mirror of
https://github.com/OpenNebula/one.git
synced 2025-01-22 22:03:39 +03:00
227 lines
9.2 KiB
Groff
227 lines
9.2 KiB
Groff
.\" generated with Ronn/v0.7.3
|
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
|
.
|
|
.TH "ONEUSER" "1" "October 2016" "" "oneuser(1) -- manages OpenNebula users"
|
|
.
|
|
.SH "NAME"
|
|
\fBoneuser\fR \- manages OpenNebula users
|
|
.
|
|
.SH "SYNOPSIS"
|
|
\fBoneuser\fR \fIcommand\fR [\fIargs\fR] [\fIoptions\fR]
|
|
.
|
|
.SH "OPTIONS"
|
|
.
|
|
.nf
|
|
|
|
\-\-group id|name Comma\-separated list of Groups for the new User\.
|
|
The first Group will be the main one\.
|
|
\-r, \-\-read\-file Read password from file
|
|
\-\-sha1 The password will be hashed using the sha1
|
|
algorithm
|
|
\-\-ssh SSH Auth system
|
|
\-\-x509 x509 Auth system for x509 certificates
|
|
\-k, \-\-key path_to_private_key_pem Path to the Private Key of the User
|
|
\-c, \-\-cert path_to_user_cert_pem Path to the Certificate of the User
|
|
\-\-driver driver Driver to authenticate this user
|
|
\-a, \-\-append Append new attributes to the current template
|
|
\-\-x509_proxy x509 Auth system based on x509 proxy certificates
|
|
\-\-proxy path_to_user_proxy_pem Path to the user proxy certificate
|
|
\-\-time x Token duration in seconds, defaults to 36000 (10
|
|
h)\. To reset the token set time to 0\.To generate
|
|
a non\-expiring token use \-1 (not valid for ssh
|
|
and x509 tokens)\.
|
|
\-\-force Force one_auth file rewrite
|
|
\-\-stdin_password enable stdin password
|
|
\-l, \-\-list x,y,z Selects columns to display with list command
|
|
\-c, \-\-listconf conf Selects a predefined column list
|
|
\-d, \-\-delay x Sets the delay in seconds for top command
|
|
\-f, \-\-filter x,y,z Filter data\. An array is specified with
|
|
column=value pairs\.
|
|
\-\-csv Write table in csv format
|
|
\-x, \-\-xml Show the resource in xml format
|
|
\-n, \-\-numeric Do not translate user and group IDs
|
|
\-\-describe Describe list columns
|
|
\-\-token token_hint The Token to be loaded\.
|
|
\-\-global Find a global Token\.
|
|
\-v, \-\-verbose Verbose mode
|
|
\-h, \-\-help Show this message
|
|
\-V, \-\-version Show version and copyright information
|
|
\-\-user name User name used to connect to OpenNebula
|
|
\-\-password password Password to authenticate with OpenNebula
|
|
\-\-endpoint endpoint URL of OpenNebula xmlrpc frontend
|
|
.
|
|
.fi
|
|
.
|
|
.SH "COMMANDS"
|
|
.
|
|
.IP "\(bu" 4
|
|
create \fIusername\fR [\fIpassword\fR] Creates a new User Examples: oneuser create my_user my_password oneuser create my_user \-r /tmp/mypass oneuser create my_user my_password \-\-group users,102,testers oneuser create my_user \-\-ssh \-\-key /tmp/id_rsa oneuser create my_user \-\-ssh \-r /tmp/public_key oneuser create my_user \-\-x509 \-\-cert /tmp/my_cert\.pem valid options: group, read_file, sha1, ssh, x509, key, cert, driver
|
|
.
|
|
.IP "\(bu" 4
|
|
update \fIuserid\fR [\fIfile\fR] Update the template contents\. If a path is not provided the editor will be launched to modify the current content\. valid options: append
|
|
.
|
|
.IP "\(bu" 4
|
|
quota \fIuserid\fR [\fIfile\fR] Set the quota limits for the user\. If a path is not provided the editor will be launched to modify the current quotas\.
