HP-UX Reference (11i v2 07/12) - 1M System Administration Commands N-Z (vol 4)

ManualsBrandsHP ManualsSoftwareHP-UX Reference Manuals

571

572

573

574

575

576

577

578

579

580

userdbset(1M) userdbset(1M)

NAME

userdbset - modify information in the user database, /var/adm/userdb

SYNOPSIS

/usr/sbin/userdbset -u

name attr=value [attr

=value ...]

/usr/sbin/userdbset -d -u

name [-i]

/usr/sbin/userdbset -d -u

name attr [attr...]

/usr/sbin/userdbset -d -a

attr [attr...]

/usr/sbin/userdbset

[-u name] -f ﬁlename

DESCRIPTION

userdbset modiﬁes the per-user information residing in the user database,

/var/adm/userdb

per-user value in the user database overrides any system-wide default conﬁgured in

/etc/default/security

. See userdb(4) and security(4) for more details about the user database and

system-wide defaults, respectively.

If one or more attr

=value arguments are speciﬁed on the command line,

userdbget initializes or

modiﬁes each attribute speciﬁed by attr to the speciﬁed value for the speciﬁed user name.

Options

The following options are recognized:

-a Modify speciﬁed attributes for all users.

-d Delete attributes; the /etc/default/security

(see security(4)) system-wide

default will then apply. If one or more attr arguments are speciﬁed, only those attri-

butes are deleted. Otherwise, if no attr arguments are speciﬁed, all conﬁgurable attri-

butes are deleted for the speciﬁed user name.

-f filename Import the contents of ﬁlename into the user database. Each line in the data ﬁle,

ﬁlename, must be in the following format: username attr=value. The output of

userdbget is in this format and can be used as the input ﬁle. See the -f

example in

the EXAMPLES section.

-i Remove internal attributes in addition to the conﬁgurable ones. Internal attributes are

not user conﬁgurable and are normally modiﬁed only by programs that enforce system

security. The ﬁle /etc/security.dsc

indicates which attributes are conﬁgurable

and which are internal.

-u name Initialize, modify or delete speciﬁed attributes for the speciﬁed user name.

Authorizations

In order to invoke

userdbset, the user must either be root (running with effective uid of 0) or, if the

Role-Based Access Control (RBAC) version B.11.23.04 is installed, have the appropriate authorization(s).

Users with the appropriate authorizations can use

userdbset to add, modify or delete security attributes

for other users, but are prohibited from changing the security attributes for local root users. Only root

users can add, modify or delete the security attributes of local root users. When the RBAC B.11.23.04 pro-

duct is installed, the following is a list of the required authorizations for running

userdbset with partic-

ular options:

hpux.security.attribute.write,*

Allows the user to invoke userdbset. The user will also need speciﬁc authorizations to modify or

delete the various attributes in the user database.

hpux.security.attribute.delete, attr

Allows the user to delete the per-user attribute (attr) named in the object of the authorization pair. An

object of "*" will allow the user to delete any attribute.

hpux.security.attribute.modify, attr

Allows the user to initialize or modify the per-user attribute (attr) named in the object of the authoriza-

tion pair. An object of "*" will allow the user to initialize or modify any attribute.

hpux.security.attribute.import,*

Allows the user to import user attributes into the user database using the -f option. Users with this

authorization are allowed to import attributes for all users, including local root users.

HP-UX 11i Version 2: December 2007 Update − 1 − Hewlett-Packard Company 577