uidadmin(1bnu)
uidadmin --
user-controlled ID map database administration
Synopsis
uidadmin [-S scheme [-l logname]]
uidadmin -S scheme -a -r g_name [-l logname]
uidadmin -S scheme -d [-r g_name] -l logname
uidadmin -S scheme [-cf]
Description
The uidadmin
command is used primarily by non-privileged users to display and update
entries in the user ID mapping database.
Options
The options to uidadmin have the following meanings:
-S scheme-
Specify the name of the ID mapping scheme.
-l logname-
Specify a local name (logname) into which the remote name maps.
logname must be a valid logname on the local machine.
A non-privileged user can map a remote name only to his or her own
local logname; if the -l option is omitted, the user's
local logname is assumed.
When a privileged user maps a remote name to a non-privileged
user's local logname, the -l option is required.
-a-
Add a map entry.
The scheme name and the remote name must be specified.
A local name different from the user's logname can be specified by a privileged user.
-r g_name-
Specify the remote (global) name.
The format of g_name is scheme-dependent;
generally, it includes a logname and a machine name.
-d-
Delete a map entry.
The scheme name and the local name must be specified.
Specifying the remote name is optional.
If only the local name is specified, all entries mapping to
the local name are deleted.
If a remote name is also specified, a particular map entry is deleted.
-c-
Check the consistency of a map file.
The -c option is intended for use by a system administrator.
The scheme name must be specified.
Map entries containing syntax
errors and unknown lognames
are displayed.
Lognames are unknown if they do not exist in /etc/passwd.
-f-
Fix an inconsistent map file.
The -f option is intended for use by a system administrator.
Entries that are out of order are sorted;
map entries containing syntax
errors and unknown lognames are
displayed, and the system administrator is given the opportunity to change or delete
them.
Files
/var/adm/log/idmap.log-
log file
/etc/passwd-
password file
Usage
The user ID database consists of one or more
user ID map files, where each file is
associated with a different authentication scheme.
Non-privileged users are limited to administering only primary
attribute entries that map into their own user identities.
Mapping of secondary attributes is controlled
exclusively by the system administrator.
The administrator of user-controlled mapping must be in group sys.
When no options are specified, uidadmin lists all
schemes and for each scheme, indicates whether it is in SECURE
or USER mode.
A scheme in USER mode has user-controlled
mapping enabled.
When scheme is specified, uidadmin
uses the user's real UID
to determine the local logname, and reports entries
in that scheme's user map file that map into the local name.
When a privileged user specifies a scheme, the entire contents of the scheme's
user map file are displayed.
When scheme and logname are specified with no other
options,
all entries in the scheme's uidata file that map into logname
are reported.
Only a privileged user can use this
form of the command to list other users' entries.
Note that all update operations are logged (whether successful or not)
in /var/adm/log/idmap.log.
Examples
The following command adds an entry to the
user map file associated with scheme ns.
The entry maps from the remote name our_gang:alfalfa into the user's
local logname.
uidadmin -S ns -a -r our_gang:alfalfa
The following commands include the -d option.
The first line deletes the entry that maps the remote name
our_gang:alfalfa into local user darla.
The second line deletes from the user map file all entries that
map into the local name darla.
uidadmin -S ns -d -r our_gang:waldo -l darla
uidadmin -S ns -d -l darla
References
attradmin(1Mbnu),
attrmap(3iac),
idadmin(1Mbnu),
namemap(3iac)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004