editor will be launched to modify the current quotas\.
.
.IP "\(bu" 4
batchquota \fIrange|userid_list\fR [\fIfile\fR] Sets the quota limits in batch for various users\. If a path is not provided the editor will be launched to create new quotas\.
.
.IP "\(bu" 4
defaultquota [\fIfile\fR] Sets the default quota limits for the users\. If a path is not provided the editor will be launched to modify the current default quotas\.
.
.IP "\(bu" 4
umask \fIrange|userid_list\fR [\fImask\fR] Changes the umask used to create the default permissions\. In a similar way to the Unix umask command, the expected value is a three\-digit base\-8 number\. Each digit is a mask that disables permissions for the owner, group and other, respectively\.
.
.IP "" 4
.
.nf

If mask is not given, or if it is an empty string, the umask will
be unset
.
.fi
.
.IP "" 0

.
.IP "\(bu" 4
login [\fIusername\fR] Alias of token\-create\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
.
.IP "\(bu" 4
key Shows a public key from a private SSH key\. Use it as password for the SSH authentication mechanism\. valid options: key
.
.IP "\(bu" 4
delete \fIrange|userid_list\fR Deletes the given User
.
.IP "\(bu" 4
passwd \fIuserid\fR [\fIpassword\fR] Changes the given User\'s password valid options: read_file, sha1, ssh, x509, key, cert, driver
.
.IP "\(bu" 4
chgrp \fIrange|userid_list\fR \fIgroupid\fR Changes the User\'s primary group
.
.IP "\(bu" 4
addgroup \fIrange|userid_list\fR \fIgroupid\fR Adds the User to a secondary group
.
.IP "\(bu" 4
delgroup \fIrange|userid_list\fR \fIgroupid\fR Removes the User from a secondary group
.
.IP "\(bu" 4
chauth \fIuserid\fR [\fIauth\fR] [\fIpassword\fR] Changes the User\'s auth driver and its password (optional) Examples: oneuser chauth my_user core oneuser chauth my_user core new_password oneuser chauth my_user core \-r /tmp/mypass oneuser chauth my_user \-\-ssh \-\-key /home/oneadmin/\.ssh/id_rsa oneuser chauth my_user \-\-ssh \-r /tmp/public_key oneuser chauth my_user \-\-x509 \-\-cert /tmp/my_cert\.pem valid options: read_file, sha1, ssh, x509, key, cert, driver
.
.IP "\(bu" 4
list Lists Users in the pool valid options: list, listconf, delay, filter, csv, xml, numeric, describe
.
.IP "\(bu" 4
show [\fIuserid\fR] Shows information for the given User valid options: xml
.
.IP "\(bu" 4
encode \fIusername\fR [\fIpassword\fR] Encodes user and password to use it with ldap
.
.IP "\(bu" 4
passwdsearch \fIdriver\fR \fIpassword\fR Searches for users with a specific auth driver that has the given string in their password field valid options: csv, xml
.
.IP "\(bu" 4
token\-create [\fIusername\fR] Creates the login token for authentication\. The token can be used together with any authentication driver\. The token will be stored in $HOME/\.one/one_auth, and can be used subsequently to authenticate with oned through API, CLI or Sunstone\.
.
.IP "" 4
.
.nf

If <username> is ommited, it will infer it from the ONE_AUTH file\.

Example, request a valid token for a generic driver (e\.g\. core auth, LDAP\.\.\.):
  oneuser token\-create my_user \-\-time 3600

Example, request a group spefici token (new resources will be created in that
group and only resources that belong to that group will be listed):
  oneuser token\-create my_user \-\-group <id|group>

Example, generate and set a token for SSH based authentication:
  oneuser token\-create my_user \-\-ssh \-\-key /tmp/id_rsa \-\-time 72000

Example, same using X509 certificates:
  oneuser token\-create my_user \-\-x509 \-\-cert /tmp/my_cert\.pem
                        \-\-key /tmp/my_key\.pk \-\-time 72000

Example, now with a X509 proxy certificate
  oneuser token\-create my_user \-\-x509_proxy \-\-proxy /tmp/my_cert\.pem
                        \-\-time 72000
valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
.
.fi
.
.IP "" 0

.
.IP "\(bu" 4
token\-set [\fIusername\fR] Generates a ONE_AUTH file that contains the token\.
.
.IP "" 4
.
.nf

You must provide one (and only one) of the following options:

\-\-token <token>    searches for a token that starts with that string\. It must be
                   unique

\-\-group <id|group> returns the most durable token that provides access to that
                   specific group\.

\-\-global           returns the most durable global token (non group specific)\.

The argument \'username\' is optional, if omitted it is inferred from the ONE_AUTH
file\.

Example, set a token:
  $ oneuser token\-set my_user \-\-token 1d47
  export ONE_AUTH=/var/lib/one/\.one/<file>\.token; export ONE_EGID=\-1

You can copy & paste the output of the command and will load the proper
environment variables\.
valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password, token, global
.
.fi
.
.IP "" 0

.
.IP "\(bu" 4
token\-delete [\fIusername\fR] \fItoken\fR Expires a token and removes the associated ONE_AUTH file if present\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
.
.IP "\(bu" 4
token\-delete\-all \fIusername\fR Delete all the tokens of a user\. This command is intented to be executed by a user that has MANAGE permissions of the target user\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
.
.IP "" 0
.
.SH "ARGUMENT FORMATS"
.
.IP "\(bu" 4
file Path to a file
.
.IP "\(bu" 4
range List of id\'s in the form 1,8\.\.15
.
.IP "\(bu" 4
text String
.
.IP "\(bu" 4
groupid OpenNebula GROUP name or id
.
.IP "\(bu" 4
userid OpenNebula USER name or id
.
.IP "\(bu" 4
userid_list Comma\-separated list of OpenNebula USER names or ids
.
.IP "\(bu" 4
password User password
.
.IP "" 0
.
.SH "LICENSE"
OpenNebula 5\.3\.85 Copyright 2002\-2017, OpenNebula Project, OpenNebula Systems
.
.P
Licensed under the Apache License, Version 2\.0 (the "License"); you may not use this file except in compliance with the License\. You may obtain a copy of the License at http://www\.apache\.org/licenses/LICENSE\-2\.0