Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
41424344454647484950
2.5.1 Configuring Systemwide Attributes
The following steps explain how to define security attributes on a systemwide basis.
1. Review the security(4) manpage, which explains the configurable systemwide default
values for attributes. These attributes are configured in the /etc/default/
security file, which is also explained in the security(4) manpage.
If an attribute is not defined in the /etc/default/security file, then the default
value defined in the /etc/security.dsc file will be used by the system. See the
userdb(4) manpage for an explanation of the /etc/security.dsc file.
2. To change a configurable systemwide default, edit the security defaults file, /etc/
default/security, with a text editor such as vi. The file is world readable and
root writable.
Each line in the /etc/default/security file is either a comment or attribute
configuration information. Comment lines begin with a pound (#) sign. Noncomment
lines are in the form of attribute=value pairs, for example,
PASSWORD_MAXDAYS=30.
2.5.2 Configuring Per-User Attributes
Use the following commands to configure specific attributes for individual users. When
you configure per-user attributes, they override the systemwide defaults.
userdbset Changes the attribute for the specified user to override the systemwide
default defined in the /etc/default/security file. For an example,
see Section 2.5.2.1, and see userdbset(1M) for more information.
userdbget Displays the user-defined values for a specific user or all users. See
userdbget(1M) for more information.
userdbck Verifies or fixes the user-defined values. See userdbck(1M) for more
information.
For example, you can change PASSWORD_MAXDAYS from 60 to 30 days only for user
amy. The password for amy is valid for 30 days instead of 60 days. For all other users,
the systemwide value of 60 days applies.
Use the following procedure to change an attribute value for a user:
1. Review the security(4) manpage, which explains the systemwide attributes and
values, and how to set a per-user value. Not all attributes have a per-user value.
2. Review the manpages for the userdbset, userdbget, and userdbck commands.
3. Decide which users to modify and which attributes will apply to them. For example,
you might want to have users in an accounting department change their passwords
every 30 days and a classroom of students change their passwords every quarter.
48 Administering User and System Security