rmlpcmd Command

Purpose

Removes one or more least-privilege (LP) resources from the resource monitoring and control (RMC) subsystem.

Syntax

To remove one or more LP resources:
  • From the local node:

    rmlpcmd [-h] [-TV] resource_name1 [ , resource_name2 , … ]

  • From all nodes in a domain:

    rmlpcmd -a [-h] [-TV] resource_name1 [ , resource_name2 , … ]

  • From a subset of nodes in a domain:

    rmlpcmd -n host1 [,host2,…] [-h] [-TV] resource_name1 [ , resource_name2 , … ]

Description

The rmlpcmd command removes one or more LP resources from the RMC subsystem. An LP resource is a root command or script to which users are granted access based on permissions in the LP access control lists (ACLs). You can use the rmlpcmd command to remove LP resources from particular nodes or all nodes in a domain. If you want to remove locked LP resources, you must first use the chlpcmd command to unset the resource's Lock attribute.

This command runs on any node. If you want this command to run on all of the nodes in a domain, use the -a flag. If you want this command to run on a subset of nodes in a domain, use the -n flag. Otherwise, this command runs on the local node.

Flags

-a
Removes one or more LP resources from all nodes in the domain. The CT_MANAGEMENT_SCOPE environment variable's setting determines the cluster scope. If CT_MANAGEMENT_SCOPE is not set, the LP resource manager uses scope settings in this order:
  1. The management domain, if it exists
  2. The peer domain, if it exists
  3. Local scope
The rmlpcmd command runs once for the first valid scope that the LP resource manager finds. For example, suppose a management domain and a peer domain exist and the CT_MANAGEMENT_SCOPE environment variable is not set. In this case, rmlpcmd –a runs in the management domain. To run rmlpcmd –a in the peer domain, you must set CT_MANAGEMENT_SCOPE to 2.
-n host1[,host2,…]
Specifies one or more nodes in the domain from which the LP resource is to be removed. By default, the LP resource is removed from the local node. The –n flag is valid only in a management or peer domain. If the CT_MANAGEMENT_SCOPE variable is not set, the LP resource manager uses scope settings in this order:
  1. The management domain, if it exists
  2. The peer domain, if it exists
  3. Local scope

The rmlpcmd command runs once for the first valid scope that the LP resource manager finds.

-h
Writes the command's usage statement to standard output.
-T
Writes the command's trace messages to standard error.
-V
Writes the command's verbose messages to standard output.

Parameters

resource_name1[,resource_name2,...]
Specifies one or more LP resources to be removed.

Security

To run the rmlpcmd command, you need read and write permission in the Class ACL of the IBM.LPCommands resource class. Permissions are specified in the LP ACLs on the contacted system. See the lpacl file for general information about LP ACLs and the RSCT Administration Guide for information about modifying them.

Exit Status

0
The command has run successfully.
1
An error occurred with RMC.
2
An error occurred with the command-line interface (CLI) script.
3
An incorrect flag was specified on the command line.
4
An incorrect parameter was specified on the command line.
5
An error occurred with RMC that was based on incorrect command-line input.
6
The resource was not found.

Environment Variables

CT_CONTACT
Determines the system that is used for the session with the RMC daemon. When CT_CONTACT is set to a host name or IP address, the command contacts the RMC daemon on the specified host. If CT_CONTACT is not set, the command contacts the RMC daemon on the local system where the command is being run. The target of the RMC daemon session and the management scope determine the LP resources that are processed.
CT_MANAGEMENT_SCOPE
Determines the management scope that is used for the session with the RMC daemon to process the LP resource. The management scope determines the set of possible target nodes where the resource can be processed. The valid values are:
0
Specifies local scope.
1
Specifies local scope.
2
Specifies peer domain scope.
3
Specifies management domain scope.

If this environment variable is not set, local scope is used.

Implementation Specifics

This command is part of the Reliable Scalable Cluster Technology (RSCT) fileset for AIX®.

Standard Output

When the -h flag is specified, this command's usage statement is written to standard output. When the -V flag is specified, this command's verbose messages are written to standard output.

Standard Error

All trace messages are written to standard error.

Examples

  1. To remove an LP resource named LP1, enter: 
    rmlpcmd LP1
  2. To remove LP resources LP1 and LP2, enter: 
    rmlpcmd LP1 LP2

Location

/usr/sbin/rsct/bin/rmlpcmd
Contains the rmlpcmd command