unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



usermod(8)							   usermod(8)



NAME

  usermod - Modifies a user's login information	on the system.

SYNOPSIS

  SVE:

  /usr/sbin/usermod [-u	uid[-o]] [-l login_name] [-g group] [-G
  group[,group...]] [-c	comment] [-d dir [-m]] [-s shell] [-e expire] [-f
  inactive] [-t	type] login

  POSIX:

  /usr/sbin/usermod [-c	comment] [-d dir [-m]] [-g group] [-G
  group[,group...]] [-H	home_dir] [-p] [-l login_name] [-P] [-s	shell] [-t
  type]	[-u uid[-o]] [-x extended_option] login

  /usr/sbin/usermod -D	[-g group] [-s shell] [-d dir] [-e expire] [-f inac-
  tive]	[-x extended_option]

OPTIONS

  -c comment
	  Modifies the description of the account, currently used as the
	  field	for the	user's full name in the	user database file. The	com-
	  ment argument	can be any text	string.	If the text string contains
	  spaces, enclose the string in	quotes.

  -H home_dir
	  Sets the pathname of the user's home directory location. The path-
	  name is combined with	the login name to form the full	path of	the
	  home directory. The -H option	cannot be used with the	-d option,
	  but see also the -m option.

  -d dir  Specifies the	full path to the home directory	where the user
	  account resides. If not specified, dir defaults to home_dir/login,
	  where	home_dir is the	default	directory for user login accounts and
	  login	is the name of the new login account. The -d option cannot be
	  used with the	-H option, but see also	the -m option.

  -m	  Moves	the user's home	directory to the new location. This option
	  must be combined with	either the -H or -d options.

  -p	  Indicates that you want to supply a password.	You are	prompted to
	  enter	the password, which is not echoed to the screen. After enter-
	  ing a	password, you are prompted to verify it	by entering it a
	  second time.

  -P	  Modify a PC account created by useradd with this switch. This
	  account is usable in an environment with the Advance Server for
	  UNIX (ASU).

  -D	  Displays and sets the	default	values used by the account management
	  utilities for	user and group information.

	  When used without arguments, this flag displays the default values.
	  If invoked with any combination of the flags listed by the usermod
	  -D command, it sets the default values for those flags. Subsequent
	  invocations of usermod use these new defaults. For example, in the
	  POSIX	environment, the following command sets	the group to be	pro-
	  ject,	the account to be local	and the	minimum	UID to be 300 for any
	  new account that is subsequently created:
	       # usermod -D -g project -x local=1 min_uid=300

  -e expire
	  This option is only for use on SVE systems running in	enhanced
	  security mode	and is useful for creating temporary logins. The
	  value	of the expire argument is a date. See the useradd(8) refer-
	  ence page for	a list of valid	date formats. A	blank value ("")
	  defeats the status of	the expired date. Set the extended option -x
	  account_expiration for the default value. Note that if a two-digit
	  year is specified, and the number is >=69 and	<=99, the year is
	  assumed to be	19** (20th century). Otherwise the year	is assumed to
	  be 20** (21st	century).

  -g group
	  Changes the account holder's primary group. The group	argument can
	  be specified as an existing group's identification number (GID) or
	  character-string name. You can use the -D option to set the default
	  primary group	for new	logins.

  -G group[,group...]
	  Modifies user's secondary groups. This option	is a comma-separated
	  list of groups that defines the supplementary	group membership for
	  the user. This is a replacement operation that will add or remove
	  the user from	supplementary groups as	necessary. All the groups in
	  which	membership is desired must be listed. Groups can be specified
	  by the group's name or by group identification number	(GID). An
	  error	is displayed for each group that does not exist. Duplicate
	  groups are ignored.

  -l login_name
	  Changes the user's login name. The login name	has the	same restric-
	  tions	as described for new users in useradd(8).

  -s shell
	  Modifies the user's login shell. It specifies	the full pathname of
	  the program used as the user's login shell. The shell	argument must
	  be a valid executable	file. When used	with the -D option, -s
	  defines the system default.

