cell(1m) Open Software Foundation cell(1m)
NAME [Toc] [Back]
cell - A dcecp task object that operates on a DCE cell
SYNOPSIS [Toc] [Back]
cell backup [cell_name]
cell catalog [cell_name]
cell help [operation | -verbose]
cell operations
cell ping [cell_name] [-clients] [-replicas]
cell show [cell_name] [-simplename]
ARGUMENTS [Toc] [Back]
cell_name The name of a single cell to operate on. The name must be a
fully qualified cell name such as either of the following:
/.../their_cell.goodco.com
/.:
operation The name of the cell operation for which to display help
information.
DESCRIPTION [Toc] [Back]
The cell task object represents a single DCE cell as a whole,
including all machines, services, resources, principals, and so on.
The optional cell_name argument is a single cell name (not a list of
cell names). If omitted, the local cell (/.:) is the default.
ATTRIBUTES [Toc] [Back]
secservers
Each value is the name of a security server in the cell.
cdsservers
Each value is the name of a machine running a Cell Directory
Service (CDS) server in the cell. The name is the simple
name found under /.:/hosts.
dtsservers
Each value is the name of a Distributed Time Service (DTS)
server in the cell.
hosts Each value is the name of a host in the cell, including
machines mentioned previously as servers; for example,
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
cell(1m) Open Software Foundation cell(1m)
hosts/machine1.
See the OSF DCE Administration Guide for more information about cell
attributes.
OPERATIONS [Toc] [Back]
cell backup
Backs up the master security database and each clearinghouse with
master replicas in the cell. The syntax is as follows:
cell backup [cell_name]
The cell backup command backs up the master security database and each
clearinghouse with master replicas in the cell. It requires that dced
be running on each of the server hosts in remote access mode (with the
-r option).
Prepare a cell for regular backup operations by changing the access
control lists (ACLs) on two of the dced objects on the local machine
and setting up an extended registry attribute (ERA) that can specify a
backup destination (typically a tape archive). Then add the new
attribute to the principals for the master DCE Security Service
registry database and all CDS clearinghouses with master replicas that
you want to back up. To do this, follow these steps:
1. Verify that the dced process is running in remote access mode (-
r), then put the DCE daemon into partial service mode by sending
the dced process the correct signal:
kill -SIGUSR1 pid_of_dced
2. Invoke dcecp with the -local option:
dcecp -local
cecp>
3. As the machine principal (usually root), modify ACLs on the local
hostdata and srvrconf objects to allow the subsys/dce/dced-admin
group access by using the following dcecp acl operations:
dcecp> acl modify hostdata -add {group subsys/dce/dced-admin -riI} -local
dcecp> acl modify srvrconf -add {group subsys/dce/dced-admin -riI} -local
dcecp> acl modify srvrconf -add {group subsys/dce/dced-admin -d-rwx} -io -local
dcecp>
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
cell(1m) Open Software Foundation cell(1m)
4. Put the DCE daemon back into full service mode with the following
command:
kill -SIGUSR1 pid_of_dced
5. As the cell administrator (usually cell_admin), create an ERA as
a string that specified a backup destination. Name the ERA
/.:/sec/xattrschema/bckp_dest and the type printstring. Select
the ACL manager named principal and set its four permission bits
to r (read), m (manage), r (read), and D (Delete) as shown in the
following command:
dcecp> xattrschema create /.:/sec/xattrschema/bckp_dest \
-encoding printstring -aclmgr {principal r m r D}
dcecp>
6. As the cell administrator, add the new ERA (bckp_dest) to the
principal dce-rgy (the DCE Security Service registry database).
Set the value to be the tar filename or the device that is the
backup destination, as follows:
dcecp> principal modify dce-rgy -add {bckp_dest tarfilename_or_device}
dcecp>
7. As the cell administrator, add the new ERA (bckp_dest) to the
principal /.:/hosts/hostname/cds-server (the CDS server). Set
the value to be the tar filename or the device that is the backup
destination, as follows:
dcecp> principal modify /.:/hosts/hostname/cds-server \
-add {bckp_dest tarfilename_or_device}
dcecp>
Now, as the cell administrator, whenever you want to back up your
registry database or CDS database, you can simply invoke a cell backup
command.
You can back up another cell by including the cell name as an argument
to the cell backup command. Note that you need the necessary
permissions in the remote cell. Refer to the registry object reference
page for the required privileges. This command returns the string "DCE
Cell backup complete" on success.
Privileges Required [Toc] [Back]
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
cell(1m) Open Software Foundation cell(1m)
The administrator must be logged in as the local superuser (root). It
also requires the user to be authenticated to the security service as
the cell administrator.
Examples [Toc] [Back]
dcecp> cell backup
DCE Cell gumby1 backup complete
dcecp>
cell catalog
Lists the foreign cells that are known by the specified cell. The
syntax is as follows:
cell catalog [cell_name]
The catalog operation returns a list of the names of all cells
currently registered in the specified cell. The list includes the name
of the specified cell itself and of any registered foreign cells. If
no cell_name is provided, the operation returns cells registered in
the local cell.
Privileges Required [Toc] [Back]
You must have r (read) permission to the /.:/sec/principal directory
and r (read) permission to the specified cell principals.
Examples [Toc] [Back]
dcecp> cell catalog /.:
/.../gumby_cell
/.../pokey_cell
/.../barney_cell
dcecp>
cell help
Returns help information about the cell task object and its
operations. The syntax is as follows:
cell help [operation | -verbose]
Options [Toc] [Back]
-verbose Displays information about the cell task object.