|
|
.
|
|
.IP "\(bu" 4
|
|
batchquota \fIrange|userid_list\fR [\fIfile\fR] Sets the quota limits in batch for various users\. If a path is not provided the editor will be launched to create new quotas\.
|
|
.
|
|
.IP "\(bu" 4
|
|
defaultquota [\fIfile\fR] Sets the default quota limits for the users\. If a path is not provided the editor will be launched to modify the current default quotas\.
|
|
.
|
|
.IP "\(bu" 4
|
|
umask \fIrange|userid_list\fR [\fImask\fR] Changes the umask used to create the default permissions\. In a similar way to the Unix umask command, the expected value is a three\-digit base\-8 number\. Each digit is a mask that disables permissions for the owner, group and other, respectively\.
|
|
.
|
|
.IP "" 4
|
|
.
|
|
.nf
|
|
|
|
If mask is not given, or if it is an empty string, the umask will
|
|
be unset
|
|
.
|
|
.fi
|
|
.
|
|
.IP "" 0
|
|
|
|
.
|
|
.IP "\(bu" 4
|
|
login [\fIusername\fR] Alias of token\-create\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
|
|
.
|
|
.IP "\(bu" 4
|
|
key Shows a public key from a private SSH key\. Use it as password for the SSH authentication mechanism\. valid options: key
|
|
.
|
|
.IP "\(bu" 4
|
|
delete \fIrange|userid_list\fR Deletes the given User
|
|
.
|
|
.IP "\(bu" 4
|
|
passwd \fIuserid\fR [\fIpassword\fR] Changes the given User\'s password valid options: read_file, sha1, ssh, x509, key, cert, driver
|
|
.
|
|
.IP "\(bu" 4
|
|
chgrp \fIrange|userid_list\fR \fIgroupid\fR Changes the User\'s primary group
|
|
.
|
|
.IP "\(bu" 4
|
|
addgroup \fIrange|userid_list\fR \fIgroupid\fR Adds the User to a secondary group
|
|
.
|
|
.IP "\(bu" 4
|
|
delgroup \fIrange|userid_list\fR \fIgroupid\fR Removes the User from a secondary group
|
|
.
|
|
.IP "\(bu" 4
|
|
chauth \fIuserid\fR [\fIauth\fR] [\fIpassword\fR] Changes the User\'s auth driver and its password (optional) Examples: oneuser chauth my_user core oneuser chauth my_user core new_password oneuser chauth my_user core \-r /tmp/mypass oneuser chauth my_user \-\-ssh \-\-key /home/oneadmin/\.ssh/id_rsa oneuser chauth my_user \-\-ssh \-r /tmp/public_key oneuser chauth my_user \-\-x509 \-\-cert /tmp/my_cert\.pem valid options: read_file, sha1, ssh, x509, key, cert, driver
|
|
.
|
|
.IP "\(bu" 4
|
|
list Lists Users in the pool valid options: list, listconf, delay, filter, csv, xml, numeric, describe
|
|
.
|
|
.IP "\(bu" 4
|
|
show [\fIuserid\fR] Shows information for the given User valid options: xml
|
|
.
|
|
.IP "\(bu" 4
|
|
encode \fIusername\fR [\fIpassword\fR] Encodes user and password to use it with ldap
|
|
.
|
|
.IP "\(bu" 4
|
|
passwdsearch \fIdriver\fR \fIpassword\fR Searches for users with a specific auth driver that has the given string in their password field valid options: csv, xml
|
|
.
|
|
.IP "\(bu" 4
|
|
token\-create [\fIusername\fR] Creates the login token for authentication\. The token can be used together with any authentication driver\. The token will be stored in $HOME/\.one/one_auth, and can be used subsequently to authenticate with oned through API, CLI or Sunstone\.
|
|
.
|
|
.IP "" 4
|
|
.
|
|
.nf
|
|
|
|
If <username> is ommited, it will infer it from the ONE_AUTH file\.