  -t type Changes user's account type to local plus (+)	or local (-) NIS user
	  in the user database.	The value of the type parameter	can be + or
	  -.

  -u uid  Modifies the user identification number (UID)	of the new user. The
	  uid must be specified	as a non-negative decimal integer.

  -o	  When modifying a UID,	allows a user identification (UID) number to
	  be duplicated	(non-unique). This option can be used only with	the
	  -u option.

  -x extended_option [extended_option]...
	  Extended_options are of the form attribute=-value. You may enter
	  any number of	extended options (within the character limit of	the
	  command line)	by separating each option with a space.	Alterna-
	  tively, they may be entered separately following the -x switch.
	  Note that some extended options are only available under specific
	  system environments.

	  The following	sets ofextended_option attributes are available: The
	  following sets of extended_option attributes are available. You can
	  enter	any number of options (within the character limit of the com-
	  mand line) by	separating each	option with a space.Alternatively,
	  they may be entered separately following the -x switch. Note that
	  some extended	options	are only available under specific system
	  environments.

	  To review the	current	defaults, use the following command:
	       usermod -D

	  A valid command string for extended options would be:
	       usermod -D  -x distributed=1 next_UID=300 \
	       administrative_lock_applied=0

	  The following	extended_option	are available:

	  local=0|1
		  Indicates whether the	account	is local. This value can be
		  set as a default with	the -D option and is incompatible
		  with the distributed option. If local	is set to 1, distri-
		  buted	is automatically set to	0.

	  distributed=0|1
		  Indicates that the account is	a NIS user account. This
		  value	can be set as a	default	with the -D option and is
		  incompatible with the	local option. If distributed is	set
		  to 1,	local option is	automatically set to 0.	You must be
		  on the NIS master to modify a	NIS user.

	  min_uid=n
		  Specifies the	minimum	UID value. This	value can only be set
		  as a default with the	-D option.

	  max_uid=n
		  Specifies the	maximum	UID value. This	value can only be set
		  as a default with the	-D option.

	  next_uid=n
		  Specifies the	next sequential	unassigned UID.	This value
		  can only be set as a default with the	-D option.

	  dup_uid=0|1
		  Allows the UID to be a duplicate of an existing UID. This
		  value	can only be set	as a default with the -D option.

	  home_dir=pathname
		  Specifies the	parent directory where home directories	will
		  be created by	default, such as /usr/users. This option can
		  only be used with the	-D option to set a default.

	  skel_dir=pathname
		  Specifies the	directory where	skeleton files reside. Files
		  in this directory are	copied to new home directories when
		  they are created. This option	can only be used with the -D
		  option to set	a default.

	  max_groups_per_user=n
		  Specifies the	maximum	number of groups to which a user can
		  belong. This value can only be set as	a default with the -D
		  option.

	  use_hashed=0|1
		  Specifies the	hashed password	database. This value can only
		  be set as a default with the -D option.

	  administrative_lock_applied=0|1
		  Locks	the account. A value of	1 locks	the specified
		  account, and a value of 0 will unlock	it. The	default	is 1.

	  The following	extended_option	attributes are available only on
	  systems running in enhanced security mode:

	  passwd_expire_time=n
		  Specifies the	time, in days, between the last	password
		  change and the password expiration. (A new password must be
		  chosen.) The value of	n must be an integer. If the value of
		  the passwd_expiration_time attribute is set to 0, there is
		  no password expiration time.

	  passwd_lifetime=n
		  Specifies the	time, in days, between the last	password
		  change and the expiration of the account. The	value of n
		  must be a non-negative integer. If the passwd_lifetime
		  attribute is set to 0, the password lifetime is infinite.

	  passwd_min_change_time=n
		  Specifies the	time, in days, which must pass before a	user
		  can change the user account password.	The value of n must
		  be a non-negative integer. A value of	0 means	there is no
		  minimum time to change the user account password.

	  passwd_expire_date=date_string
		  The date on which the	current	password will expire.  See
		  the -e option	for a list of valid date formats.

	  passwd_choose_own=0|1
		  Allows the user to choose his	or her own password.

	  passwd_run_generator=0|1
		  Forces the automatic password	generator to run.

	  passwd_generated_length=n
		  Sets the maximum number of characters	for generated pass-
		  words.

	  passwd_checked_for_obviousness=0|1
		  Forces the automatic password	checker	to run.

	  passwd_must_change=0|1
		  Forces a password change.

	  passwd_min_length=n
		  Sets the minimum number of characters	in a password.

	  passwd_max_length=n
		  Sets the maximum number of characters	in a password.

	  passwd_history_limit=n
		  Sets the number of times that	the password must be changed
		  before a password can	be reused.

	  logon_hours=time-string
		  Sets the days	of the week and	hours of the day during	which
		  the account holder can log in	to the account.	The time
		  string format	is an entry of Dd0000-0000 for each day	and
		  time that logins are enabled.	 Time is given in a 24-hour
		  clock	format.	For example, to	restrict logins	to Sunday,
		  Monday and Wednesday:
		       Su0830-1730,Mo0830-1730,We0830-1730

		  The hours are	restricted to 8:30AM to	5:30PM.

	  account_expiration=date_string
		  Specifies a date on which logins will	be disabled automati-
		  cally.

	  account_lifetime=n
		  Specifies a date on which the	account	will expire and	will
		  be retired automatically.

	  account_inactive=n
		  Specifies the	number of days that can	elapse before an
		  inactive account is locked automatically.

	  max_login_attempts=n
		  Specifies the	number of failed login attempts	that can
		  occur	before an account is locked automatically.

	  grace_limit=n
		  When an account becomes disabled because of an expired
		  password, break-in evasive action, or	exceeded login inter-
		  val, a grace period provides an interval during which	the
		  disabling condition is overridden and	the user may log in.
		  This successful login	will automatically clear the disa-
		  bling	condition and the grace	limit. Note that this does
		  not unlock an	account	that has been administratively locked
		  or that has expired.	The grace limit	specifies the number
		  of days, starting immediately, that the user has to log in
		  and re-enable	the account.

	  template=template_name
		  Specifies the	template name to provide default enhanced
		  security features for	users.

	  The following	extended_option	attributes are available for PC	group
	  administration if the	Advanced Server	for UNIX (ASU) is configured
	  and running:

	  pc_username=name_string
		  The user account name	on the PC. This	can be identical to
		  the user's UNIX account, or it can map to a shared account.
		  See the System Administration	Guide for more information on
		  account mapping.

	  pc_unix_username=login_name
		  The backing UNIX account name, if no name is entered it
		  will be the same as the PC usr account name.

	  pc_fullname=text__string
		  The full name	of the user or a description of	the account.

	  pc_comment=text_string
		  A brief description of the account that is modifiable	only
		  by the administrator.

	  pc_usercomment=text_string
		  A brief description of the account. This string can be
		  changed by the user.

	  pc_homedir=pathname
		  The path to the user's home directory, specified as an ASU
		  share	format.

	  pc_primary_group=group
		  The primary ASU group	(domain) to which the user belongs.

	  pc_secondary_groups=group[,group...]
		  The secondary	ASU groups (domains) to	which the user
		  belongs. This	value is specified as a	comma-delimited	list.

	  pc_logon_workstations=[client,...]
		  A list of client host	systems	from which the user can	log
		  on. This value is specified as a comma-delimited list	and a
		  null value ("	") means that the user can log on from all
		  workstations.

	  pc_logon_script=pathname
		  The directory	where the default logon	script is located.
		  This directory is created during ASU configuration.

	  pc_account_type =local|global
		  Specifies whether the	PC account is a	local or global
		  account in the ASU domain.

	  pc_account_expiration=date_string
		  Specifies the	date on	which the account will expire and
		  logins will be prevented.

	  pc_logon_hours=Dd0000-0000[,Dd0000-0000...]
		  Specifies the	days of	the week and hours of the day during
		  which	logins will expire and logons will be permitted	or
		  denied. See logon_hours for details of the string format.

	  pc_user_profile_path=pathname
		  Specifies the	pathname to the	default	user profile direc-
		  tory.

	  pc_disable_account =0|1
		  Specifies whether the	account	is locked, disabling logins.

	  pc_passwd
		  A text string	that will be the initial account password.
		  Note that you	must precede the pc_passwd option with the -x
		  option and you will be prompted to enter a password and
		  then confirm the entry. The password will not	be echoed to
		  the screen.

	  pc_passwd_choose_own=0|1
		  Controls whether the user can	set their own password.

	  pc_passwd_change_required=0|1
		  Forces password change during	the initial login.

	  pc_forced_logoff=n_seconds
		  Specifies a forced log off when the user's account or	logon
		  time expires.	If there is a live server connection when the
		  time expires,	and this value is set to 1, the	connection
		  will be dropped. This	option is only available with the -D
		  option to change the default setting.	A value	of -1 speci-
		  fies never, meaning that the user is not disconnected. The
		  account expires after	the user logs off.

	  pc_synchronize=0|1
		  Sets the PC synchronized status to off (0) or	on (1).

	  pc_min_passwd_age=n
		  Specifies the	minimum	number of days that can	elapse before
		  a password can be changed by the user. This option is	only
		  available with the -D	option to change the default setting.

	  pc_max_passwd_age=n
		  Specifies the	maximum	number of days that can	elapse before
		  a password must be changed by	the user. This option is only
		  available with the -D	option to change the default setting.

	  pc_passwd_min_length=n
		  Specifies the	minimum	number of characters in	a valid
		  password string. This	option is only available with the -D
		  option to change the default setting.

	  pc_passwd_uniqueness=n
		  Forces validation of the password for	uniqueness. This
		  option is only available with	the -D option to change	the
		  default setting. This	option is equivalent to	the
		  passwd_history_limit option.

  login	  Specifies the	new login name of the user. You	cannot specify a new
	  login	name for PC users. Refer to the	Advanced Server	for UNIX
	  (ASU)	documentation for more information.

DESCRIPTION

  The usermod command is part of a set of command-line interfaces (CLI)	that
  are used to create and administer user accounts on the system.  When The
  Advanced Server for UNIX (ASU) is installed and running, the usermod com-
  mand can also	be used	to administer Windows NT domain	(PC) accounts,
  including simultaneous (synchronized)	modification of	PC accounts or modif-
  ications to PC accounts alone. Accounts can also be modified with the
  /usr/bin/X11/dxaccounts graphical user interface (GUI) or the	sysman(8)
  Accounts menu.

  Different options are	available depending on how the local system is con-
  figured:

    +  In the default UNIX environment,	user account management	is compliant
       with the	IEEE POSIX Standard P1387.3-1996.

    +  If enhanced (C2)	security is configured,	additional options and
       extended	options	can be used.

    +  The CLI is backwards-compatible,	so all existing	local scripts will
       function. However, you should consider testing your account management
       scripts before use.

  The usermod command modifies a user's	login definition on the	system and
  makes	the login-related changes in the appropriate system files determined
  by the current level of security.

  The system file entries modified with	this command have a limit of 512
  characters per line. Specifying long arguments to several options may
  exceed this limit.

  The -x options local and distributed let the system administrator specify
  whether the user being modified is local or distributed by NIS. If these
  options are not specified on the command line, the system modifies the user
  in the appropriate database as specified by the system defaults. System
  defaults for users may be set	with the usermod -D option. In the absence of
  any defaults,	usermod	modifies a local user. Certain combinations of these
  settings are incompatible and	produce	an error: it is	invalid	to set both
  values to 0 or both of them to 1.








RESTRICTIONS

  Note the following restrictions that apply to	this release:


  You must have	superuser privilege to execute this command.

