sa_admin, -ofp, -ofs, -ofg, and -ofo options support specifying filenames with wildcard characters. When one of these options specifies a filename that includes ? or * characters, the utility retrieves a list of files matching the filename wildcard specifier and executes the specified command for each file.
Retrieve a List of Filenames from the server with sa_admin
-ofl (list files) is used to list the files on the FairCom Server system matching the specified filename including wildcard characters.
sa_admin Support for Encrypted Password Files
This utility supports the use of an encrypted password file. Encrypted password files keep user IDs and passwords from plain view when the utility is used within a script file. They are created with the ctcmdset utility. The plain text form of the file should be:
; User Id USERID ADMIN ; User Password PASSWD <pass>
Use the -1 option to specify the name of the encrypted file. The encrypted password file name is specified using the command-line option:
-1 <filename>
TLS Security
-S - TLS/SSL options for secure connection:
BASIC - Basic TLS/SSL encryption
<cert_filename> - Client cross-check certificate for TLS authentication
Using -ofs to Clear the Permission Mask
Sometimes it is desirable to make the permission mask empty instead of just adding more permissions to allow all access. For example, consider a file with this permission mask, which has permissions for "owner" and "world":
Permission mask = 0x2783e = {
owner: read write def delete
world: read write def delete nopass
}
To remove all permissions for "owner" and "world" you can use the -ofs option as follows:
Note: There is no space between the switch and its parameter.
User Options
The following options, all beginning with -ou, allow changes to user information. Additional group and file options are described below.
Note: To use any optional entry, you must use all the previous entries even if they would otherwise be optional. For example, to add a user with the -oua option and specify a group, you must also enter the userid, desc, and password.
rule: Optional user memory rule. Used only with memory. The optional <rule> is A for absolute, D for default, or G for guideline (example -m 10485760a specifies an absolute memory limit of 10 MB). NULL for Default.
-b begdat: Optional starting validity date. Specify as mm/dd/yyyy. NULL for Default.
-e enddat: Optional ending validity date. Specify as mm/dd/yyyy. NULL for Default.
-l loglimit: Optional maximum invalid logon attempts. NULL for Default.
-r rsmlogon is the logon block period in minutes. Specifying a value of “block” (e.g., -r block) blocks the account indefinitely (until it is unblocked by an administrator, and specifying a value of “unblock” (e.g., -r unblock) unblocks the account immediately.
-t mstlogon is the interval in minutes during which the user must logon at least once, otherwise the account is blocked.
-b begdat: Optional starting validity date. Specify as mm/dd/yyyy. NULL for Default
-e enddat: Optional ending validity date. Specify as mm/dd/yyyy. NULL for Default
-l loglimit: Optional maximum invalid logon attempts. 0 for Default. -1 to disable invalid logon check.
-t mstlogon: Optional must logon period, e.g., how often the user must log on to remain active. The interval in minutes during which the user must logon at least once, otherwise the account is blocked. Specify as number of minutes. NULL for Default. -1 to disable must logon period.
-r rsmlogon: Optional logon timeout remaining. If a user has been denied access to the FairCom Server due to excessive invalid logon attempts, you can adjust the remaining user lockout time here. Specify as number of minutes. NULL to leave unchanged. Specifying a value of “block” (e.g., -r block) blocks the account indefinitely (until it is unblocked by an administrator), and specifying a value of “unblock” (e.g., -r unblock) unblocks the account immediately.
The following options, all beginning with -og, allow changes to group information. Additional user and file options are described elsewhere.
Note: To use any optional entry, you must use all the previous entries. For example, to specify a rule when adding a group with the -oga option, you must also enter the desc and memory options for the group.
Option Group Add
-oga <groupid> [-d <desc>] [-m <memory>][<rule>]]
groupid: Group id (required)
-d desc: Optional group description
memory is the memory limit and the optional <rule> is A for absolute, D for default, or G for guideline (example -m 10485760a specifies an absolute memory limit of 10 MB).
permission: File permission mask. To set a permission, set the byte at the corresponding offset to a value of ‘+’. To reset a specified permission, set the corresponding byte to ‘-’. For example, the string “+++++-----+++++” sets all OWNER and WORLD permissions, and clears all GROUP permissions. This field is interpreted as a 15-byte permission mask containing owner, group, and world permissions:
(offset)
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
----OWNER---- ----GROUP---- -----WORLD----
r w f d p r w f d p r w f d p
r = Read w = Write f = define d = Delete p = noPass
Options are evaluated left to right. For example, specifying -groupwrite +groupwrite has the effect of adding the groupwrite permission, and specifying +worldall -worldread turns on all world permissions except read permission.
Example - remove all file permissions: sa_admin -aADMIN -pADMIN -f"" -sFAIRCOMS -ofs "C:\FairCom\data\db1.dbs\owner1_table2.dat" -ownerall -groupall -worldall
Example - set typical file permissions: owner ALL, group RWDP, world R: sa_admin -aADMIN -pADMIN -f"" -sFAIRCOMS -ofs "C:\FairCom\data\db1.dbs\owner1_table2.dat" +ownerall +groupall -groupdefine -worldall +worldread
-ofs <filename> <permmask> is the same as current usage:
-ofs test.dat ++++++++++-----
-ofs <filename> <permission> ... sets the file permissions to the specified permissions. The following command sets all owner and group permissions and resets all world permissions:
-ofs test.dat ownerall groupall
-ofs <filename> +|- <permission> ... adds/removes specified permissions to/from current file permissions. The following command adds the worldread permission to the current file permissions and removes the groupwrite permission from the current file permissions:
