Manualshelf

userstat.1m (2010 09)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages
12
u
userstat(1M) userstat(1M)
NAME
userstat - check status of local user accounts
SYNOPSIS
/usr/sbin/userstat
[-q] -u name [parm]...
/usr/sbin/userstat
[-q] -a
[parm ]...
DESCRIPTION
userstat checks the status of local user accounts and reports abnormal conditions, such as account
locks.
If any parm arguments are specified, abnormal status is displayed only for those parameters, otherwise
abnormal status is displayed for all parameters. The Parameters section describes the various parameter
values that can be used for parm.
Each account with an abnormal status is displayed on a single line. Each line contains the username fol-
lowed by one or more parameters, indicating what abnormal conditions exist for the account. The Param-
eters section describes the various parameters that can be displayed.
Options
The following options are recognized:
-a Display the status of all users listed in /etc/passwd.
-q (Quiet) Do not print anything to standard output. This can be used when interested only in
the userstat return value.
-u name Check the status of only the specified user name . The user must be a local user listed in
/etc/passwd.
Parameters
The parameters that could be displayed to indicate abnormal account status, or that could be used with
the
-p option, include the following:
admlock admlock is displayed if an administrator lock is present on the account. This lock indi-
cates that the encrypted password in /etc/passwd or /etc/shadow begins with *.An
administrator lock can be set, for example, with passwd -l.
expacct expacct=days is displayed if the account is locked because the account expiration date
has been reached. days is the number of days that the account has been expired. See the
description of the expiration field in shadow (4).
exppw exppw=days is displayed if the account’s password has expired. days is the number of
days that the password has been expired. days is displayed only if its value can be deter-
mined.
inactive inactive=days is displayed if the account is locked because there have been no logins to
the account for a time interval that exceeds the maximum allowed. days is the number of
days that the account has been inactive. See the description of the
INACTIVITY_MAXDAYS attribute in security (4).
maxtries maxtries=num is displayed if the account is locked because the number of consecutive
authentication failures exceeded the maximum allowed. num is the number of consecutive
authentication failures. See the description of the AUTH_MAXTRIES attribute in secu-
rity (4).
nullpw nullpw is displayed if the account is locked because the account has a null password and
is not allowed to have a null password. See the description of the
ALLOW_NULL_PASSWORD attribute in security (4).
tod tod=times is displayed if the account has a time-of-day login restriction. times defines the
time periods that the user may login. See the description of the LOGIN_TIMES attribute
in security (4).
Security Restrictions
Users invoking this command must have the
hpux.security.check authorization. See
authadm (1M).
HP-UX 11i Version 3: September 2010 1 Hewlett-Packard Company 1

Summary of content (2 pages)