5 1 0:Administering ACLs from the Command Line


Welcome to the latest SEP sesam documentation version 5.1.0 Apollon. For previous documentation version(s), check documentation archive.


Overview


An access control list (ACL) is a list of permissions attached to an object (e.g., client, location, backup, etc.). The ACLs configuration in SEP sesam is version specific.

ACLs can be administered in the command line by using sm_cmd command with the appropriate superuser (previously admin) rights.

sm_cmd reset user

To reset a user password, log in to SEP sesam Server console and enter the following command:

sm_cmd reset user <ID or name>

The output of the above command is shown in the example.

Example:
In this example, the user name is mustermann.

sm_cmd reset user mustermann
C:\Program Files\SEPsesam\bin\sesam>sm_cmd reset user mustermann
bouryper39
  Note
After resetting a user password in the command line, you have to change a password under the Permission Management in the GUI. For details, see Changing password in the GUI.

sm_cmd list acl

You can check all objects which have ACLs defined by using sm_cmd list acl command.
Example:
If you want to check the user ID, use list acl command (ID: 10, Name: mustermann). The output of the command is shown in the example.

G:\Jenkins\master-w86\su\src\msi>sm_cmd list acl
id      object  label   origin  value
1       2       HIGHSECURITY    Locations       [{ID: 3, Type: GROUP, Name: RESTORE, Permissions: [Access : Deny]}, 
{ID: 10, Type: USER, Name: mustermann, Permissions: [Access : Allow]}]
2       7       SEP/Hyper-V     Locations       [{ID: 3, Type: GROUP, Name: RESTORE, Permissions: [Access : Deny]}, 
{ID: 7, Type: USER, Name: restricted_user, Permissions: [Access : Deny]}, 
{ID: 5, Type: USER, Name: restore, Permissions: [Access : Allow]}] 

sm_cmd check acl

You can check the access to a specific object for a specific user by using sm_cmd check acl command together with an object ID, the object origin and a username.
Examples:

  • Check access to the locations object with ID 2 for administrators:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Locations 2
  • Check access to the locations object with ID 2 for user restore:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Locations 2 -u restore
  • Check access to the clients object with ID 0 for administrators:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Clients 0
  • Check access to the clients object with ID 0 for user restricted_user:
C:\Program Files\SEPsesam\bin\gui>sm_cmd check acl -o Clients 0 -u restricted_user

sm_cmd remove acl

You can also delete all configured ACLs by using sm_cmd remove acl all command. In this case the users get default user access rights that are based on predefined user type:


See also

Using Access Control ListsUsing ACLs in v. ≤ Beefalo V2About Authentication and AuthorizationSEP sesam CLI

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.