edauth(8)edauth(8)NAMEedauth - update and list authentication and capabilities (authcap)
database information (Enhanced Security)
/usr/tcb/bin/edauth [-d db] [-L | -N | -S source] [-q] [-v] entry‐
/usr/tcb/bin/edauth -g [-d db] [-L | -N | -S source] [-q] [-t] [-v]
/usr/tcb/bin/edauth -s [-d db] [-L | -N | -S source] [-R] [-t] [-U
uid] [-C] [-q] [-v]
/usr/tcb/bin/edauth -r [-d db] [-L | -N | -S source] [-q] [-v]
Specifies which database to use. Select from one of the characters d,
f, p, t, or v.
d - The system default database, /etc/auth/system/default
f - The file control database, /etc/auth/system/files
p - User profile data in the /tcb/files/auth.db,
/var/tcb/files/auth.db, and optional associated NIS map sources.
t - The terminal control database, /etc/auth/system/ttys.db
v - The terminal control database, /etc/auth/system/devassign
The user profile database (p) is the default if no -d option is
given. Gets the named entries (or all) and prints them to stan‐
dard output rather than editing them. If the -q option is also
given, the entries are not printed, and the exit status is the
only confirmation of whether at least one entry would have been
printed if -q had not been specified. Removes (deletes) named
entries rather than editing them. Sets new values based on pre-
edited entries read from standard input. If a new entry is being
created, the corresponding passwd entry must be created first.
If the -C option is not given, existing entries are overwritten
by the new data. When used with -g or -s options, account tem‐
plate entries are included in addition to user-profile entries.
Note that account templates do not have passwd entries. Gives
more verbose messages. Restricts the -s option to creating new
entries only, rather than possibly overwriting existing ones.
Uses only local entries, not NIS. Uses only NIS entries, not
local. Causes new local user-profile entries to be written to
the root partition only, no matter what the UID of the profile.
Restricts database operations to the specified data source, as
determined by the /etc/nsswitch.conf file. Specifies the mini‐
mum general user UID. User-profile entries with UIDs less than
this value (default of 100) are written to the root partition in
the /tcb/files/auth.db file. Profiles with uids greater than or
equal to the specified value are written to the
/var/tcb/files/auth.db file. Print a help message and exit suc‐
cessfully with no further processing.
The edauth utility displays and modifies the system databases used by
the enhanced security subsets. These include the user profile databases
and their NIS map source files, the file control database, the terminal
control and device assignment databases, and the system default data‐
base. Note that edauth does not alter /etc/passwd.
The edauth utility is intended for disaster-recovery situations, since
the GUIs provide a much friendlier interface. However, for sites where
X is not available, edauth can be used for general maintenance of these
If none of the -s, -g, or -r options are given, edauth extracts each
matching entry into a temporary file, and allows the user to edit that
entry. If the edited entry has more unparsed fields than did the old
copy, a warning is given. If the -v option was given, the unparsed
text is displayed.
Editing and setting of entries in NIS maps is only allowed on the NIS
master host, in which case the changes are made to the NIS map source
files themselves, and a make of the NIS maps is then performed by
The only option available to a non-root user is displaying the pub‐
licly-accessible databases or the user's own profile.
Use of the -S source option requires that the named source be specified
by the /etc/nsswitch.conf file for the affected database. It also
requires update access to the nsswitch--served data. This is in con‐
trast to how -L and -N work, since those options work to set up data‐
bases before the relevant system daemon () is running. In all other
respects, -L is equivalent to -S files, and -N is equivalent to -S nis.
The following environment variables can be used by edauth: Checked for
being set only, in order to determine whether the $VISUAL environment
variable should be consulted to find an editor to use. The $TERM vari‐
able is also likely to be used by the editor that is spawned. Checked
to find the editor to use when editing data, if the $TERM environment
variable is set. Checked to find the editor to use when editing data.
If neither the $VISUAL nor the $EDITOR environment variable is avail‐
able, edauth checks /usr/bin/ex and /sbin/ed for execute permissions
and stops attempts to edit data if none can be found.
Other environment variables which are likely to be used: This environ‐
ment variable is checked by the /var/yp/Makefile file when updating the
NIS maps in order to determine whether to force the NIS slave servers
to update their maps immediately (and to wait for that update).
To display just the wildcard entries from the ttys and devassign data‐
bases: # edauth-g -dt '*' '*:*' # edauth-g -dv '*' '*:*'
To display the system defaults data: # edauth-g -dd
For a non-root user to display his or her own profile: % edauth-g
For a privileged user to display all user profiles: # edauth-g
To display the user profile for root: # edauth-g root
To edit the entry for user root: # edauth root
To edit the ttys database entry for lat/628: # edauth-dt lat/628
To edit the NIS profile entry for user nobody: # edauth-N nobody
An alternative way to edit the NIS profile entry for user nobody: #
edauth-S nis nobody
To add a template of cis401 to a list of user names contained in a file
named students: edauth-g `cat students` \
| sed 's/:chkent:/:u_template=cis401:chkent:/' \
Commands: convuser(8), convauth(8), authck(8)
Files: authcap(4), prpasswd(4), ttys(4), default(4), devassign(4),