|
|
|
|
Example, request a valid token for a generic driver (e\.g\. core auth, LDAP\.\.\.):
|
|
oneuser token\-create my_user \-\-time 3600
|
|
|
|
Example, request a group spefici token (new resources will be created in that
|
|
group and only resources that belong to that group will be listed):
|
|
oneuser token\-create my_user \-\-group <id|group>
|
|
|
|
Example, generate and set a token for SSH based authentication:
|
|
oneuser token\-create my_user \-\-ssh \-\-key /tmp/id_rsa \-\-time 72000
|
|
|
|
Example, same using X509 certificates:
|
|
oneuser token\-create my_user \-\-x509 \-\-cert /tmp/my_cert\.pem
|
|
\-\-key /tmp/my_key\.pk \-\-time 72000
|
|
|
|
Example, now with a X509 proxy certificate
|
|
oneuser token\-create my_user \-\-x509_proxy \-\-proxy /tmp/my_cert\.pem
|
|
\-\-time 72000
|
|
valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
|
|
.
|
|
.fi
|
|
.
|
|
.IP "" 0
|
|
|
|
.
|
|
.IP "\(bu" 4
|
|
token\-set [\fIusername\fR] Generates a ONE_AUTH file that contains the token\.
|
|
.
|
|
.IP "" 4
|
|
.
|
|
.nf
|
|
|
|
You must provide one (and only one) of the following options:
|
|
|
|
\-\-token <token> searches for a token that starts with that string\. It must be
|
|
unique
|
|
|
|
\-\-group <id|group> returns the most durable token that provides access to that
|
|
specific group\.
|
|
|
|
\-\-global returns the most durable global token (non group specific)\.
|
|
|
|
The argument \'username\' is optional, if omitted it is inferred from the ONE_AUTH
|
|
file\.
|
|
|
|
Example, set a token:
|
|
$ oneuser token\-set my_user \-\-token 1d47
|
|
export ONE_AUTH=/var/lib/one/\.one/<file>\.token; export ONE_EGID=\-1
|
|
|
|
You can copy & paste the output of the command and will load the proper
|
|
environment variables\.
|
|
valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password, token, global
|
|
.
|
|
.fi
|
|
.
|
|
.IP "" 0
|
|
|
|
.
|
|
.IP "\(bu" 4
|
|
token\-delete [\fIusername\fR] \fItoken\fR Expires a token and removes the associated ONE_AUTH file if present\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
|
|
.
|
|
.IP "\(bu" 4
|
|
token\-delete\-all \fIusername\fR Delete all the tokens of a user\. This command is intented to be executed by a user that has MANAGE permissions of the target user\. valid options: ssh, x509, x509_proxy, key, cert, proxy, time, force, group, stdin_password
|
|
.
|
|
.IP "" 0
|
|
.
|
|
.SH "ARGUMENT FORMATS"
|
|
.
|
|
.IP "\(bu" 4
|
|
file Path to a file
|
|
.
|
|
.IP "\(bu" 4
|
|
range List of id\'s in the form 1,8\.\.15
|
|
.
|
|
.IP "\(bu" 4
|
|
text String
|
|
.
|
|
.IP "\(bu" 4
|
|
groupid OpenNebula GROUP name or id
|
|
.
|
|
.IP "\(bu" 4
|
|
userid OpenNebula USER name or id
|
|
.
|
|
.IP "\(bu" 4
|
|
userid_list Comma\-separated list of OpenNebula USER names or ids
|
|
.
|
|
.IP "\(bu" 4
|
|
password User password
|
|
.
|
|
.IP "" 0
|
|
.
|
|
.SH "LICENSE"
|
|
OpenNebula 5\.2\.0 Copyright 2002\-2016, OpenNebula Project, OpenNebula Systems
|
|
.
|
|
.P
|
|
Licensed under the Apache License, Version 2\.0 (the "License"); you may not use this file except in compliance with the License\. You may obtain a copy of the License at http://www\.apache\.org/licenses/LICENSE\-2\.0
|