userdbset.1m (2010 09)
u
userdbset(1M) userdbset(1M)
NAME
userdbset - modify information in the user database, /var/adm/userdb
SYNOPSIS
/usr/sbin/userdbset -u
name attr =value [attr
=value]...
/usr/sbin/userdbset -d -u
name [-i
]
/usr/sbin/userdbset -d -u
name attr [attr ]...
/usr/sbin/userdbset -d -a
attr [attr ]...
/usr/sbin/userdbset
[-u name] -f
filename
DESCRIPTION
userdbset modifies the per-user information residing in the user database,
/var/adm/userdb
.A
per-user value in the user database overrides any system-wide default configured in
/etc/default/security
. See userdb (4) and security (4) for more details about the user database
and system-wide defaults, respectively.
If one or more attr
=value arguments are specified on the command line,
userdbget initializes or
modifies each attribute specified by attr to the specified value for the specified user name.
Options
The following options are recognized:
-a Modify specified attributes for all users.
-d Delete attributes; the /etc/default/security
(see security (4)) system-wide
default will then apply. If one or more attr arguments are specified, only those attri-
butes are deleted. Otherwise, if no attr arguments are specified, all configurable attri-
butes are deleted for the specified user name .
-f filename Import the contents of filename into the user database. Each line in the data file,
filename , must be in the following format: username attr=value. The output of
userdbget is in this format and can be used as the input file. See the
-f example
in the EXAMPLES section.
-i Remove internal attributes in addition to the configurable ones. Internal attributes
are not user configurable and are normally modified only by programs that enforce
system security. The file /etc/security.dsc
indicates which attributes are
configurable and which are internal.
-u name Initialize, modify or delete specified attributes for the specified user name.
Authorizations
In order to invoke
userdbset, the user must either be root (running with effective uid of 0) or, if the
Role-Based Access Control Extensions product (RBACExt) is installed, have the appropriate
authorization(s). Users with the appropriate authorizations can use
userdbset to add, modify or delete
security attributes for other users, but are prohibited from changing the security attributes for local root
users. Only root users can add, modify or delete the security attributes of local root users.
Refer to rbac (5) for more information on the Role-Based Access Control product. The following is a list of
the required authorizations for running
userdbset with particular options:
hpux.security.attribute.write,*
Allows the user to invoke userdbset. The user will also need specific authorizations to modify or
delete the various attributes in the user database.
hpux.security.attribute.delete, attr
Allows the user to delete the per-user attribute (attr ) named in the object of the authorization pair.
An object of
* will allow the user to delete any attribute.
hpux.security.attribute.modify, attr
Allows the user to initialize or modify the per-user attribute (attr ) named in the object of the authori-
zation pair. An object of * will allow the user to initialize or modify any attribute.
hpux.security.attribute.import,*
Allows the user to import user attributes into the user database using the -f option. Users with this
authorization are allowed to import attributes for all users, including local root users.
HP-UX 11i Version 3: September 2010 − 1 − Hewlett-Packard Company 1