uidadmin(1bnu)

uidadmin -- user-controlled ID map database administration

Synopsis

uidadmin [-S scheme [-l logname]]
uidadmin -S scheme -a -r g_name [-l logname]
uidadmin -S scheme -d [-r g_name] -l logname
uidadmin -S scheme [-cf]

Description

The uidadmin command is used primarily by non-privileged users to display and update entries in the user ID mapping database.

Options

The options to uidadmin have the following meanings:

-S scheme: Specify the name of the ID mapping scheme.
-l logname: Specify a local name (logname) into which the remote name maps. logname must be a valid logname on the local machine. A non-privileged user can map a remote name only to his or her own local logname; if the -l option is omitted, the user's local logname is assumed. When a privileged user maps a remote name to a non-privileged user's local logname, the -l option is required.
-a: Add a map entry. The scheme name and the remote name must be specified. A local name different from the user's logname can be specified by a privileged user.
-r g_name: Specify the remote (global) name. The format of g_name is scheme-dependent; generally, it includes a logname and a machine name.
-d: Delete a map entry. The scheme name and the local name must be specified. Specifying the remote name is optional. If only the local name is specified, all entries mapping to the local name are deleted. If a remote name is also specified, a particular map entry is deleted.
-c: Check the consistency of a map file. The -c option is intended for use by a system administrator. The scheme name must be specified. Map entries containing syntax errors and unknown lognames are displayed. Lognames are unknown if they do not exist in /etc/passwd.
-f: Fix an inconsistent map file. The -f option is intended for use by a system administrator. Entries that are out of order are sorted; map entries containing syntax errors and unknown lognames are displayed, and the system administrator is given the opportunity to change or delete them.

Files

/var/adm/log/idmap.log: log file
/etc/passwd: password file

Usage

The user ID database consists of one or more user ID map files, where each file is associated with a different authentication scheme.

Non-privileged users are limited to administering only primary attribute entries that map into their own user identities. Mapping of secondary attributes is controlled exclusively by the system administrator. The administrator of user-controlled mapping must be in group sys.

When no options are specified, uidadmin lists all schemes and for each scheme, indicates whether it is in SECURE or USER mode. A scheme in USER mode has user-controlled mapping enabled. When scheme is specified, uidadmin uses the user's real UID to determine the local logname, and reports entries in that scheme's user map file that map into the local name. When a privileged user specifies a scheme, the entire contents of the scheme's user map file are displayed.

When scheme and logname are specified with no other options, all entries in the scheme's uidata file that map into logname are reported. Only a privileged user can use this form of the command to list other users' entries.

Note that all update operations are logged (whether successful or not) in /var/adm/log/idmap.log.

Examples

The following command adds an entry to the user map file associated with scheme ns. The entry maps from the remote name our_gang:alfalfa into the user's local logname.

uidadmin -S ns -a -r our_gang:alfalfa

The following commands include the -d option. The first line deletes the entry that maps the remote name our_gang:alfalfa into local user darla. The second line deletes from the user map file all entries that map into the local name darla.

uidadmin -S ns -d -r our_gang:waldo -l darla

uidadmin -S ns -d -l darla

References

attradmin(1Mbnu), attrmap(3iac), idadmin(1Mbnu), namemap(3iac)