artexset Command

Purpose

The artexset command applies an AIX® Runtime Expert profile to a system. The profile contains values for parameters that are to be set on the system.

Syntax

artexset [-c][-d][-r][-R][-F][-l {dynamic|noreboot|reboot|all}][|-v][-g categories][-g level] profile   
artexset -u [-q|-v][-g categories][-g level]    
artexset -t [-q|-v][-g categories] [-g level] profile 
artexset -p [-F][-l {dynamic|noreboot|reboot|all}][-q|-v][-g categories][-g level] profile
artexset -b [-q|-v][-g categories][-g level] profile 
artexset -x [-q|-v][-g categories][-g level] profile

Description

The artexset command applies an AIX Runtime Expert profile to a system. The profile contains values for parameters that are to be set on the system. This command also allows you to verify the accuracy of setting the parameters for a profile, preview the parameters that the command changes, enable and disable the ability to set the profile parameters during boot time, and rollback to a previous profile.

When the –t option is specified, the command tests the correctness of the profile. The command checks whether the profile has the correct XML format. Also, it checks whether the parameters defined in the profile are valid and supported by AIX Runtime Expert.

When the –p option is specified, the parameters for the profile are not set but rather the parameters that would change are identified. Only the parameter values that would change are listed in the output. For example, if the parameter value on the system is same as the parameter value in the profile, the parameter would not be listed in the output since the parameter value is not affected by the command.

By default, this command creates a rollback profile. The rollback profile allows you to undo a profile change if needed. If the –R option is specified, the command does not create a rollback profile.

If you want to rollback to a previous state, use the -u option. One level of rollback is supported. For example, after a rollback is complete, you cannot perform another subsequent rollback until artexset is run again to set the parameters.

When –b option specified, the parameters are set during each system boot. This option can be disabled by using the -x option.

With the -l option, you can set a subset of the parameters that are noted in the profile. If the -l option is not specified, all parameters listed in the profile are applied only if none of the parameters require a reboot. If dynamic selection criteria (-l dynamic) is specified, all parameters that do not require a reboot, disruptive action, like stopping and restarting a service, or unmounting and mounting a file system are set. If noreboot selection criteria (-l noreboot) is specified, all parameters that do not need a reboot are set. If the selection criteria reboot (-l reboot) is specified, all parameters that require a reboot are set. If the selection criteria all (-l all) is specified, then all parameters are set.

The specified profile can be on the local file system using a relative or absolute path or on an LDAP server.

Flags

Item Description
-g categories Displays debug messages for the specified coma-separated list of categories. This option is useful while you write new catalog files. The available categories follow:
  • ALL: Includes all of the following categories.
  • COMMANDS: Prints information about the AIX command that is being run.
  • DISCOVERY: Prints information about the discovery commands that are being run.
  • THREADS: Prints information about threads that are being run within the framework.
  • PARSING: Prints information about the parsing of profile and catalog files.
  • FLOW: Prints information about the progress of the operation.
Note: The default category is ALL.
-g level Specifies the verbosity of the debug traces, as an integer in the range of 0 (no debug traces) - 3 (most verbose level). The default level is 0.
-q Indicates to ignore non-fatal warning messages.
-c Indicates to verify that the command set the values and that they were successfully applied to the system. If they were not successfully applied, then the artexset operation is aborted.
-r Indicates to rollback if a failure occurs.
-l {dynamic|noreboot|reboot|all} Specifies the level to which to apply the parameters. The -l flag has the following options:
  • The dynamic variable indicates to apply non-disruptive parameters only.
  • The noreboot variable indicates to apply all parameters that do not need a reboot.
  • The reboot variable indicates to apply only the parameters that have a reboot constraint.
  • The all variable indicates to apply all parameters, including the ones that need a reboot.
-R Specifies to not create a rollback profile.
-b Indicates to enable the master profile, which is also referred to as the boot profile.
-x Indicates to disable the master profile, which is also referred to as the boot profile. This flag is the opposite of the -b option. If the -x option is specified, no profile parameter is required.
-t Indicates to test if the values listed in the profile are valid tunables, as recognized by the runtime system.
-p Specifies to preview setting the parameters but does not set the parameters for the profile. This flag identifies which parameters would change as a result of issuing this command. The output lists what parameters would change, what services would restart, and whether the system would need to restart, if the profile is applied. Only the parameter values that would change are listed in the output. For example, if the parameter value on the system is same as the parameter value in the profile, the parameter would not be listed in the output since the parameter value is not affected by the command.
-u Indicates to rollback the parameter values of the last applied profile, as they were prior to issuing the last artexset command. To do this, the command applies the values stored in the /etc/security/artex/latest_rollback.xml profile. If the -u option is specified, no profile parameter is required.
-d Allows the discover method to run prior to the set operation. This flag sets all instances of parameters that have the setDiscover attribute to the same value. This flag is optional.
-v Displays the warning and error messages generated by the AIX commands that are run during the processing of the artexset command.
Note: This optional flag cannot be used with the -q flag.
-F Sets values for all parameters, even if the parameter is already set to the required value.
Note: This flag is optional.

Parameters

Item Description
profile This is a mandatory file, except when the -x or -u option is specified. The file specified includes a list of the tunable parameters.

Exit Status

Item Description
0 The command completed successfully
>0 An error occurred.

Security

Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand. To get the full functionality of the command, besides the accessauths, the role should also have the following authorizations:
  • aix.security.user.audit
  • aix.security.role.assign
  • aix.security.group.change
  • aix.security.user.change

Files Accessed:

Mode File
rw /etc/passwd
rw /etc/security/user
rw /etc/security/user.roles
rw /etc/security/limits
rw /etc/security/environ
rw /etc/group
rw /etc/security/group
r /usr/lib/security/artexset.default
x /usr/lib/security/artexset.sys

Auditing Events:

Event Information
USER_Create user

Examples

The following example illustrates how to set all parameters defined in the profile local_profile.xml.

artexset -l all local_profile.xml

The following example illustrates how to check the correctness of the ldap_profile.xml profile stored on an LDAP server.

artexset -t ldap://ldap_profile.xml

The following example illustrates how to enable applying the profile /tmp/boot_profile.xml at every system restart.

artexset -b /tmp/boot_profile.xml

The following example illustrates how to disable applying a profile at every system restart.

artexset -x

The following example illustrates how to rollback the parameters to the values prior to previous issue of the artexset command.

artexset -u