Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved.
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
projmod [-n] [-A|-f filename | -]
projmod [-n] [-A|-f filename | -] [-p projid [-o]] [-c comment] [-a|-s|-r] [-U user [,user]... ] [-G group [,group]... ] [ [-K name [=value [,value]...]...]] [-l new_projectname] project
The projmod utility modifies a project's definition on the system. projmod changes the definition of the specified project and makes the appropriate project-related system file and file system changes.
The following options are supported:
-A
Apply the project's resource controls, as defined in the system's project database, to the project if it is active.
-a
Specify that the users, groups, attributes, or attribute values specified by the -U, -G or -K options should be added to the project, rather than replacing the existing member or attribute list.
-c comment
Specify comment as a text string. Generally, comment contains a short description of the project. This information is stored in the project's /etc/project entry.
-f filename | -
Specify the project file to modify or validate or specify input from stdin for validation. As noted under OPERANDS, if you do not specify a project in a projmod command line, projmod validates the argument to -f. If you do not use this option, the system project file, /etc/project, is modified.
-G group [,group...]
Specify a replacement list of member groups of the project. When used in conjunction with the -a or -r options, this option specifies a list of groups to be added or removed from the project.
-K name[=value[,value...]
Specify a replacement list of project attributes for the project. When used in conjunction with the -a, -r, or -s options, this option specifies a list of attribute values to be added, removed, or replaced in the project. Attributes must be delimited by semicolons (;). Multiple -K options can be specified to set, add, remove, or substitute values on multiple keys, such as:
-K key1=value1 -K "key2=(value2a),(value2b)"Resource control attributes use parentheses to specify values for a key. Because many user shells interpret parentheses as special characters, it is best to enclose an argument to -K that contains parentheses with double quotes, as shown above and in EXAMPLES, below. See resource_controls(5) for a description of the resource controls you can specify for a project.
-l new_projectname
Specify the new project name for the project. The new_projectname argument is a string consisting of characters from the set of alphabetic characters, numeric characters, period (.), underline (_), and hyphen (-). The first character should be alphabetic. An error message is written if these restrictions are not met. The project name must also be unique within the project file.
-n
Syntax check. Check the format of the existing system project file and modifications only. The contents of the existing project file, such as user names, group names, and resources that are specified in the project attributes are not checked.
-o
This option allows the project ID specified by the -p option to be non-unique within the project file.
-p projid
Specify a new project ID for the project. It must be a non-negative decimal integer less than MAXUID as defined in param.h. This value must be unique within the project file if the -o option is not specified.
-r
Specify that the users, groups, attributes, or attribute values specified by the -U, -G or -K options should be removed from the project, rather than replacing the existing member or attribute list.
-s
Specify that the list of attributes specified by the -K option should have their values replaced. If the attributes do not exist, they are added as if the a option was used. This option has no effect the -U or -G options.
-U user [,user...]
Specify a replacement list of member users of the project. When used in conjunction with the -a or -r options, this option specifies a list of users to be added or removed from the project.
The following operands are supported:
project
An existing project name to be modified or displayed.
(none)
If no operand is given, the project file is validated without modifying any project.
Example 1 Using the -K Option for Addition of an Attribute Value
Consider the following project(4) entry:
salesaudit:111:Auditing Project::sales,finance: \e process.max-file-size=(priv,52428800,deny); \e task.max-lwps=(priv,100,deny)
The preceding would appear as one line in /etc/project. For this and the following examples, the focus is on the attributes field in the project entry. That is, the last field, the field following the last semicolon.
The attributes field for the project salesaudit lists the following resource control:
task.max-lwps=(priv,1000,signal=KILL)
The following projmod command adds an action clause to the preceding entry:
# projmod -a -K "task.max-lwps=(priv,100,deny)" salesaudit
...with the resulting attributes field in the entry for salesaudit:
task.max-lwps=(priv,100,deny),(priv,1000,signal=KILL)
Example 2 Using the -K Option for the Substitution of an Attribute Value
Assume an attributes field in a project(4) entry for the project salesaudit that lists the following resource control:
task.max-lwps=(priv,100,deny),(priv,1000,signal=KILL)
The following projmod command substitutes the action clause specified in the command for the action clauses in the preceding entry:
# projmod -s -K "task.max-lwps=(priv,500,signal=SIGSTOP)" salesaudit
...with the resulting attributes field in the entry for salesaudit:
task.max-lwps=(priv,500,signal=SIGSTOP)
Example 3 Using the -K Option for Removal of an Attribute Value
Assume an attributes field in a project(4) entry for a project salesaudit that lists the following resource control:
task.max-lwps=(priv,100,deny),(priv,1000,signal=KILL)
The following projmod command removes the first action clause from the preceding entry:
# projmod -r -K "task.max-lwps=(priv,100,deny)" salesaudit
...with the resulting attributes field in the entry for salesaudit:
task.max-lwps=(priv,1000,signal=KILL)
Example 4 Specifying Multiple Attribute Values
Suppose you want to achieve the following resource controls for the project salesaudit:
task.max-lwps=(priv,100,deny) process.max-file-size=(priv,50MB,deny)
The following projmod command adds these resource controls for salesaudit:
# projmod -a -K "task.max-lwps=(priv,100,deny)" \e -K "process.max-file-size=(priv,50MB,deny)" salesaudit
...with the resulting attributes field in the entry for salesaudit:
task.max-lwps=(priv,100,deny);process.max-file-size=(priv,52428800,deny)
In this example, note the effect of the use of the modifier and scaling factor for the resource control process.max-file-size. The specification in projmod:
"process.max-file-size=(priv,50MB,deny)"
process.max-file-size=(priv,52428800,deny)
That is, 50MB is expanded to 52428800. The modifiers, such as MB, and scaling factors you can use for resource controls are specified in resource_controls(5).
Example 5 Binding a Pool to a Project
The following command sets the project.pool attribute for the project sales.
# projmod -a -K project.pool=salespool sales
Example 6 Evaluating Input from stdin
The following command uses the -f option without a project name operand to evaluate the contents of an NIS projects map.
# ypcat project | projmod -f -
In case of an error, projmod prints an error message and exits with one of the following values:
The following exit values are returned:
0
Successful completion.
2
The command syntax was invalid. A usage message for projmod is displayed.
3
An invalid argument was provided to an option.
4
The projid given with the -p option is already in use.
5
The project files contain an error. See project(4).
6
The project to be modified, group, user, or resource does not exist.
9
The project is already in use.
10
System file containing group definitions
System project file
System password file
System file containing users' encrypted passwords and related information
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | See below. |
Invocation is evolving. Human readable output is unstable.
groupadd(1M), groupdel(1M), groupmod(1M), projadd(1M), projdel(1M), useradd(1M), userdel(1M), usermod(1M), passwd(4), project(4), attributes(5), resource_controls(5)
The projmod utility modifies project definitions only in the local /etc/project file. If a network name service such as NIS or LDAP is being used to supplement the local files with additional entries, projmod cannot change information supplied by the network name service. However projmod verifies the uniqueness of project name and project ID against the external name service.