Hewlett-Packard Company - 4 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
cell(1m) Open Software Foundation cell(1m)
Used without an argument or option, the cell help command returns
brief information about each cell operation. The optional operation
argument is the name of an operation about which you want detailed
information. Alternatively, you can use the -verbose option for more
detailed information about the cell task object itself.
Privileges Required [Toc] [Back]
No special privileges are needed to use the cell help command.
Examples [Toc] [Back]
dcecp> cell help
backup Backs up master security database and known clearinghouses.
catalog Returns the names of the cells known to a cell.
ping Shows the current server status of a cell.
show Returns attributes describing the configuration of a cell.
help Prints a summary of command-line options.
operations Returns a list of the valid operations for this command.
dcecp>
cell operations
Returns a list of the operations supported by the cell task object.
The syntax is as follows:
cell operations
The list of available operations is in alphabetical order except for
help and operations, which are listed last.
Privileges Required [Toc] [Back]
No special privileges are needed to use the cell operations command.
Examples [Toc] [Back]
cecp> cell operations
backup catalog ping show help operations
dcecp>
cell ping
Performs quick checks to test whether a cell is running. The syntax is
as follows:
cell ping [cell_name] [-clients] [-replicas]
Hewlett-Packard Company - 5 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
cell(1m) Open Software Foundation cell(1m)
Options [Toc] [Back]
-clients This option causes the command to ping every machine in the
cell. It does this by looping though /.:/hosts and doing a
host ping on each host name. In case of failure, it
generates an error and returns a list of hosts that could
not be contacted. On success, it returns DCE clients
available.
-replicas This option causes the command to ping the master security
server, each security replica in the cell, all the CDS
servers in the cell, and all the DTS servers in the cell. In
case of failure, it generates an error and returns a list of
servers that could not be contacted. On success, it returns
DCE servers available .
The ping operation performs a quick check to test whether a cell is
running.
If called with no option, it pings (using server ping) the master
security server, the CDS server that currently holds the write copy of
the the cell root directory (/.:), and all the DTS servers in the
cell. In case of failure, it generates an error and returns a list of
servers that could not be contacted. On success, it returns DCE
services available.
The -replicas option causes the command to ping each security replica
and CDS server as well as those mentioned above. In case of failure,
it generates an error and returns a list of servers that could not be
contacted. On success, it returns DCE servers available.
The -clients option causes the command to ping every machine in the
cell. It does this by looping though /.:/hosts and doing a host ping
on the host name. In case of failure, it generates an error and
returns a list of hosts that could not be contacted. On success, it
returns DCE clients available .
Privileges Required [Toc] [Back]
You must have r (read) permission to the following directories:
/.:/hosts, /.:/hosts/hostname, and /.:/subsys/dce/sec.
Examples [Toc] [Back]
The following command tests whether the core services master servers
are available:
dcecp> cell ping /.../blue.cell.osf.org
DCE services available
Hewlett-Packard Company - 6 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
cell(1m) Open Software Foundation cell(1m)
dcecp>
The following command tests whether the core services and their
replicas are available:
dcecp> cell ping -replicas
DCE servers available
dcecp>
The following command tests the presence of all DCE hosts in a cell:
dcecp> cell ping -clients
DCE clients available
dcecp>
cell show
Returns attributes describing the configuration of the specified cell.
The syntax is as follows:
cell show [cell_name] [-simplename]
Options [Toc] [Back]
-simplename
Returns the cell information without prepending the cell
name.
The show operation returns attributes describing the configuration of
the specified cell. The returned attributes are as follows:
secservers
Each value is the name of a security server.
cdsservers
Each value is the name of a machine running a CDS server.
The name is the simple name found under /.:/hosts.
dtsservers
Each value is the name of a DTS server in the cell.
hosts Each value is the name of a host in the cell, including
machines mentioned previously as servers; for example,
hosts/machine1.
Hewlett-Packard Company - 7 OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96
cell(1m) Open Software Foundation cell(1m)
See the OSF DCE Administration Guide for more information about cell
attributes.
Privileges Required [Toc] [Back]
You must have r (read) permission to the following directories in the
CDS namespace: /.:/hosts, /.:/hosts/hostname, and /.:/susbys/dce/sec
Examples [Toc] [Back]
dcecp> cell show /.../dcecp.cell.osf.org
{secservers
/.../dcecp.cell.osf.org/subsys/dce/sec/ice
/.../dcecp.cell.osf.org/subsys/dce/sec/fire}
{cdsservers
/.../dcecp.cell.osf.org/hosts/frick}
{dtsservers
/.../dcecp.cell.osf.org/hosts/frick
/.../dcecp.cell.osf.org/hosts/ice
/.../dcecp.cell.osf.org/hosts/ninja}
{hosts
/.../dcecp.cell.osf.org/hosts/fire
/.../dcecp.cell.osf.org/hosts/frick
/.../dcecp.cell.osf.org/hosts/ice
/.../dcecp.cell.osf.org/hosts/ninja}
dcecp>
dcecp> cell show -simplename
{secservers
subsys/dce/sec/ice
subsys/dce/sec/fire}
{cdsservers
hosts/frick}
{dtsservers
hosts/frick
hosts/ice
hosts/ninja}
{hosts
hosts/fire
hosts/frick
hosts/ice
hosts/ninja}
dcecp>
RELATED INFORMATION [Toc] [Back]
Commands: dcecp(1m), dcecp_directory(1m), dcecp_host(1m),
dcecp_server(1m), dced(1m).
Hewlett-Packard Company - 8 -�OSF DCE 1.1/HP DCE 1.8 PHSS_26394-96 [ Back ] |
