Manualshelf

Installation guide

ManualsBrandsCompaq ManualsComputer equipmentTru64 UNIX
61626364656667686970
required by those les imposed a limit on how many accounts a system could
support.
The Enhanced Security routines no longer use the pw_id_map and
gr_id_map les. If you are running Tru64 UNIX Version 4.0D or later
and still have those les, it is recommended that you remove them to recover
the space occupied on the root paritition.
4.3.7.4 Behavior of useradd, usermod, and userdel Commands
The useradd command correctly honors the default administrative lock
value found in the /.sysman/Account_defaults file.If
Account_defaults does not exist, the internal default for useradd is
to create locked accounts. Use the administrative_lock_applied
extended command line option to override the default. In the following
example, useradd creates a locked account for foo regardless of the
default value for administrative lock:
useradd -x administrative_lock_applied=1 foo
For base security, a locked account has the text Nologin in the password
eld in the /etc/passwd le. If an account is unlocked and has no
password, that account has no value in the password eld. The account is
open and accessible to anyone. A warning is displayed if an unlocked
account with no password is created.
For enhanced security, all accounts have an asterisk (*) in the password eld
in /etc/passwd, but the lock ag in the protected password database is
correctly set to reect the lock status. As with base security, an unlocked
account with no password is accessible to anyone.
The usermod command correctly sets the lock ags for enhanced security
when the administrative_lock_applied option is given on the
command line. If usermod is used to unlock a locked account with no
password, a warning is displayed.
The userdel command will retire, instead of remove, accounts on a system
running enhanced security.
4.3.8 Enabling Extended UIDs in the Kernel
By default, extended UIDs are not enabled in the kernel. To enable this
feature, use sysconfig or the dxkerneltuner interface to set the value
of the variable enable_extended_uids to 1 (enabled).
If you choose to do this, please note the following:
While enable_extended_uids can be set dynamically, you cannot
disable it dynamically. To disable enable_extended_uids, set the
boot time value to 0 (disabled) and reboot your system.
Base System Software Notes 419