summaryrefslogtreecommitdiff
path: root/cleopatre/application/spidnetsnmp/man/snmpvacm.1.def
diff options
context:
space:
mode:
Diffstat (limited to 'cleopatre/application/spidnetsnmp/man/snmpvacm.1.def')
-rw-r--r--cleopatre/application/spidnetsnmp/man/snmpvacm.1.def368
1 files changed, 0 insertions, 368 deletions
diff --git a/cleopatre/application/spidnetsnmp/man/snmpvacm.1.def b/cleopatre/application/spidnetsnmp/man/snmpvacm.1.def
deleted file mode 100644
index a854fd5693..0000000000
--- a/cleopatre/application/spidnetsnmp/man/snmpvacm.1.def
+++ /dev/null
@@ -1,368 +0,0 @@
-.TH SNMPVACM 1 "30 May 2003" VVERSIONINFO "Net-SNMP"
-.UC 4
-.SH NAME
-snmpvacm - creates and maintains SNMPv3 View-based Access Control entries on a network entity
-.SH SYNOPSIS
-.B snmpvacm
-[COMMON OPTIONS]
-.B createSec2Group
-MODEL SECURITYNAME GROUPNAME
-.br
-.B snmpvacm
-[COMMON OPTIONS]
-.B deleteSec2Group
-MODEL SECURITYNAME
-.br
-.B snmpvacm
-[COMMON OPTIONS]
-.B createView
-[-Ce] NAME SUBTREE MASK
-.br
-.B snmpvacm
-[COMMON OPTIONS]
-.B deleteView
-NAME SUBTREE
-.br
-.B snmpvacm
-[COMMON OPTIONS]
-.B createAccess
-GROUPNAME [CONTEXTPREFIX] MODEL LEVEL CONTEXTMATCH READVIEW WRITEVIEW NOTIFYVIEW
-.br
-.B snmpvacm
-[COMMON OPTIONS]
-.B deleteAccess
-GROUPNAME [CONTEXTPREFIX] MODEL LEVEL
-.br
-.B snmpvacm
-[COMMON OPTIONS]
-.B createAuth
-GROUPNAME [CONTEXTPREFIX] MODEL LEVEL AUTHTYPE CONTEXTMATCH VIEW
-.br
-.B snmpvacm
-[COMMON OPTIONS]
-.B deleteAuth
-GROUPNAME [CONTEXTPREFIX] MODEL LEVEL AUTHTYPE
-
-.SH DESCRIPTION
-.B snmpvacm
-is an SNMP application that can be used to do simple maintenance on the
-View-based Control Module (VACM) tables of an SNMP agent.
-The SNMPv3 VACM specifications (see RFC2575) define assorted tables
-to specify groups of users, MIB views, and authorised access settings.
-These
-.BR snmpvacm
-commands effectively create or delete rows in the appropriate one of
-these tables, and match the equivalent configure directives
-which are documented in the
-.I snmpd.conf(5)
-man page.
-.PP
-A fuller explanation of how these operate can be found in the project FAQ.
-.SH SUB-COMMANDS
-
-.SS createSec2Group \fRMODEL SECURITYNAME GROUPNAME\fP
-.PP
-Create an entry in the SNMPv3 security name to group table. This table
-allows a single access control entry to be applied to a number of users
-(or 'principals'),
-and is indexed by the security model and security name values.
-.PP
-MODEL
-.IP
-An integer representing the security model, taking one of the following
-values:
-.br
-1 - reserved for SNMPv1
-.br
-2 - reserved for SNMPv2c
-.br
-3 - User-based Security Model (USM)
-
-.PP
-SECURITYNAME
-.IP
-A string representing the security name for a principal (represented in
-a security-model-independent format). For USM-based requests, the security
-name is the same as the username.
-
-.PP
-GROUPNAME
-.IP
-A string identifying the group that this entry (i.e. security name/model
-pair) should belong to. This group name will then be referenced in the
-access table (see
-.B createAccess
-below).
-.PP
-.SS deleteSec2Group \fRMODEL SECURITYNAME\fP
-.PP
-Delete an entry from the SNMPv3 security name to group table, thus removing
-access control settings for the given principal. The entry to be removed is
-indexed by the MODEL and SECURITYNAME values, which should match those used
-in the corresponding
-.B createSec2Group
-command (or equivalent).
