uidadmin(1) uidadmin(1)
NAME
uidadmin - user-controlled ID map data base administration
SYNOPSIS
uidadmin [-S scheme [-l logname]]
uidadmin -S scheme -a -r g_name [-l logname]
uidadmin -S scheme -d [-r g_name] -l logname
uidadmin -S scheme [-cf]
DESCRIPTION
The uidadmin command is used primarily by non-privileged users
to display and update entries in the user ID mapping data
base.
Files
/var/adm/log/idmap.log log file
/etc/passwd password file
USAGE
The user ID data base consists of one or more user ID map
files, where each file is associated with a different
authentication scheme.
Non-privileged users are limited to administering only primary
attribute entries that map into their own user identities.
Mapping of secondary attributes is controlled exclusively by
the system administrator. The administrator of user-
controlled mapping must be in group sys.
The options to uidadmin have the following meanings:
-S scheme
Specify the name of the ID mapping scheme.
-l logname
Specify a local name (logname) into which the remote
name maps. logname must be a valid logname on the
local machine. A non-privileged user can map a remote
name only to his or her own local logname; if the -l
option is omitted, the user's local logname is assumed.
When a privileged user maps a remote name to a non-
privileged user's local logname, the -l option is
required.
Copyright 1994 Novell, Inc. Page 1
uidadmin(1) uidadmin(1)
-a Add a map entry. The scheme name and the remote name
must be specified. A local name different from the
user's logname can be specified by a privileged user.
-r g_name
Specify the remote (global) name. The format of g_name
is scheme-dependent; generally, it includes a login
name and a machine name.
-d Delete a map entry. The scheme name and the local name
must be specified. Specifying the remote name is
optional. If only the local name is specified, all
entries mapping to the local name are deleted. If a
remote name is also specified, a particular map entry
is deleted.
-c Check the consistency of a map file. The -c option is
intended for use by a system administrator. The scheme
name must be specified. Map entries containing syntax
errors and unknown lognames are displayed. Lognames
are unknown if they do not exist in /etc/passwd.
-f Fix an inconsistent map file. The -f option is
intended for use by a system administrator. Entries
that are out of order are sorted; map entries
containing syntax errors and unknown lognames are
displayed, and the system administrator is given the
opportunity to change or delete them.
When no options are specified, uidadmin lists all schemes and
for each scheme, indicates whether it is in SECURE or USER
mode. A scheme in USER mode has user-controlled mapping
enabled. When scheme is specified, uidadmin uses the user's
real UID to determine the local logname and reports entries in
that scheme's user map file that map into the local name.
When a privileged user specifies a scheme, the entire contents
of the scheme's user map file is displayed.
When scheme and logname are specified with no other options,
all entries in the scheme's uidata file that map into the
logname are reported. Only a privileged user can use this
form of the command to list other users' entries.
Note that all update operations are logged (whether successful
or not) in the file /var/adm/log/idmap.log.
Copyright 1994 Novell, Inc. Page 2
uidadmin(1) uidadmin(1)
Examples
The following line is an example of a command line that
includes the -a option. The command adds an entry to the user
map file associated with scheme ns. The entry maps from the
remote name our_gang:alfalfa into the user's local logname.
uidadmin -S ns -a -r our_gang:alfalfa
The following lines are command lines that include the -d
option. The first line deletes the entry that maps the remote
name our_gang:alfalfa into local user darla. The second line
deletes from the user map file all entries that map into the
local name darla.
uidadmin -S ns -d -r our_gang:waldo -l darla
uidadmin -S ns -d -l darla
REFERENCES
attradmin(1M), attrmap(3I), idadmin(1M), namemap(3I)
Copyright 1994 Novell, Inc. Page 3