userdbset(1M)userdbset(1M)NAMEuserdbset - modify information in the user database, /var/adm/userdb
SYNOPSIS
name attr [attr]...
attr [attr]...
name]
DESCRIPTION
modifies the per-user information residing in the user database, A per-
user value in the user database overrides any system-wide default con‐
figured in See userdb(4) and security(4) for more details about the
user database and system-wide defaults, respectively.
If one or more arguments are specified on the command line, initializes
or modifies each attribute specified by attr to the specified value for
the specified user name.
Options
The following options are recognized:
Modify specified attributes for all users.
Delete attributes; the
(see security(4)) system-wide default will then
apply. If one or more attr arguments are speci‐
fied, only those attributes are deleted. Other‐
wise, if no attr arguments are specified, all con‐
figurable attributes are deleted for the specified
user name.
Import the contents of
filename into the user database. Each line in the
data file, filename, must be in the following for‐
mat: The output of is in this format and can be
used as the input file. See the example in the
section.
Remove internal attributes in addition to the configurable ones.
Internal attributes are not user configurable and
are normally modified only by programs that enforce
system security. The file indicates which
attributes are configurable and which are internal.
Initialize, modify or delete specified attributes for the speci‐
fied user
name.
Authorizations
In order to invoke the user must either be root (running with effective
uid of 0) or, if the Role-Based Access Control Extensions product
(RBACExt) is installed, have the appropriate authorization(s). Users
with the appropriate authorizations can use to add, modify or delete
security attributes for other users, but are prohibited from changing
the security attributes for local root users. Only root users can add,
modify or delete the security attributes of local root users.
Refer to rbac(5) for more information on the Role-Based Access Control
product. The following is a list of the required authorizations for
running with particular options:
Allows the user to invoke
The user will also need specific authorizations to modify or delete
the various attributes in the user database.
Allows the user to delete the per-user attribute
(attr) named in the object of the authorization pair. An object of
will allow the user to delete any attribute.
Allows the user to initialize or modify the per-user attribute
(attr) named in the object of the authorization pair. An object of
will allow the user to initialize or modify any attribute.
Allows the user to import user attributes into the user database using
the option. Users with this authorization are allowed to import
attributes for all users, including local root users.
Notes
Only users who have read and write access to can run
validates attributes and attribute values based on information in The
validation of an attribute fails if:
· Any specified attr is not listed in
· does not allow a per-user value for the attr.
· name is not a valid user.
· allows the attr only for local users, and name is not in
· The value of an attr is not within the range specified in
RETURN VALUE
exits with one of the following values:
success
invalid user
invalid usage
insufficient permission to access the user database
file system error
invalid attribute;
does not allow a per-user value
an attribute value is not within the range specified in
block overflow
entry overflow
database lock failure
database is disabled; see
userdb(4)
invalid user name
not a local user
EXAMPLES
In the following example, the first command deletes all of the config‐
urable attributes for user while retaining the internal attributes. At
this point, the system-wide defaults in apply. The second command sets
minimum password length to 7 and to 0022 (the leading zero denotes an
octal value).
The next command deletes the minimum password length, which causes the
system-wide default to be used.
The following example deletes the user-specific audit flag for all
users. The system-wide default will then apply for all users.
The following example saves the configurable attributes for all users
option) into a file, using the command. If needed, the attributes can
then be restored at a later point by importing the file with The second
command imports the configurable attributes into the user database.
FILES
user database
security defaults configuration file
security attributes description file
SEE ALSOuserdbck(1M), userdbget(1M), userdb_read(3), security(4), userdb(4),
rbac(5).
userdbset(1M)