-
-.SS createView \fR[-Ce] NAME SUBTREE MASK\fP
-.PP
-Create an entry in the SNMPv3 MIB view table.
-A MIB view consists of a family of view subtrees which may be individually
-included in or (occasionally) excluded from the view. Each view subtree is
-defined by a combination of an OID subtree together with a bit string mask.
-The view table is indexed by the view name and subtree OID values.
-.PP
-[-Ce]
-.IP
-An optional flag to indicate that this view subtree should be excluded
-from the named view.
-If not specified, the default is to include the subtree in the view.
-When constructing a view from a mixture of included and excluded subtrees,
-the excluded subtrees should be defined first - particularly if the named
-view is already referenced in one or more access entries.
-.PP
-NAME
-.IP
-A string identifying a particular MIB view, of which this OID subtree/mask
-forms part (possibly the only part).
-.PP
-SUBTREE
-.IP
-The OID defining the root of the subtree to add to (or exclude from) the
-named view.
-.PP
-MASK
-.IP
-A bit mask indicating which sub-identifiers of the associated subtree OID
-should be regarded as significant.
-
-.SS deleteView \fRNAME SUBTREE\fP
-Delete an entry from the SNMPv3 view table, thus removing the subtree from
-the given MIB view.
-Removing the final (or only) subtree will result in the deletion of the view.
-The entry to be removed is indexed by the NAME and SUBTREE values, which
-should match those used in the corresponding
-.B createView
-command (or equivalent).
-.PP
-When removing subtrees from a mixed view (i.e. containing both included and
-excluded subtrees), the included subtrees should be removed first.
-
-.SS createAccess \fRGROUPNAME [CONTEXTPREFIX] MODEL LEVEL CONTEXTMATCH READVIEW WRITEVIEW NOTIFYVIEW\fP
-Create an entry in the SNMPv3 access table, thus allowing a certain level
-of access to particular MIB views for the principals in the specified group
-(given suitable security model and levels in the request).
-The access table is indexed by the group name, context prefix, security model
-and security level values.
-.PP
-GROUPNAME
-.IP
-The name of the group that this access entry applies to
-(as set up by a
-.B createSec2Group
-command, or equivalent)
-.PP
-CONTEXTPREFIX
-.IP
-A string representing a context name (or collection of context names)
-which this access entry applies to.
-The interpretation of this string depends on the value of the
-CONTEXTMATCH field (see below).
-.IP
-If omitted, this will default to the null context "".
-.PP
-MODEL
-.IP
-An integer representing the security model, taking one of the following
-values:
-.br
-1 - reserved for SNMPv1
-.br
-2 - reserved for SNMPv2c
-.br
-3 - User-based Security Model (USM)
-.PP
-LEVEL
-.IP
-An integer representing the minimal security level, taking one of the following
-values:
-.br
-1 - noAuthNoPriv
-.br
-2 - authNoPriv
-.br
-3 - authPriv
-.IP
-This access entry will be applied to requests of this level or higher
-(where authPriv is higher than authNoPriv which is in turn higher than
-noAuthNoPriv).
-.PP
-CONTEXTMATCH
-.IP
-Indicates how to interpret the CONTEXTPREFIX value.
-If this field has the value '1' (representing 'exact') then the context
-name of a request must match the CONTEXTPREFIX value exactly for this
-access entry to be applicable to that request.
-.IP
-If this field has the value '2' (representing 'prefix') then the initial
-substring of the context name of a request must match the CONTEXTPREFIX
-value for this access entry to be applicable to that request.
-This provides a simple form of wildcarding.
-.PP
-READVIEW
-.IP
-The name of the MIB view
-(as set up by
-.B createView
-or equivalent)
-defining the MIB objects for which this request may request the current values.
-.IP
-If there is no view with this name, then read access is not granted.
-.PP
-WRITEVIEW
-.IP
-The name of the MIB view
-(as set up by
-.B createView
-or equivalent)
-defining the MIB objects for which this request may potentially SET new values.
-.IP
-If there is no view with this name, then read access is not granted.
-.PP
-NOTIFYVIEW
-.IP
-The name of the MIB view
-(as set up by
-.B createView
-or equivalent)
-defining the MIB objects which may be included in notification request.
-.IP
-Note that this aspect of access control is not currently supported.
