UNRETIRE(ADM) UNIX System V
Name
unretire, chtype - changes the usertype of an account
Syntax
/tcb/bin/unretire [ -t usertype ] users
Description
unretire changes the usertype of an account. By default
(without the -t flag) unretire expects the accounts
specified on the command line to be currently ``retired''
and sets their type back to ``general'', or ``pseudo'' if
the account has an owner.
Specifying a usertype overides owned accounts being
unretired to usertype ``pseudo'', the other usertypes are:
sso, operator and admin. (See addxusers(ADM) for an
explanation of usertypes.)
unretire can also be used to retire users by specifying a
usertype of ``retired'' (assuming the account is not already
retired). When an account is retired, the encrypted
password is set to an asterisk (*), further ensuring that
the account can no longer be used. Accounts which are
logged in cannot have their type changed.
If no users are specified on the command line then unretire
will read standard input for account names, one per line.
unretire uses ale(ADM) and the underlying chtype shell
script. ale requires the invoking user to have the auth
subsystem authorization and the chown and execsuid kernel
authorizations.
Files
/tcb/files/auth/?/* protected password database
/tcb/lib/auth_scripts/chtype change type script
See Also
ale(ADM), passwdupd(ADM), authcap(F)
Diagnostics
unretire returns an exit status of 1 if it was interrupted
Notes
Because unretiring users is not allowed on a C2 system,
unretire first checks that the system has been relaxed.
Currently the TCB does not distinguish between pseudo, sso,
operator or admin usertypes. They all indicate the account
is not intended to be logged into directly.
Value Added
unretire is an extension of AT&T System V provided by the
Santa Cruz Operation.
(printed 12/11/90) UNRETIRE(ADM)