usermod(1M)

usermod -- modify a user's login information on the system

Synopsis

usermod [-u uid [-U] [-o]] [-g group] [-G group[[,group] . . .]]
[-d dir[-m]] [-s shell] [-c comment] [-l new_logname] [-f inactive]
[-e expire] [-p passgen] [-a [operator1]event[, . . .]] [-n ndsname]
login

Description

Invoking usermod modifies a user entry in the Identification and Authentication (I&A) data files. The system file entries created with this command have a limit of 512 characters per line. Specifying long arguments to several options may result in exceeding this limit.

NOTE: This command must be invoked with the -U option to change the UID on directories and files owned by the user whose UID is being changed; otherwise, the system administrator must make such changes.

The following options are available:

-u uid
New user identification number (UID). It must be a non-negative decimal integer below MAXUID as defined in sys/param.h. This option is ignored if the login is administered by the Network Information Service (NIS).

-o
This option allows the specified UID to be duplicated (non-unique). Because the security of the system in general, and the integrity of the audit trail and accounting information in particular, depends on every UID being uniquely associated with a specific individual, use of this option is discouraged (in order to maintain user accountability).

-U
This option examines a list of pathnames specified in /etc/default/usermod. Any files or directories in the specified path list that are owned by the old UID will have their ownership changed to be that of the new UID. The path list typically includes the user's home directory and mail file. This option will also disable a crontab file under the old UID, and re-enable it under the new UID. The -u option must also be specified when this option is used.

-g group
An existing group's integer ID or character-string name. It redefines the user's primary group membership. This option is ignored if the login is administered by the Network Information Service (NIS).

-G group[[,group] . . .]
One or more comma-separated list elements, each an existing group's integer ID or character string name. This list becomes the new supplementary group membership for the user, replacing any existing supplementary group list for the user. Duplicates are ignored. The list specified must be less than NGROUPS_MAX in length, as the number of supplementary groups for a user, plus the base group, may never exceed NGROUPS_MAX. This option is ignored if the login is administered by the Network Information Service (NIS).

-d dir
The new home directory of the user. This field is limited to 256 characters.

-m
Move the user's home directory to the new directory specified with the -d option. If the directory already exists, the specified login must have access to it.

-s shell
Full pathname of the program that is used as the user's shell on login. This field is limited to 256 characters. The value of shell must be a valid executable file.

-c comment
Any text string. It is generally a short description of the login, and is currently used as the field for the user's full name. This field is limited to 128 printable characters. This information is stored in the user's /etc/passwd entry.

-l new_logname
A string of characters (restricted to the set of alphanumeric characters, the period (.), underscore (_), plus (+), and minus (-) characters) that specifies the new login name of the user. It must not begin with a capital letter.

-f inactive
The maximum number of days allowed between uses of a login ID before that login ID is declared invalid. Normal values are positive integers. A value of 0 turns off inactive checking.

-e expire
The date on which a login can no longer be used; after this date, no user will be able to access this login. (This option is useful for creating temporary logins.) You may type the value of the argument expire (which is a date) in any format you like (except a Julian date). For example, you may enter ``10/6/90'' or ``October 6, 1990''. A value of ``""'' turns off expiration checking.

-p passgen
Indicates that the ``FLAG'' field in /etc/shadow is to be set to the specified value. This field is referenced by the passwd command to determine if a password generator is in effect for this user. If passgen is neither a NULL string nor a printable ASCII character, a diagnostic message is printed.

-a [operator] event(s)
Set the user's audit mask based on the event(s) specified. An operator can be specified (as + to add or - to delete) or not specified (to replace). This option is valid only if the Auditing Utilities are installed. (To find out which packages are installed on your system, run the pkginfo command.)

-n ndsname
The NetWare Directory Services (NDS) context used to authenticate the user login to the NetWare Services for UnixWare software. The ndsname supplied must be the complete name of an NDS user object (from the object itself on up through the root of the appropriate NDS tree) and can be in either typed or untyped format. For example, both

JOED.SALESNW.SALES.COMPANY

and

CN=JOED.OU=SALESNW.OU=SALES.O=COMPANY

are acceptable formats and refer to the same NDS user object. The usermod command replaces the current ndsname (as listed in the file /etc/netware/nwusers) with the one on the command line. If the ndsname given is ``""'', then the existing ndsname for login (if one exists) is removed from the /etc/netware/nwusers file. See the ``NetWare Services for UnixWare Mappings'' section.

login
A string of printable characters that specifies the existing login name of a user. It must exist and may not contain a colon (:), or a newline (\n).

If login is preceded by a ``+'' or ``-'' character, the changes will be applied to the login administered by the Network Information Service, not a local user. In this case, the -u, -g, and -G options, if specified are silently ignored. Instead, values for the user ID and group ID are taken from the NIS database.

NetWare services for unixWare mappings

The -n ndsname option can be specified (and the NetWare Services for UnixWare user mapping created) regardless of whether the NetWare Services for UnixWare package is installed. However, the mappings are used only by the NetWare Services for UnixWare software (that is, the mappings are not used by the Single Login mechanism, nor are they used when logging in to a non-NetWare Services for UnixWare server via nwlogin(1nuc) or the auto-authenticator). The usermod command issues a warning if this option is specified and hybrid user mapping has been disabled through the NetWare_Setup desktop interface or the nwcm(1Mipx) command; the mapping, however, is still saved.

The usermod command validates the format of the ndsname provided and checks to see if an entry in /etc/netware/nwuser already contains ndsname, but does not perform any other validation checks (for example, it does not perform an NDSlookup of the given context). Therefore, make sure that the ndsname you specify is a valid NDS user object context, or you will have to change it later.

Files

/etc/group
/etc/netware/nwusers
/etc/passwd
/etc/security/ia/audit (if the Auditing Utilities are installed)
/etc/security/ia/index
/etc/security/ia/master
/etc/shadow

Diagnostics

The usermod command exits with a return code of 0 if successful. In case of errors, the following messages may be displayed:

References

crontab(1), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), passwd(1), useradd(1M), userdel(1M), userls(1M), users(1bsd)
30 January 1998
© 1998 The Santa Cruz Operation, Inc. All rights reserved.