vid(1)

Name

vid - Get user access control information from the repository

Synopsis

vid [-R repos] [user]

Contents

• Description
• Flags
• Examples
• Configuration
• Limitations
• See Also
• Author

Description

The vid command prints out access control information about users. It gets this information from the repository, which makes it possible to determine exactly what permissions a user has. It can be useful for debugging permissions problems.

vid prints out several pieces of information:

• The user's global name and aliases are displayed one per line. These are represented as global usernames (user@realm). (The first name listed is the global name about which the request was made.)
• The user's group memberships are displayed one per line. These are represented as global group names (^group@realm).
• The user's UNIX user id. (This is the user id used in the NFS interface for anything owned by the user. For non-local users, this will be [Repository]vforeign_uid.)
• The user's UNIX primary group id.
• Any special powers granted to the user are displayed. Specically, these include: root (the user is [Repository]root_user), admin (this user has administrator access), wizard (this user has wizard access), runtool (this user is [Repository]runtool_user),

Users with administrator access may inquire about any user. The optional user may be specified either as a global username (user@realm) or as a local username without a realm, in which case the local realm will be assumed.

If you are inquiring about yourself at the local repository (the -R option is not used), vid will check that your user ID on the client machine matches the user ID that the repository has for you. If it doesn't (which probably indicates a misconfiguration), a warning will be printed.

vid returns status 0 for success, 1 for configuration errors, and 2 for network or permissions errors.

Flags

-R repos

Make the request for user information to repos instead of the default local repository. The repository is specified by host name and TCP port number in the format host:port. The :port portion may be omitted; it defaults to [Repository]VestaSourceSRPC_port.

Examples

Sample output for a normal user:

% vid
User names and aliases:
  john@smith.org
  jsmith@example.com
Groups:
  ^john@smith.org
  ^vesta@smith.org
  ^staff@example.com
  ^users@example.com
Unix (NFS) user ID:          1012
Unix (NFS) primary group ID: 1015

Sample output for an administrator inquiring about the wizard user:

# vid vwizard 
User names and aliases:
  vwizard@example.com
Groups:
  ^vadmin@example.com
  ^vesta@example.com
Unix (NFS) user ID:          1002
Unix (NFS) primary group ID: 1003
Special permissions:
  admin
  wizard

Configuration

The following values are obtained from the [UserInterface] section of the Vesta configuration file (vesta.cfg).

realm (optional)

If set, specifies the default realm to be used with an unqualified user argument (i.e. one containing no "@"). (If not set, [Repository]realm is used.)

The following values are obtained from the [Repository] section of the Vesta configuration file.

VestaSourceSRPC_host

The host name of the default (local) repository.

VestaSourceSRPC_port

The default TCP port number for repositories.

realm

If [UserInterface]realm is not set, specifies the default realm to be used with an unqualified user argument

Limitations

To inquire about any user (even yourself), you must be granted access to the repository. If you have no access, you cannot make inquiries.

As mentioned above, normal users can only inquire about themselves. Administrators can inquire about anyone.

See Also

repository(8), "Access Control" section, vesta-intro(1), repos-ui(1)

Author

Ken Schalk <ken@xorian.net>

Last modified on Wed Jan 22 23:04:28 EST 2003 by ken@xorian.net