Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ passwd_override(5sec) — DCE 3.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

passwd_override(5sec)  —  Macro Packages and Conventions

NAME

passwd_override - Registry database user override file

DESCRIPTION

The dcelocal/etc/passwd_override administrative file lets you override the password, GECOS, home directory, login shell, group membership, and principal UNIX ID information stored in the network registry database.  The group_override file serves a similar function for groups; see the group_override(5sec) reference page for more information. 

Each host machine contains its own passwd_override file.  Override entries contained in the file take effect transparently, but on the local machine only; they have no effect on the centralized registry.  You may find passwd_override especially useful for excluding users from logging into certain machines, establishing local root passwords, or tailoring local user environments. 

The passwd_override File Format

The format of a passwd_override entry is similar to entries in the UNIX password file.  The format is as follows:

principal_name:passwd:principal_uid:group_id:GECOS:home_dir:login_shell

In an override entry, principal_name, principal_uid, and group_id fields are keyfields.  You must enter one of them to identify the principal or group to which the overrides apply.  The keyfield is used to perform a lookup in the override file.  The lookup is performed in order as the entries are specified in an override entry: first by principal name, then by principal UNIX ID, and finally by group UNIX ID.  If you specify more than one keyfield in an override entry, the first keyfield specified is used as the lookup key; subsequent keyfields are used as overrides. 

Field Descriptions

The fields contained in a passwd_override file entry are described in the following:

principal_nameA keyfield that contains a principal name identifying the account to which the overrides apply.  Enter principal_name to apply the override only to the account for the principal’s primary name and not to any accounts for the principal’s aliases. 

passwdThe encrypted password.  If you specify an override in this field, the password you enter is in effect for this local machine only.  When you override a principal’s password, only the principal’s local credentials are obtained at login, not the principal’s network credentials. Without network credentials, the principal cannot access the network registry and obtain the information normally provided at network login.  Therefore, you must supply all this information in the password_override file entry.  For overrides to passwords, you must enter all fields in the override entry, including all keyfields.  You can also specify OMIT in the passwd field to disallow login on the local machine.  The use of OMIT in conjunction with an option to the passwd_export command also omits this principal from the password file created by passwd_export.  (See the section Using OMIT for details.) 

principal_uidAn encrypted principal UNIX ID.  This field can function as a keyfield (when the principal_name keyfield is not entered) or as an override field (when the principal_name keyfield is entered).  Enter principal_uid and not principal_name when you want to apply the overrides to all of a principal’s accounts, including any accounts for the principal’s aliases.   The principal_uid keyfield is especially useful for overrides to root.  For example, if root has an alias of virtuoso, an override keyed by principal name applies only when root logs in as root.  An override keyed by root’s principal_uid applies when root logs in as root, as virtuoso, and under any other alias.  Enter principal_uid and principal_name to override the UNIX ID of the named principal. 

group_idA UNIX group ID. This field can function as a keyfield, when no other keyfields are entered, or as a field containing an override, when entered in conjunction with principal_name or principal_uid.  Enter group_uid and no other keyfield (principal_name or principal_uid) to apply the override to all members of the group identified by group_uid.  In this instance the group_uid field functions as a keyfield, identifying the accounts to which to apply the overrides (that is, accounts whose principal is a member of the specified group).  Enter group_uid and principal_name to change the group of the principal identified by principal_name to the group identified by group_uid.  The change applies only to the account for the principal’s primary name, not to any accounts for the principal’s aliases.  Enter group_uid and principal_uid to apply the group override to all of the principal’s accounts, including any for the principal’s aliases.  In these instances the group_uid field functions as a field supplying override information, not as a keyfield. 

GECOSThe account’s GECOS field.  You can specify an override in this field.  To keep it unchanged, leave it empty. 

home_dirThe account’s home directory.  You can specify an override in this field.  To keep it unchanged, leave it empty. 

login_shellThe account’s log-in shell.  You can specify an override in this field.  To keep it unchanged, leave it empty. 

Leaving Fields Blank

If you do not want to override an item, leave its field blank, being sure to use a : (colon) to separate blank fields.  (You must enter one of the keyfields, however, to identify the principal or group for which you are creating overrides.)  You are required to enter the colons associated with any blank trailing fields. 

Using OMIT

If you enter either the word OMIT or another invalid password string (such as ∗ (asterisk) or NO GOOD) in the passwd field, the principal (or set of principals) will be unable to log into the local machine.  If you specify OMIT and run passwd_export with the ­-x option, the named principal (or set of principals) will not appear in the /etc/passwd file produced by passwd_export. 

You should also be aware that, if you have omitted principals from the /etc/passwd file, information about those principals will not be available to any programs that use the password file.  For example, the ls -l and the finger commands both access the password file to obtain further information about a principals.  If the principal is omitted, no password entry will exist and no information will be available.  For this reason, you should use OMIT to omit principals from the /etc/passwd file only if your user community is very large and either of the following conditions occur:

       •The passwd file is taking up too much space. 

       •User-ID-to-name mapping is too slow (during ls -l, for example). 

NOTES

Principals can update their entries in the override file for the local host by using chpass.  The chpass command is platform-specific; consult your local operating system documentation for information on how to use your version of the command. 

EXAMPLES

     1.To prevent the principal with a UNIX ID of 52 from logging into the local machine, include the following entry in the passwd_override file:

:exclude:52::::

     2.To prevent members of the group identified by a UNIX ID of 25 from logging into a node and to omit them from inclusion in the password file, put OMIT in the passwd field as follows:

:OMIT::25:::

Then run the passwd_export command with the ­-x option to omit these principals from the /etc/passwd file, as follows:

dcelocal/etc/passwd_export -x

     3.To change the password, home directory, and initial shell for user mozart’s account, include the following entry in the passwd_override file:

mozart:sq1Rc1Urrb1L6:678:893:Wolfgang A. Mozart:/aria/wolfgang:/bin/csh

     4.To override the home directory for user mozart’s account, include the following entry in the passwd_override file:

mozart:::::/aria/wolfgang:

RELATED INFORMATION

Commands: rgy_edit(8sec), passwd_export(8sec). 

Files: group_override(5sec). 

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026