-
-.SS deleteAccess \fRGROUPNAME [CONTEXTPREFIX] MODEL LEVEL\fP
-Delete an entry from the SNMPv3 access table, thus removing the specified
-access control settings.
-The entry to be removed is indexed by the group name, context prefix,
-security model and security level values,
-which should match those used in the corresponding
-.B createAccess
-command (or equivalent).
-
-.SS createAuth \fRGROUPNAME [CONTEXTPREFIX] MODEL LEVEL AUTHTYPE CONTEXTMATCH VIEW\fP
-Create an entry in the Net-SNMP extension to the standard access table,
-thus allowing a certain type of access to the MIB view for the principals
-in the specified group.
-The interpretation of GROUPNAME, CONTEXTPREFIX, MODEL, LEVEL and CONTEXTMATCH
-are the same as for the
-.B createAccess
-directive.
-The extension access table is indexed by the group name, context prefix,
-security model, security level and authtype values.
-.PP
-AUTHTYPE
-.IP
-The style of access that this entry should be applied to.
-See
-.I "snmpd.conf(5)"
-and
-.I "snmptrapd.conf(5)"
-for details of valid tokens.
-.PP
-VIEW
-.IP
-The name of the MIB view
-(as set up by
-.B createView
-or equivalent)
-defining the MIB objects for which this style of access is authorized.
-
-.SS deleteAuth \fRGROUPNAME [CONTEXTPREFIX] MODEL LEVEL AUTHTYPE\fP
-Delete an entry from the extension access table, thus removing the specified
-access control settings.
-The entry to be removed is indexed by the group name, context prefix,
-security model, security level and authtype values,
-which should match those used in the corresponding
-.B createAuth
-command (or equivalent).
-
-.SH EXAMPLES
-.PP
-Given a pre-existing user
-.I dave
-(which could be set up using the
-.I snmpusm(1)
-command),
-we could configure full read-write access to the whole OID tree
-using the commands:
-
-.IP
-snmpvacm localhost createSec2Group 3 dave RWGroup
-.IP
-snmpvacm localhost createView all .1 80
-.IP
-snmpvacm localhost createAccess RWGroup 3 1 1 all all none
-.PP
-This creates a new security group named "RWGroup" containing the SNMPv3 user "dave",
-a new view "all" containing the full OID tree based on
-.I .iso(1)
-, and then allows those users in the group "RWGroup" (i.e. "dave")
-both read- and write-access to the view "all" (i.e. the full OID tree)
-when using authenticated SNMPv3 requests.
-
-.PP
-As a second example,
-we could set up read-only access to a portion
-of the OID tree using the commands:
-
-.IP
-snmpvacm localhost createSec2Group 3 wes ROGroup
-.IP
-snmpvacm localhost createView sysView system fe
-.IP
-snmpvacm localhost createAccess ROGroup 3 0 1 sysView none none
-.PP
-This creates a new security group named "ROGroup" containing the (pre-existing)
-user "wes", a new view "sysView" containing just the OID tree based on
-.I .iso(1).org(3).dod(6).inet(1).mgmt(2).mib-2(1).system(1)
-, and then allows those users in the group "ROGroup" (i.e. "wes")
-read-access, but not write-access to the view "sysView" (i.e. the system group).
-
-.SH "EXIT STATUS"
-
-.PP
-The following exit values are returned:
-.PP
-0 - Successful completion
-.PP
-1 - A usage syntax error (which displays a suitable usage message)
-or a request timeout.
-.PP
-2 - An error occurred while executing the command
-(which also displays a suitable error message).
-
-.SH "LIMITATIONS"
-
-This utility does not support the configuration of new community strings,
-so is only of use for setting up new access control for SNMPv3 requests.
-It can be used to amend the access settings for existing community strings,
-but not to set up new ones.
-
-.PP
-The use of numeric
-parameters for
-.B secLevel
-and
-.B contextMatch
-parameters is less than intuitive.
-These commands do not provide the full flexibility of the
-equivalent config file directives.
-
-.PP
-There is (currently) no equivalent to the one-shot
-configure directives
-.I rouser
-and
-.I rwuser.
-
-.SH "SEE ALSO"
-snmpcmd(1), snmpusm(1),
-snmpd.conf(5), snmp.conf(5), RFC 2575, Net-SNMP project FAQ