Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
41424344454647484950
4. Use the userdbset command to change an attribute for a user.
The per-user information is stored in a user database in the /var/adm/userdb
directory. The user database is described in the userdb(4) manpage.
You cannot use the userdbset command to configure all attributes. Some per-user
values are defined in the /etc/passwd and /etc/shadow files. For more
information, see security(4).
5. Use the userdbget command to get user information.
2.5.2.1 Examples of Defining User-Specific Attributes with userdbset
In the following example, the userdbset command deletes all user-defined attributes
for user joe. When joe logs in, the systemwide defaults in /etc/default/security
will then apply to joe.
# /usr/sbin/userdbset -d -u joe
Next, userdbset sets the minimum password length to 7 and sets UMASK to 0022
(octal 022). These changes apply only to joe.
# /usr/sbin/userdbset -u joe MIN_PASSWORD_LENGTH=7 UMASK=0022
In the next example, userdbset displays all attributes for user amy:
# /usr/sbin/userdbget -u amy
amy AUDIT_FLAG=1
amy DISPLAY_LAST_LOGIN=0
In the display, the audit flag is enabled and the last login feature is disabled for amy.
2.5.2.2 INACTIVITY_MAXDAYS and the Shadow Password File
The INACTIVITY_MAXDAYS attribute defined in the /etc/default/security file
controls whether to expire inactive accounts on a systemwide basis. To override the
systemwide default and configure INACTIVITY_MAXDAYS on a per-user basis, use the
useradd -f command or the usermod -f command. Use the userdel command
to delete the per-user configuration. See useradd(1M), usermod(1M), and userdel(1M)
manpages for more information.
You cannot use the userdbset command to configure the INACTIVITY_MAXDAYS on
a per-user basis. The INACTIVITY_MAXDAYS attribute is related to the inactivity field
of the shadow password file. The useradd and usermod commands modify the inactivity
field of the shadow password file for the specified user. See the description of
INACTIVITY_MAXDAYS in the security(4) manpage for more information.
2.5.3 Troubleshooting the User Database
Use the following procedures to troubleshoot the user database.
Problem 1: A user's security attributes seems to be misconfigured. If you suspect that
user information is misconfigured in the user database, run the following command:
2.5 Defining System Security Attributes 49