ap(ADM) 19 June 1992 ap(ADM) Name ap - generate account profile for propagation to other machines Syntax ap -d [ -v ] [ usernames ] ap -r -f file [ -o ] [ -v ] [ usernames ] Description ap allows the propagation of user accounts by generating an archive that can be loaded on other machines. ap -d writes an account profile entry to the standard output for each username specified. If no usernames are specified, account profiles are written for all users listed in the password file. ap -r restores account profile information from the file specified by the -f option, which is assumed to be the product of a previous ap -d. If no usernames are specified, all the account profiles contained in the file are restored: otherwise only the account profiles for the specified users are restored. An account profile entry consists of the user's line from the password file followed by all relevant parts of their Protected Password database entry. The following Protected Password database fields are irrelevant and are not copied: Time of last unsuccessful password change. Time of last successful and last unsuccessful login. Terminal of last successful and last unsuccessful login. Number of consecutive unsuccessful logins. The -v (verbose) option causes ap to output a message to the standard error for each account profile dumped or restored. The -o (overwrite) option causes ap to overwrite an existing account pro- file which has the same username and user ID as one being restored. If the -o option is not specified a message is output and existing entries are not overwritten. Examples To dump the account profiles for users root and guest to a file called profiles and display a message after each account profile is dumped: ap -dv root guest > profiles This file can then be transferred to another machine. To restore the account profile for user root, overwriting any existing profile: ap -ro -f profiles root Files /etc/passwd Password file /etc/shadow Shadow Password file /tcb/files/auth/?/* Protected Password database /etc/auth/subsystems/* Subsystem Authorizations database See also addxusers(ADM), authck(ADM), authcap(F), fields(S), getprpwent(S), getpwent(S), passwd(FP), subsystems(S) Diagnostics If ap detects a fatal error, it displays an appropriate error message and exits with status greater than zero. If no errors are encountered, ap exits with status zero. Notes ap requires the invoking user to be the super user or have the auth sub- system authorization, and have both the chown and execsuid kernel author- izations. As different machines may have different System Default values, the same profile transferred to another machine may give the user different capa- bilities simply because different default values are picked up for fields not present in the user's Protected Password database entry. As the file containing the dumped account profile information is used to update the password and Protected Password database, it must be protected from unauthorized access in the same way the Protected Password database entries themselves are protected. Value added ap is an extension of AT&T System V provided by The Santa Cruz Operation, Inc.