  -P option
	  When creating	or modifying PC	only accounts, the PC account will be
	  backed to the	UNIX account lmworld. This account must	exist when
	  adding PC only accounts. The lmworld account is created when the
	  ASU kit is installed.

	  When modifying a synchronized	PC and UNIX account that has dif-
	  ferent UNIX and PC account names, the	following conditions apply:

	    +  If the -P flag is specified, pc_unix_username specifies the
	       UNIX account and	the specified login is the PC account.

	    +  If the -P flag not given, pc_username specifies	the PC
	       account and the specified login is the UNIX account.

  pc_unix_username extended option
	  The extended attribute pc_unix_username can only be used when	the
	  -P option is specified on the	command	line. This extended option is
	  used to specify a UNIX account name when creating or modifying a PC
	  account.

  pc_username extended option
	  The extended attribute pc_username cannot be used when the -P
	  option is specified on the command line. It is used to specify a PC
	  account name when creating or	modifying a UNIX account.

  pc_synchronize extended option
	  The pc_synchronize option cannot be used with	the -P option.

EXIT STATUS

  The usermod command exits with one of	the following values:

  0	  Success.

  1	  Failure.

  2	  Warning.

EXAMPLES

   1.  The following example changes the UID of	the user, newuser, to 451 in
       the user	database:
	    % usermod -u 451 newuser

   2.  The following example changes the home directory	of the user, xyz to
       /users/xyz, and moves the files from the	user's current directory to
       the new directory:
	    % usermod -d /users/xyz -m xyz

   3.  The following example unlocks a user account that has been administra-
       tively locked.
	    % usermod -x administrative_lock_applied=0 username

   4.  The following example gives a one day grace period during which a user
       may log in to an	account	that has been disabled:
	    % usermod -x grace_limit=1 username

   5.  The following example changes the login shell of	the user, abc, in the
       NIS master database on the system where the command is executed:
	    % usermod -s /bin/csh -x distributed=1 abc

   6.  The following example changes the user's	login name from	abc to xyz:
	    % usermod -l xyz abc

   7.  The following example shows a typical output of default settings	using
       the -D option alone:
	    % usermod -D

	    Local			 = 1
	    Distributed			 = 0
	    Minimum User ID		 = 12
	    Next User ID		 = 200
	    Maximum User ID		 = 4294967293
	    Duplicate User ID		 = 0
	    Use	Hashed Database		 = 0
	    Max	Groups Per User		 = 32
	    Base Home Directory		 = /usr/users
	    Administrative Lock		 = 1
	    Primary Group		 = users
	    Skeleton Directory		 = /usr/skel
	    Shell			 = /bin/sh
	    Synchronized UNIX/PC Accts	 = 0
	    PC Minimum Password	Length	 = 8
	    PC Minimum Password	Age	 = 30
	    PC Maximum Password	Age	 = 90
	    PC Password	Uniqueness	 = 1
	    PC Force Logoff After	 = 4294967295

   8.  The following example changes the primary group of the user, abc, to
       15:
	    % usermod -g 15 abc

   9.  The following example enables the creation of synchronized PC accounts
       and sets	the minimum user ID (UID) and the next user ID to be used:
	    % usermod -D -x pc_synchronize=1 \
	    min_uid=20 next_uid=250

   10. The following example applies to	the user's PC account only. It
       unlocks the account and sets the	allowed	logins from 8:00 AM to 11:00
       PM on Monday:
	    % usermod  -P -x pc_disable_account=0  \
	    pc_logon_hours=Mo0800-2300 StudentB

   11. The following example shows how to modify a PC user's password:
	    % usermod -P -x pc_passwd StudentB



FILES

  The usermod command operates on the appropriate files	for the	specific
  level	of system security.

SEE ALSO

  Commands:  groupadd(8), groupdel(8), groupmod(8), useradd(8),	userdel(8)

  Manuals: System Administration, Security, Advanced Server for	UNIX Instal-
  lation and Administration