edauth - update and list authentication and capabilities
(authcap) database information (Enhanced Security)
/usr/tcb/bin/edauth [-d db] [-L | -N | -S source] [-q]
/usr/tcb/bin/edauth -g [-d db] [-L | -N | -S source]
[-q] [-t] [-v] [entryname...]
/usr/tcb/bin/edauth -s [-d db] [-L | -N | -S source]
[-R] [-t] [-U uid] [-C] [-q] [-v]
/usr/tcb/bin/edauth -r [-d db] [-L | -N | -S source]
[-q] [-v] entryname...
Specifies which database to use. Select from one of the
characters d, f, p, t, or v.
d - The system default database, /etc/auth/system/default
f - The file control database, /etc/auth/system/files
p - User profile data in the /tcb/files/auth.db,
/var/tcb/files/auth.db, and optional associated NIS
t - The terminal control database, /etc/auth/system/ttys.db
v - The terminal control database, /etc/auth/system/devassign
The user profile database (p) is the default if no
-d option is given. Gets the named entries (or
all) and prints them to standard output rather than
editing them. If the -q option is also given, the
entries are not printed, and the exit status is the
only confirmation of whether at least one entry
would have been printed if -q had not been specified.
Removes (deletes) named entries rather than
editing them. Sets new values based on pre-edited
entries read from standard input. If a new entry is
being created, the corresponding passwd entry must
be created first. If the -C option is not given,
existing entries are overwritten by the new data.
When used with -g or -s options, account template
entries are included in addition to user-profile
entries. Note that account templates do not have
passwd entries. Gives more verbose messages.
Restricts the -s option to creating new entries
only, rather than possibly overwriting existing
ones. Uses only local entries, not NIS. Uses only
NIS entries, not local. Causes new local user-profile
entries to be written to the root partition
only, no matter what the UID of the profile.
Restricts database operations to the specified data
source, as determined by the /etc/nsswitch.conf
file. Specifies the minimum general user UID.
User-profile entries with UIDs less than this value
(default of 100) are written to the root partition
in the /tcb/files/auth.db file. Profiles with uids
greater than or equal to the specified value are
written to the /var/tcb/files/auth.db file. Print
a help message and exit successfully with no further
The edauth utility displays and modifies the system
databases used by the enhanced security subsets. These
include the user profile databases and their NIS map
source files, the file control database, the terminal control
and device assignment databases, and the system
default database. Note that edauth does not alter
The edauth utility is intended for disaster-recovery situations,
since the GUIs provide a much friendlier interface.
However, for sites where X is not available, edauth
can be used for general maintenance of these databases.
If none of the -s, -g, or -r options are given, edauth
extracts each matching entry into a temporary file, and
allows the user to edit that entry. If the edited entry
has more unparsed fields than did the old copy, a warning
is given. If the -v option was given, the unparsed text
Editing and setting of entries in NIS maps is only allowed
on the NIS master host, in which case the changes are made
to the NIS map source files themselves, and a make of the
NIS maps is then performed by edauth.
The only option available to a non-root user is displaying
the publicly-accessible databases or the user's own profile.
Use of the -S source option requires that the named source
be specified by the /etc/nsswitch.conf file for the
affected database. It also requires update access to the
nsswitch--served data. This is in contrast to how -L and
-N work, since those options work to set up databases
before the relevant system daemon () is running. In all
other respects, -L is equivalent to -S files, and -N is
equivalent to -S nis.
The following environment variables can be used by edauth:
Checked for being set only, in order to determine whether
the $VISUAL environment variable should be consulted to
find an editor to use. The $TERM variable is also likely
to be used by the editor that is spawned. Checked to find
the editor to use when editing data, if the $TERM environment
variable is set. Checked to find the editor to use
when editing data. If neither the $VISUAL nor the $EDITOR
environment variable is available, edauth checks
/usr/bin/ex and /sbin/ed for execute permissions and stops
attempts to edit data if none can be found.
Other environment variables which are likely to be used:
This environment variable is checked by the
/var/yp/Makefile file when updating the NIS maps in order
to determine whether to force the NIS slave servers to
update their maps immediately (and to wait for that
To display just the wildcard entries from the ttys and
devassign databases: # edauth -g -dt '*' '*:*' # edauth -g
-dv '*' '*:*'
To display the system defaults data: # edauth -g -dd
For a non-root user to display his or her own profile: %
For a privileged user to display all user profiles: #
To display the user profile for root: # edauth -g root
To edit the entry for user root: # edauth root
To edit the ttys database entry for lat/628: # edauth -dt
To edit the NIS profile entry for user nobody: # edauth -N
An alternative way to edit the NIS profile entry for user
nobody: # edauth -S nis nobody
To add a template of cis401 to a list of user names contained
in a file named students: edauth -g `cat students`
| sed 's/:chkent:/:u_template=cis401:chkent:/' \
| edauth -s
Commands: convuser(8), convauth(8), authck(8)
Files: authcap(4), prpasswd(4), ttys(4), default(4),
devassign(4), files(4), nsswitch.conf(4)
[ Back ]