Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ passmgmt(1M) — IRIX 6.5.3f

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

passwd(1)

ypchpass(1)

yppasswd(1)

passwd(4)

shadow(4)



passmgmt(1M)                                                      passmgmt(1M)



NAME
     passmgmt - password files management

SYNOPSIS
     passmgmt -a options name

     passmgmt -m options name

     passmgmt -d name

DESCRIPTION
     The passmgmt command updates information in the password files.  This
     command works with both /etc/passwd and /etc/shadow.  If there is no
     /etc/shadow, any changes made by passmgmt will only go into /etc/passwd.
     If the shadow file is not present, the -f and -e options have no effect,
     because the data fields they modify are not present in the base password
     file.

          passmgmt -a

     adds an entry for user name to the password files.

          passmgmt -a +name

     adds an NIS entry to the password files.  This command does not create
     any directory for the new user and the new login remains locked (with the
     string *LK* in the password field) until the passwd(1) command is
     executed to set the password.

          passmgmt -m

     modifies the entry for username in the password files.  The name field in
     the /etc/shadow entry and all the fields (except the password field) in
     the /etc/passwd entry can be modified by this command.  Only fields
     entered on the command line will be modified.

          passmgmt -d

     deletes the entry for username from the password files.  It will not
     remove any files that the user owns on the system; they must be removed
     manually.

          passmgmt -f days

     sets the period of inactivity for username in the shadow password file.

          passmgmt -e when

     sets the expiration date for the account.  The when argument is an input
     string to the getdate(3) routine.  If the environment variable DATEMSK is
     not set, the file /etc/datemsk is used by getdate to process this input
     argument.  Errors from getdate processing are reported.  Expiration dates



                                                                        Page 1





passmgmt(1M)                                                      passmgmt(1M)



     must be greater than today.

     The following options are available:

     -ccomment   A short description of the login.  It is limited to a maximum
                 of 128 characters and defaults to an empty field.

     -hhomedir   Home directory of name.  It is limited to a maximum of 256
                 characters and defaults to /usr/people.

     -uuid       UID of the name.  This number must range from 0 to the
                 maximum non-negative value for the system.  It defaults to
                 the next available UID greater than 99.  For an NIS entry,
                 the default is 0.  Without the -o option, it enforces the
                 uniqueness of a UID.

     -o          This option allows a UID to be non-unique.  It is used only
                 with the -u option.

     -ggid       GID of the name.  This number must range from 0 to the
                 maximum non-negative value for the system.  The default is 1
                 for a local entry and 0 for an NIS entry.

     -sshell     Login shell for name.  It should be the full pathname of the
                 program that will be executed when the user logs in.  The
                 maximum length of shell is 255 characters.  The default is
                 for this field to be set to /bin/sh.

     -llogname   This option changes the name to logname.  It also can change
                 a local entry to an NIS entry by

                      passmgmt -m -l +name name

                 or change an NIS entry to a local entry by

                      passmgmt -m -l name +name

                 It is used only with the -m option.

     The total size of each login entry is limited to a maximum of 4095 bytes
     (BUFSIZ-1, defined in /usr/include/stdio.h) in each of the password
     files.

SHARE II ACTIONS
     If the Share II system is installed and enabled, then passmgmt
     automatically creates and deletes lnodes as well as updating the password
     and shadow password files.  Normally, only superusers are able to use
     passmgmt, but if Share II is installed and enabled, then any user with a
     set admin or uselim flag can also use it.






                                                                        Page 2





passmgmt(1M)                                                      passmgmt(1M)



     passmgmt -a checks for an lnode with a UID equal to the UID of the
     newly-created entry in the password files.  If such an lnode already
     exists, then it is left untouched.  If such an lnode does not exists and
     the invoker has a set uselim flag, then a new lnode is created and the
     parent (sgroup) of the newly created lnode is initialized as the lnode
     other, or if no such lnode exists, root.

     If passmgmt -m is used to alter the UID of an existing user (the -u
     option), then a new lnode is created with the new UID.  If such an lnode
     already exists, then it is left untouched.  If the original UID was
     unique, then the old lnode is deleted.  The contents of the old lnode are
     not copied to the new lnode.

          passmgmt -d

     deletes the lnode having the UID of the deleted password entry, if that
     UID was unique.

     Users with only a set admin flag (subadministrators) are subject to the
     following restrictions:

     ⊕  If using passmgmt -a to add a nonunique UID (with -o), then an lnode
        with that UID must already exist, and must be a member of the
        invoker's scheduling group.

     ⊕  If using passmgmt -a to add a unique UID, then there must not exist
        any orphan lnodes which already have that UID as their lost parent
        (sgroup).  If this criterion is satisfied, than a  new lnode is
        created blank and initialized with the invoker's lnode as its parent
        (sgroup).

     ⊕  If using passmgmt -m to perform any modification to a user, then the
        modified user's lnode must exist and be a member of the invoker's
        scheduling group.

     ⊕  If a user's UID is changed using passmgmt -m -u, then if the new UID
        is not unique (the -o option was used), an lnode with that UID must
        already exist and be a member of the invoker's scheduling group.
        Otherwise, if the new UID is unique, a new lnode is created blank and
        initialized with the invoker's lnode as its parent (sgroup).  In both
        cases, the original lnode of the user is deleted if it was unique in
        the passwd file.

     ⊕  If using passmgmt -d to delete a user, then the deleted user's lnode
        must exist, be a member of the invoker's scheduling group and have no
        child lnodes.

CAVEAT
     The passmgmt -m -u command will erase all usage, limit, privilege, and
     accumulated accounting information of the user whose UID is altered.





                                                                        Page 3





passmgmt(1M)                                                      passmgmt(1M)



FILES
     /etc/passwd
     /etc/shadow
     /etc/opasswd
     /etc/oshadow
     /etc/limconf

SEE ALSO
     passwd(1), ypchpass(1), yppasswd(1), passwd(4), shadow(4).

DIAGNOSTICS
     The passmgmt command exits with one of the following values:

     0    SUCCESS.

     1    Permission denied.

          In the case where the Share II system is enabled, it means that the
          invoker is not the superuser, and does not have a set uselim or
          admin flag.  Otherwise, the invoker is a user with only a set admin
          flag (subadministrator), but is violating one of the restrictions
          described above.

     2    Invalid command syntax.  Usage message of the passmgmt command will
          be displayed.

     3    Invalid argument provided to an option.

     4    UID in use.

          In the case where the Share II system is enabled, it means that the
          lnode is active (that is, has processes attached) and, hence, cannot
          be deleted.

     5    Inconsistent password files (e.g., name is in the /etc/passwd file
          and not in the /etc/shadow file, or vice versa).

     6    Unexpected failure.  Password files unchanged.

          In the case where the Share II system is enabled, it means that
          passmgmt ran out of memory, or was unable to create or delete an
          lnode for an unknown reason.

     7    Unexpected failure.  Password file(s) missing.

     8    Password file(s) busy.  Try again later.  A

     9    name does not exist (if -m or -d is specified), already exists (if
          -a is specified), or logname already exists (if -m -l is specified).






                                                                        Page 4





passmgmt(1M)                                                      passmgmt(1M)



NOTE
     You cannot use a colon or <cr> as part of an argument because it will be
     interpreted as a field separator in the password file.

     If the shadow file is used, the NIS entries get the password from the
     shadow file exclusively and must have an entry for each NIS user name.
     This will not permit the use of the general NIS entry, +::0:0:::, or
     netgroup expansions.















































                                                                        Page 5



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026