artexmerge Command

Purpose

The artexmerge command merges two or more profiles.

Syntax

artexmerge [-q] [-v | -t] [-f] [-m {comment}] [-V {version}][-g categories] [-g level] profile . . .

Description

The command artexmerge merges two or more profiles and displays the output to stdout. You can also save the output to a file using the redirector (>).

When merging the profiles, the command returns an error if a parameter exists in more than one profile, with different values. To override this error condition, use the -f option. The -f option indicates to use the parameter and value from the last profile listed in the command syntax.

The artexmerge command validates the parameters of the profiles specified to be merged. If the –v option is specified, the parameters for each profile specified are verified prior to the merge. If the –t option is specified, the parameters are verified in the merged profile, after the profiles are merged. These two options are mutually exclusive.

You can add comment and version number to the profile. If you specify the –m option with a comment, the comment is included in the output profile. If you specify the –V option with a user revision number, the version number of the output profile is updated and the revision number set to the user-specified revision number.

The specified profiles can exist on the local file system using a relative or absolute path or on an LDAP server.

Flags

Item	Description
-g categories	Displays debug messages for the specified coma-separated list of categories. This option is useful while you write new catalog files. The available categories follow: ALL: Includes all of the following categories. COMMANDS: Prints information about the AIX® command that is being run. DISCOVERY: Prints information about the discovery commands that are being run. THREADS: Prints information about threads that are being run within the framework. PARSING: Prints information about the parsing of profile and catalog files. FLOW: Prints information about the progress of the operation. Note: The default category is ALL.
–g level	Specifies the verbosity of the debug traces, as an integer in the range of 0 (no debug traces) - 3 (most verbose level). The default level is 0.
-q	Allows users to ignore the nonfatal warning messages. The ignored messages are not displayed on the screen. This is an optional flag. Note: This flag cannot be used with the -v flag.
-v	Displays the warning and error messages generated by the AIX commands that are run during the processing of the artexmerge command. The messages are displayed on the `stderr`. This is an optional flag. Note: This flag cannot be used with the -q flag.
-t	Indicates to verify the parameters in the merged profile, rather than prior to the merge.
-f	Indicates to force the merge. If two or more profiles contain the same parameter with different values, indicates to use the value of the parameter included in the last profile.
-m {comment }	Allows users to add comments to the profile. If the -m flag is used, the specified comment is added to the resulting profile.
-V {version}	Sets the user revision number of the resulting profile. By default, the revision number of the resulting profile is set to 0. This is an optional flag.

Parameters

Item	Description
profile . . .	Lists the filenames of the profiles to merge, separated by a space. For example, `profileA profileB profileC`.

Exit Status

Item	Description
0	The command completed successfully.
>0	An error occurred.

Security

Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand. To get the full functionality of the command, besides the accessauths, the role should also have the following authorizations:

aix.security.user.audit
aix.security.role.assign
aix.security.group.change
aix.security.user.change

Files Accessed:

Mode	File
rw	/etc/passwd
rw	/etc/security/user
rw	/etc/security/user.roles
rw	/etc/security/limits
rw	/etc/security/environ
rw	/etc/group
rw	/etc/security/group
r	/usr/lib/security/artexmerge.default
x	/usr/lib/security/artexmerge.sys

Auditing Events:

Event	Information
USER_Create	user

Examples

The following example illustrates how to combine profiles located on a LDAP server and on a local file system.

artexmerge /tmp/no_profile1.xml ldap://ldap_raso_profile.xml /data/nfs_profile.xml

The following example illustrates how to combine two profiles with duplicate parameters and save as merged_profile.xml.

artexmerge –f profile1.xml profile2.xml > merged_profile.xml