 |
Index for
Section 8 |
|
 |
Alphabetical
listing for E |
|
 |
Bottom of
page |
|
edauth(8)
NAME
edauth - update and list authentication and capabilities (authcap) database
information (Enhanced Security)
SYNOPSIS
/usr/tcb/bin/edauth [-d db] [-L | -N] [-q] [-v] entryname...
/usr/tcb/bin/edauth -g [-d db] [-L | -N] [-q] [-t] [-v] [entryname...]
/usr/tcb/bin/edauth -s [-d db] [-L | -N] [-R] [-t] [-U uid] [-C] [-q]
[-v]
/usr/tcb/bin/edauth -r [-d db] [-L | -N] [-q] [-v] entryname...
/usr/tcb/bin/edauth -H
OPTIONS
-d db
Specifies which database to use. Select from one of the characters d,
f, p, t, or v.
d - The system default database, /etc/auth/system/default
f - The file control database, /etc/auth/system/files
p - User profile data in the /tcb/files/auth.db,
/var/tcb/files/auth.db, and optional associated NIS map sources.
t - The terminal control database, /etc/auth/system/ttys.db
v - The terminal control database, /etc/auth/system/devassign
The user profile database (p) is the default if no -d option is given.
-g Gets the named entries (or all) and prints them to standard output
rather than editing them. If the -q option is also given, the entries
are not printed, and the exit status is the only confirmation of
whether at least one entry would have been printed if -q had not been
specified.
-r Removes (deletes) named entries rather than editing them.
-s Sets new values based on pre-edited entries read from standard input.
If a new entry is being created, the corresponding passwd entry must be
created first. If the -C option is not given, existing entries are
overwritten by the new data.
-t When used with -g or -s options, account template entries are included
in addition to user-profile entries. Note that account templates do not
have password entries.
-v Gives more verbose messages.
-C Restricts the -s option to creating new entries only, rather than
possibly overwriting existing ones.
-L Uses only local entries, not NIS.
-N Uses only NIS entries, not local.
-R Causes new local user-profile entries to be written to the root
partition only, no matter what the UID of the profile.
-U uid
Specifies the minimum general user UID. User-profile entries with UIDs
less than this value (default of 100) are written to the root partition
in the /tcb/files/auth.db file. Profiles with uids greater than or
equal to the specified value are written to the /var/tcb/files/auth.db
file.
-H Print a help message and exit successfully with no further processing.
DESCRIPTION
The edauth utility displays and modifies the system databases used by the
enhanced security subsets. These include the user profile databases and
their NIS map source files, the file control database, the terminal control
and device assignment databases, and the system default database. Note that
edauth does not alter /etc/passwd.
The edauth utility is intended for disaster-recovery situations, since the
GUIs provide a much friendlier interface. However, for sites where X is not
available, edauth can be used for general maintenance of these databases.
If none of the -s, -g, or -r options are given, edauth extracts each
matching entry into a temporary file, and allows the user to edit that
entry. If the edited entry has more unparsed fields than did the old copy,
a warning is given. If the -v option was given, the unparsed text is
displayed.
Editing and setting of entries in NIS maps is only allowed on the NIS
master host, in which case the changes are made to the NIS map source files
themselves, and a make of the NIS maps is then performed by edauth.
The only option available to a non-root user is displaying the publicly-
accessible databases or the user's own profile.
ENVIRONMENT
The following environment variables can be used by edauth:
TERM
Checked for being set only, in order to determine whether the $VISUAL
environment variable should be consulted to find an editor to use. The
$TERM variable is also likely to be used by the editor that is spawned.
VISUAL
Checked to find the editor to use when editing data, if the $TERM
environment variable is set.
EDITOR
Checked to find the editor to use when editing data. If neither the
$VISUAL nor the $EDITOR environment variable is available, edauth
checks /usr/bin/ex and /sbin/ed for execute permissions and stops
attempts to edit data if none can be found.
Other environment variables which are likely to be used:
NOPUSH
This environment variable is checked by the /var/yp/Makefile file when
updating the NIS maps in order to determine whether to force the NIS
slave servers to update their maps immediately (and to wait for that
update).
EXAMPLES
To display just the wildcard entries from the ttys and devassign databases:
# edauth -g -dt '*' '*:*'
# edauth -g -dv '*' '*:*'
To display the system defaults data:
# edauth -g -dd
For a non-root user to display his or her own profile:
% edauth -g
For a privileged user to display all user profiles:
# edauth -g
To display the user profile for root:
# edauth -g root
To edit the entry for user root:
# edauth root
To edit the ttys database entry for lat/628:
# edauth -dt lat/628
To edit the NIS profile entry for user nobody:
# edauth -N nobody
To add a template of cis401 to a list of user names contained in a file
named students:
edauth -g `cat students` \
| sed 's/:chkent:/:u_template=cis401:chkent:/' \
| edauth -s
SEE ALSO
Commands: convuser(8), convauth(8), authck(8)
Files: authcap(4), prpasswd(4), ttys(4), default(4), devassign(4), files(4)
Security
|
Index for
Section 8 |
|
|
Alphabetical
listing for E |
|
 |
Top of
page |
|