Example creation of a user with custom capabilities

The commands carry out the following operations:

• Create the following roles:
  • “only_ssh” is allowed to log in only via ssh
  • “qtree_commands” can run any qtree command in the CLI.
• Create the following group:
  • “ssh_qtree_admins” is allowed to log in only via ssh and run the qtree commands in the CLI, using the two roles created in the previous step.
• Create a user, “wilma” and assign that user to the ssh_qtree_admins group. As a member of the ssh_qtree_admins group, user wilma now inherits the capabilities from the roles assigned to that group.

• Display the details and capabilities inherited by the new user wilma.

toaster> useradmin role add only_ssh -a login-ssh 
Role <only_ssh> added.
Thu Apr 22 10:50:05 PDT [toaster: useradmin.added.deleted:info]: The role 'only_ssh' has been added.

toaster> useradmin role add qtree_commands -a cli-qtree*,api-qtree-*
Role <qtree_commands> added.
Thu Apr 22 10:51:51 PDT [toaster: useradmin.added.deleted:info]: The role 'qtree_commands' has been added.

toaster> useradmin group add ssh_qtree_admins -r only_ssh,qtree_commands
Group <rsh_qtree_admins> added.
Thu Apr 22 10:53:07 PDT [toaster: useradmin.added.deleted:info]: The group 'ssh_qtree_admins' has been added.

toaster> useradmin user add wilma -g ssh_qtree_admins
New password:
Retype new password:
User <wilma> added.
Thu Apr 22 10:54:43 PDT [toaster: useradmin.added.deleted:info]: The user 'wilma' has been added.

toaster> useradmin user list wilma
Name: wilma                           
Info: 
Rid: 131074
Groups: ssh_qtree_admins
Full Name:
Allowed Capabilities: login-ssh,cli-qtree*,api-qtree-*