Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

edauth(8) [ultrix man page]

edauth(8)						      System Manager's Manual							 edauth(8)

       edauth - edit user auth entry

       edauth username

       The  command  is an authorization editor.  creates a temporary file with an ASCII representation of the current database entry for the user
       specified by username and then invokes an editor on the file.  You can then modify the user's fields.  Upon leaving the editor,	reads  the
       temporary file and modifies the binary database to reflect the changes made.  If there are errors in the temporary file will allow the user
       to resume editing the file to fix them.

       The editor invoked is unless the environment variable EDITOR specifies otherwise.  Here is an example of the temporary file produced by
       uid = 268
       password = MXP3BnKLEWW960BEJc9DbHb6
       passlifemin = 1 hour
       passlifemax = 60 days
       passmod = 12/20/89 - 10:24:38
       authmask = login,change_password,enter_password
       fail_count = 0
       audit_id = 268
       audit_control = or
       audit_syscalls = creat,unlink
       audit_tevents = login:0:1
       Each field of the entry is represented as a keyword followed by an equals sign.	The value part of the field may be an integer, a string, a
       time specification, a date, or a comma-separated list of value keywords.  The effect of the field is described in

       The and fields expect integer values.

       The field is a string containing the encrypted password.  One way of disabling an account is to set this to a non-empty string less than 24
       characters in length such as `nologin'.

       The and fields specify the password expiration information. They may contain an integer specifying seconds, or a combination of scaled val-
       ues.  The units recognized for scaling are and Only the first letter of the unit need be supplied.  A of one day, one hour and five minutes
       could be specified as any of:
       passlifemax = 1 day 1 hour 5 minutes
       passlifemax = 25 h 5 m
       passlifemax = 90300 seconds
       passlifemax = 90300
       in addition to other combinations.

       The field is a date.  It is specified in the same format as the default output of the ULTRIX command.  The time	portion  is  optional  and
       defaults to the beginning of the day.

       The and fields expect a comma-separated list of value tokens. For this is zero or more of and For the audit information this corresponds to
       the name of the audit event.  See the manpage for more information on audit events.

       The field may be one of or See the manpage for more information on the affect of these values.

       Only the superuser can edit entries.

       Changing the entry will not affect the uid and audit information of existing login sessions.

       If the uid field of the entry is changed the mapping to the file will be affected.  Changes to the passwd file will probably be necessary.

       Various messages about incorrect input. All are self-explanatory.

       Contains all authorization information

       Maps usernames to UIDs

See Also
       audcntl(2), auth(5), auditmask(8), getauth(8), vipw(8)
       Security Guide for Administrators


Check Out this Related Man Page

getauth(8)						      System Manager's Manual							getauth(8)

       getauth, setauth, rmauth - auth database maintenance

       getauth [username]


       rmauth username

       The  command  takes as it's only argument a user name or UID.  If a user name is supplied it is converted to a UID by searching through The
       UID is then used to look up the users entry in the database.  If an entry is found it is converted to an ASCII string with a syntax  resem-
       bling  that  of	the  passwd  file  and printed out as a single line.  If no entry is found nothing is printed and an exit status of `1' is
       # getauth username
       The first field is the UID of the entry which is used as the key into the database.  Then follows: the encrypted password, password modifi-
       cation  time, minimum password lifetime, maximum password lifetime, account mask, login failure count, audit ID, audit control, audit mask,
       and a reserved field.

       If the optional username argument is not supplied to getauth it will produce an output line for every entry in the auth database.

       The command expects one or more lines from the standard input which must be of a form identical to that produced by the command.  The  com-
       mand  converts  and  stores  these lines into the database, one entry per line, replacing any entry already existing for the given UID.	By
       piping the output of the command into the input of the command an expensive NOP can be produced:
       # /usr/etc/sec/getauth | /usr/etc/sec/setauth

       The command expects exactly one argument, the user name or UID of an auth entry to be deleted.  If the entry is	found  it  is  erased  and
       deleted.  If it is not found no action is taken and an exit status of 1 is returned.

       Only the superuser and members of the group may read information from the auth database.  Only the superuser may modify the auth database.

       An  exit  value of 0 indicates a successful operation. An exit status of 1 indicates the entry was not found on a lookup or deletion opera-
       tion.  Any other exit status indicates an error.

See Also
       getauthuid(3), getpwent(3), auth(5), edauth(8)
       Security Guide for Administrators

Man Page