~egtann/sum

ref: 37470e193a07d9e9161fa9d7020a7a628a07371d sum/man/man1/sf.1 -rw-r--r-- 1.6 KiB
37470e19 — Evan Tann improve sf.1 formatting 11 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
.Dd $Mdocdate$
.Dt SF 1
.Os
.Sh NAME
.Nm sf
.Nd declarative sql user management
.Sh SYNOPSIS
.Nm sf
.Bk -words
.Op Fl d
.Op Fl f Ar file
.Op Fl H Ar host
.Op Fl P Ar port
.Op Fl p Ar password
.Op Fl ssl-key Ar key Fl ssl-ca Ar ca Fl ssl-cert Ar cert Fl ssl-server Ar name
.Op Fl u Ar user
.Ek
.Sh DESCRIPTION
The
.Nm
utility enforces privileges in your sql database according to
.Xr sf.conf 5 .
It wipes existing privileges and re-applies new ones, whitelisting and
blacklisting access to databases, tables, statements, and columns on a per-user
basis.
.Nm
is declarative; it will produce the same privileges on each run and is safe to
run multiple times.
.Pp
Only MySQL v5.7 is currently supported. MariaDB is not compatible.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl d
Dry run. Print JSON of all denied columns to stdout without modifying the
database directly.
.It Fl f Ar file
Update the current privileges with the rules contained in
.Ar file .
This
.Ar file
may contain macros, tables, and privilege rules.
.It Fl p Ar password
The password for the SQL
.Ar user .
If not provided, the password will be requested via stdin.
.El
.Pp
.Bl -tag -width xxxxxxxxxxxxxxxx -compact
.It Fl ssl-ca Ar ca
PEM file containing the server CA.
.It Fl ssl-cert Ar cert
PEM file containing the client certificate.
.It Fl ssl-key Ar key
PEM file containing the client key.
.It Fl ssl-server Ar name
SQL server name for TLS.
.El
.Pp
.Bl -tag -width Ds
.It Fl u Ar user
User in the SQL database. Must have the GRANT privilege.
.El
.Sh EXIT STATUS
.Ex -std
.Sh SEE ALSO
.Xr sf.conf 5
.Sh AUTHORS
.An Evan Tann Aq Mt os@evantann.com