passmgmt(1M) passmgmt(1M)
passmgmt - password files management
passmgmt -a options name
passmgmt -m options name
passmgmt -d name
The passmgmt command updates information in the password files. This
command works with both /etc/passwd and /etc/shadow. If there is no
/etc/shadow, any changes made by passmgmt will only go into /etc/passwd.
If the shadow file is not present, the -f and -e options have no effect,
because the data fields they modify are not present in the base password
file.
passmgmt -a
adds an entry for user name to the password files.
passmgmt -a +name
adds an NIS entry to the password files. This command does not create
any directory for the new user and the new login remains locked (with the
string *LK* in the password field) until the passwd(1) command is
executed to set the password.
passmgmt -m
modifies the entry for username in the password files. The name field in
the /etc/shadow entry and all the fields (except the password field) in
the /etc/passwd entry can be modified by this command. Only fields
entered on the command line will be modified.
passmgmt -d
deletes the entry for username from the password files. It will not
remove any files that the user owns on the system; they must be removed
manually.
passmgmt -f days
sets the period of inactivity for username in the shadow password file.
passmgmt -e when
sets the expiration date for the account. The when argument is an input
string to the getdate(3) routine. If the environment variable DATEMSK is
not set, the file /etc/datemsk is used by getdate to process this input
argument. Errors from getdate processing are reported. Expiration dates
Page 1
passmgmt(1M) passmgmt(1M)
must be greater than today.
The following options are available:
-ccomment A short description of the login. It is limited to a maximum
of 128 characters and defaults to an empty field.
-hhomedir Home directory of name. It is limited to a maximum of 256
characters and defaults to /usr/people.
-uuid UID of the name. This number must range from 0 to the
maximum non-negative value for the system. It defaults to
the next available UID greater than 99. For an NIS entry,
the default is 0. Without the -o option, it enforces the
uniqueness of a UID.
-o This option allows a UID to be non-unique. It is used only
with the -u option.
-ggid GID of the name. This number must range from 0 to the
maximum non-negative value for the system. The default is 1
for a local entry and 0 for an NIS entry.
-sshell Login shell for name. It should be the full pathname of the
program that will be executed when the user logs in. The
maximum length of shell is 255 characters. The default is
for this field to be set to /bin/sh.
-llogname This option changes the name to logname. It also can change
a local entry to an NIS entry by
passmgmt -m -l +name name
or change an NIS entry to a local entry by
passmgmt -m -l name +name
It is used only with the -m option.
The total size of each login entry is limited to a maximum of 4095 bytes
(BUFSIZ-1, defined in /usr/include/stdio.h) in each of the password
files.
If the Share II system is installed and enabled, then passmgmt
automatically creates and deletes lnodes as well as updating the password
and shadow password files. Normally, only superusers are able to use
passmgmt, but if Share II is installed and enabled, then any user with a
set admin or uselim flag can also use it.
Page 2
passmgmt(1M) passmgmt(1M)
passmgmt -a checks for an lnode with a UID equal to the UID of the
newly-created entry in the password files. If such an lnode already
exists, then it is left untouched. If such an lnode does not exists and
the invoker has a set uselim flag, then a new lnode is created and the
parent (sgroup) of the newly created lnode is initialized as the lnode
other, or if no such lnode exists, root.
If passmgmt -m is used to alter the UID of an existing user (the -u
option), then a new lnode is created with the new UID. If such an lnode
already exists, then it is left untouched. If the original UID was
unique, then the old lnode is deleted. The contents of the old lnode are
not copied to the new lnode.
passmgmt -d
deletes the lnode having the UID of the deleted password entry, if that
UID was unique.
Users with only a set admin flag (subadministrators) are subject to the
following restrictions:
o If using passmgmt -a to add a nonunique UID (with -o), then an lnode
with that UID must already exist, and must be a member of the
invoker's scheduling group.
o If using passmgmt -a to add a unique UID, then there must not exist
any orphan lnodes which already have that UID as their lost parent
(sgroup). If this criterion is satisfied, than a new lnode is
created blank and initialized with the invoker's lnode as its parent
(sgroup).
o If using passmgmt -m to perform any modification to a user, then the
modified user's lnode must exist and be a member of the invoker's
scheduling group.
o If a user's UID is changed using passmgmt -m -u, then if the new UID
is not unique (the -o option was used), an lnode with that UID must
already exist and be a member of the invoker's scheduling group.
Otherwise, if the new UID is unique, a new lnode is created blank and
initialized with the invoker's lnode as its parent (sgroup). In both
cases, the original lnode of the user is deleted if it was unique in
the passwd file.
o If using passmgmt -d to delete a user, then the deleted user's lnode
must exist, be a member of the invoker's scheduling group and have no
child lnodes.
The passmgmt -m -u command will erase all usage, limit, privilege, and
accumulated accounting information of the user whose UID is altered.
Page 3
passmgmt(1M) passmgmt(1M)
/etc/passwd
/etc/shadow
/etc/opasswd
/etc/oshadow
/etc/limconf
passwd(1), ypchpass(1), yppasswd(1), passwd(4), shadow(4).
The passmgmt command exits with one of the following values:
0 SUCCESS.
1 Permission denied.
In the case where the Share II system is enabled, it means that the
invoker is not the superuser, and does not have a set uselim or
admin flag. Otherwise, the invoker is a user with only a set admin
flag (subadministrator), but is violating one of the restrictions
described above.
2 Invalid command syntax. Usage message of the passmgmt command will
be displayed.
3 Invalid argument provided to an option.
4 UID in use.
In the case where the Share II system is enabled, it means that the
lnode is active (that is, has processes attached) and, hence, cannot
be deleted.
5 Inconsistent password files (e.g., name is in the /etc/passwd file
and not in the /etc/shadow file, or vice versa).
6 Unexpected failure. Password files unchanged.
In the case where the Share II system is enabled, it means that
passmgmt ran out of memory, or was unable to create or delete an
lnode for an unknown reason.
7 Unexpected failure. Password file(s) missing.
8 Password file(s) busy. Try again later. A
9 name does not exist (if -m or -d is specified), already exists (if
-a is specified), or logname already exists (if -m -l is specified).
Page 4
passmgmt(1M) passmgmt(1M)
You cannot use a colon or <cr> as part of an argument because it will be
interpreted as a field separator in the password file.
If the shadow file is used, the NIS entries get the password from the
shadow file exclusively and must have an entry for each NIS user name.
This will not permit the use of the general NIS entry, +::0:0:::, or
netgroup expansions.
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 5�5�5�5 [ Back ]
|
