~egtann/sum

ref: 3ad06d2ce33f600fad1f43c140160a67ade13a55 sum/man/man1/sf.1 -rw-r--r-- 1.6 KiB
3ad06d2c — Evan Tann add sf.conf.5 man page 9 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
.Dd $Mdocdate$
.Dt SF 1
.Os
.Sh NAME
.Nm sf
.Nd declarative sql user management
.Sh SYNOPSIS
.Nm sf
.Bk -words
.Op Fl d
.Op Fl f Ar file
.Op Fl H Ar host
.Op Fl P Ar port
.Op Fl p Ar password
.Op Fl ssl-key Ar key Fl ssl-ca Ar ca Fl ssl-cert Ar cert Fl ssl-server Ar name
.Op Fl u Ar user
.Ek
.Sh DESCRIPTION
The
.Nm
utility applies privileges in your sql database according to
.Xr sf.conf 5 .
It wipes existing privileges and re-applies new ones, whitelisting and
blacklisting access to databases, tables, statements, and columns on a per-user
basis.
.Nm
is declarative; it will produce the same privileges on each run and is safe to
run multiple times.
.Pp
Only MySQL v5.7 is currently supported.  MariaDB is not compatible.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl d
Dry run.  Print JSON of all denied columns to stdout without modifying the
database directly.
.It Fl f Ar file
Update the current privileges with the rules contained in
.Ar file .
This
.Ar file
may contain macros and privilege rules.
.It Fl p Ar password
The password for the SQL
.Ar user .
If not provided, the password will be requested via stdin.
.El
.Pp
.Bl -tag -width xxxxxxxxxxxxxxxx -compact
.It Fl ssl-ca Ar ca
PEM file containing the server CA.
.It Fl ssl-cert Ar cert
PEM file containing the client certificate.
.It Fl ssl-key Ar key
PEM file containing the client key.
.It Fl ssl-server Ar name
SQL server name for TLS.
.El
.Pp
.Bl -tag -width Ds
.It Fl u Ar user
User in the SQL database.  Must have the GRANT privilege.
.El
.Sh EXIT STATUS
.Ex -std
.Sh SEE ALSO
.Xr sf.conf 5
.Sh AUTHORS
.An Evan Tann Aq Mt os@evantann.com