passwd_override(5) OSF passwd_override(5)
NAME [Toc] [Back]
passwd_override - The registry database override file
DESCRIPTION [Toc] [Back]
The dcelocal/etc/passwd_override administrative file lets you override
the password, GECOS, home directory, login shell, group membership,
and principal UNIX ID information stored in the network registry
database.
The passwd_override file is stored on each host machine. Any changes
you make to it are in effect for the local machine only, and have no
effect on the centralized registry. You may find passwd_override
especially useful for excluding people from using certain machines,
establishing local root passwords, or tailoring local user
environments.
The passwd_override File Format [Toc] [Back]
The format of the passwd_override entries is similar to entries in the
UNIX password file. The format is
principal_name:passwd:principal_uid:group_id:GECOS:home_dir:login_shell
In an override entry, principal_name, principal_uid, and group_id
fields are keyfields. You must enter one of them to identify the
principal or group to which the overrides apply. The keyfield is used
to perform a lookup in the override file. The lookup is performed in
order as the entries are specified in an override entry: first by
principal name, then by principal UNIX ID, and finally by group UNIX
ID. If you specify more than one keyfield in an override entry, the
first keyfield specified is used as the lookup key; subsequent
keyfields are used as overrides.
Field Descriptions [Toc] [Back]
Each of the entries in the passwd_override file is described below.
principal_name
A keyfield that contains a principal name that identifies
the account to which the overrides apply. Enter
principal_name to apply the override only to the account for
the principal's primary name and not to any accounts for the
principal's aliases.
passwd The encrypted password. If you specify an override in this
field, the password you enter is in effect for this local
machine only.
When you override a principal's password, only the
principal's local credentials are obtained at login, not the
principal's network credentials. Without network
Hewlett-Packard Company - 1 OSF DCE 1.1/HP DCE 1.8 PHSS_28386-88
passwd_override(5) Open Software Foundation passwd_override(5)
credentials, the principal cannot access the network
registry and obtain the information normally provided at
network login. Therefore, you must supply all this
information in the password_override file entry. For
overrides to passwords, you must enter all fields in the
override entry, including all keyfields.
You can also specify OMIT in the passwd field to disallow
login on the local machine. The use of OMIT in conjunction
with an option to the passwd_export command also prevents
the inclusion of this principal in the password file created
by passwd_export. (See the section entitled "Using OMIT,"
later in this command reference, for details.)
principal_uid
An encrypted principal UNIX ID. This field can function as a
keyfield (when the principal_name keyfield is not entered)
or as an override field (when the principal_name keyfield is
entered). Enter principal_uid and not principal_name when
you want to apply the overrides to all of a principal's
accounts, including any accounts for the principal's
aliases. The principal_uid keyfield is especially useful for
overrides to root. For example, if root has an alias of
virtuoso, an override keyed by principal name applies only
when root logs in as root. An override keyed by root's
principal_uid applies when root logs in as root, as
virtuoso, and under any other alias.
Enter principal_uid and principal_name to override the UNIX
ID of the named principal.
group_id A UNIX group ID. This field can function as a keyfield, when
no other keyfields are entered, or as a field containing an
override, when entered in conjunction with principal_name or
principal_uid.
Enter group_uid and no other keyfield (principal_name or
principal_uid) to apply the override to all members of the
group identified by group_uid. In this instance the
group_uid field functions as a keyfield, identifying the
accounts to which to apply the overrides (that is, accounts
whose principal is a member of the specified group).
Enter group_uid and principal_name to change the group of
the principal identified by principal_name to the group
identified by group_uid. The change applies only to the
account for the principal's primary name, not to any
accounts for the principal's aliases. Enter group_uid and
principal_uid to apply the group override to all of the
principal's accounts, including any for the principal's
aliases. In these instances the group_uid field functions
Hewlett-Packard Company - 2 OSF DCE 1.1/HP DCE 1.8 PHSS_28386-88
passwd_override(5) Open Software Foundation passwd_override(5)
as a field supplying override information, not as a
keyfield.
GECOS The account's GECOS field. You can specify an override in
this field. To keep it unchanged, leave it empty.
home_dir The account's home directory. You can specify an override
in this field. To keep it unchanged, leave it empty.
login_shell
The account's log-in shell. You can specify an override in
this field. To keep it unchanged, leave it empty.
Leaving Fields Blank [Toc] [Back]
If you do not want to override an item, leave its field blank,
separating each blank field with a : (colon). (You must enter one of
the keyfields, however, to identify the principal or group for which
you are creating overrides.) You are required to enter the colons
associated with any blank trailing fields.
Using OMIT [Toc] [Back]
If you enter either the word OMIT or another invalid password string
(such as * (asterisk) or NO GOOD) in the passwd field, the principal
(or set of principals) will be unable to log in to the local machine.
If you specify OMIT and run passwd_export with the -x option, the
named principal (or set of principals) will not appear in the
/etc/passwd file produced by passwd_export.
You should also be aware that, if you have omitted principials from
the /etc/passwd file, information about those principals will not be
available to any programs that use the password file. For example,
the ls -l and the finger commands both access the password file to
obtain further information about a principals. If the principal is
omitted, no password entry will exist and no information will be
available. For this reason, you should use OMIT to omit principals
from the /etc/passwd file only if your user community is very large
and either of the following conditions occur:
+ The passwd file is taking up too much space.
+ User-ID-to-name mapping is too slow (during ls -l, for example).
NOTES [Toc] [Back]
Root can update entries in the override file for the local host by
using the passwd utility. Refer to the passwd reference page for
details.
Hewlett-Packard Company - 3 OSF DCE 1.1/HP DCE 1.8 PHSS_28386-88
passwd_override(5) Open Software Foundation passwd_override(5)
EXAMPLES [Toc] [Back]
1. To prevent the principal with a UNIX ID of 52 from logging in to
the local machine, the entry in the passwd_override file is as
follows:
:exclude:52::::
2. To prevent members of the group identified by a UNIX ID of 25
from logging in to a node and to omit them from inclusion in the
password file, put OMIT in the passwd field:
:OMIT::25:::
Then run the following passwd_export command with the -x option
to omit these principals from /etc/passwd file:
dcelocal/etc/passwd_export -x
3. To change the password, home directory, and initial shell for
mozart's account, the entry is as follows:
mozart:sq1Rc1Urrb1L6:678:893:Wolfgang A. Mozart:/aria/wolfgang:/bin/csh
4. To override the home directory for the account identified by
mozart the entry is as follows:
mozart:::::/aria/wolfgang
RELATED INFORMATION [Toc] [Back]
Commands: crypt(1), passwd(1), finger(1), login(1), adduser(8),
rgy_edit(1m), passwd_export(1m)
Functions: getpwent(3)
Files: group(5)
Hewlett-Packard Company - 4 -�OSF DCE 1.1/HP DCE 1.8 PHSS_28386-88 [ Back ] |
