HPE Community
Operating System - HP-UX
1843946 Members
2157 Online
110226 Solutions
New Discussion

Modifying a user questions

 
dictum9
Super Advisor

‎11-29-2005 06:58 AM

‎11-29-2005 06:58 AM

Modifying a user questions


What exactly happens when a user gets modified with SAM?
I need to change the user name from one login to another and:
(1) I modify it in SAM
(2) Run vipw and change the home directory to new username
(3) rename the home directory from old login to new login

Is there a way to script the whole thing?
0 Kudos
Reply
21 REPLIES 21
Jeff_Traigle
Honored Contributor

‎11-29-2005 07:02 AM

‎11-29-2005 07:02 AM

Re: Modifying a user questions

I'm not sure what SAM does, but this is a simple one-liner from the command line.

usermod -l newusername oldusername

That's the basic one for just changing the username. You can use -m to create the new home directory also. Several other options for changing the shell, GECOS field, UID, etc. See usermod(1M).
--
Jeff Traigle
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-29-2005 07:02 AM

‎11-29-2005 07:02 AM

Re: Modifying a user questions

Yes, of course there is a way to script the whole thing. However, it matters whether or not this is a trusted system as to exactly what happens. The key to your task is the usermod command which will work in both Trusted abnd unTrusted environments. Man usermod for details.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-29-2005 07:04 AM

‎11-29-2005 07:04 AM

Re: Modifying a user questions

BTW... the man page says -m option moves the home directory. That's not really accurate from my experience with the command. It copies the contents of the old home directory into the new one and modifies /etc/passwd accordingly, but the old home directory remains and you must remove it manually if so desired to clean up.
--
Jeff Traigle
0 Kudos
Reply
dictum9
Super Advisor

‎11-29-2005 07:39 AM

‎11-29-2005 07:39 AM

Re: Modifying a user questions

Thank you... Another question.

I want to set password aging to 90 days and prompt for password change upon login.

I am looking at modprpw and it has these options, what's the difference?

exptm=value database u_exp=(value*86400).

Set password expiration time interval (days).
0 = expired. Same as non-trusted mode
maximum time.

lftm=value database u_life.

Set password life time interval (days). 0 =
infinite.
0 Kudos
Reply
dictum9
Super Advisor

‎11-29-2005 07:49 AM

‎11-29-2005 07:49 AM

Re: Modifying a user questions



How do I make the system prompt the user for a new password with the next login?

In SAM, it is called immediate password change.

0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-29-2005 07:51 AM

‎11-29-2005 07:51 AM

Re: Modifying a user questions

You "age" the password via the "passwd -f login" command. Man passwd for details.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-29-2005 07:58 AM

‎11-29-2005 07:58 AM

Re: Modifying a user questions

Set the maximum password time:

/usr/lbin/modprpw -m exptm=90 username

Expire immediately:

/usr/lbin/modprpw -e username

Set password to random value (user forced to change on next login):

/usr/lbin/modprpw -x username
--
Jeff Traigle
0 Kudos
Reply
Raj D.
Honored Contributor

‎11-29-2005 08:03 AM

‎11-29-2005 08:03 AM

Re: Modifying a user questions

Hi etc ,

You can also set the password age , with SAM.

SAM --> Accounts for Users and Groups -> Users --> Select user --> Action --> Modify --> Modify Password Options --> Select " Password Options: " to : Enable Password Aging.

And you will get the following options:


Password Options: [ Enable Password Aging ]


Password Expiration Time (1-63 weeks):

Minimum Time Between Password Changes (0-63 weeks): 0

[ ] Force Password Change At Next Login


Enjoy ,

hth,
Raj.
" If u think u can , If u think u cannot , - You are always Right . "
0 Kudos
Reply
dictum9
Super Advisor

‎11-29-2005 09:25 AM

‎11-29-2005 09:25 AM

Re: Modifying a user questions

passwd -x

rounds it up to the week, ie. passwd -x 60 results in the actual value being set to 63 if checked in sam. How can I override that?
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-29-2005 09:28 AM

‎11-29-2005 09:28 AM

Re: Modifying a user questions

You can't. That's the way it works.
--
Jeff Traigle
0 Kudos
Reply
dictum9
Super Advisor

‎11-29-2005 09:33 AM

‎11-29-2005 09:33 AM

Re: Modifying a user questions

In other words, if I want the precise value of say 60 says for password expiration, I have to use SAM?

0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-29-2005 09:33 AM

‎11-29-2005 09:33 AM

Re: Modifying a user questions

Let me restate that... the passwd man page seems to indicate that behavior is what to expect from a nontrusted system. It doesn't explicitly say that it behaves differently on a trusted system, however. "/usr/lbin/modprpw -e exptm=60 username" will set the expiration period to exactly 60 days.
--
Jeff Traigle
0 Kudos
Reply
dictum9
Super Advisor

‎11-29-2005 09:35 AM

‎11-29-2005 09:35 AM

Re: Modifying a user questions



I did -m exptm=60 but when I looked in sam, the old value was still there... Is that -m option equivalent to password -x?
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-29-2005 09:35 AM

‎11-29-2005 09:35 AM

Re: Modifying a user questions

Oops... sorry about a typo in that last message. The command is:

/usr/lbin/modprpw -m exptm=60 username
--
Jeff Traigle
0 Kudos
Reply
dictum9
Super Advisor

‎11-29-2005 09:53 AM

‎11-29-2005 09:53 AM

Re: Modifying a user questions

That seems to work.. thank you.
0 Kudos
Reply
dictum9
Super Advisor

‎11-30-2005 01:14 AM

‎11-30-2005 01:14 AM

Re: Modifying a user questions


I am still having problems. I ran the following command

/usr/lbin/modprpw -m exptm=60

but when I checked in SAM, where it says:

Set user-specific password aging policies ...

the following field was not modified.

Password Expiration Time (days): 60


Why is this happening and what can be done about it?

0 Kudos
Reply
dictum9
Super Advisor

‎11-30-2005 01:15 AM

‎11-30-2005 01:15 AM

Re: Modifying a user questions

PS in the above example, the two values are the same (60) but in SAM, it stayed 60 no matter what value I used on the command line.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-30-2005 01:33 AM

‎11-30-2005 01:33 AM

Re: Modifying a user questions

Shalom etc,

Suggestion.

After doing something in sam, take a look at the commands that it used.

You may see some differences between what you were doing on the command line and what sam does.

options
view SAM log
choose commands only.

This will help you learn and is quite useful when it comes time to create a script.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-30-2005 01:40 AM

‎11-30-2005 01:40 AM

Re: Modifying a user questions

Seemed to work ok for me just now. Are you completely exiting the "Modify User's Security Policies" window? If you don't, the information is not refreshed from the changes you make with modprpw at the command line.
--
Jeff Traigle
0 Kudos
Reply
Jeff_Traigle
Honored Contributor

‎11-30-2005 01:44 AM

‎11-30-2005 01:44 AM

Re: Modifying a user questions

One more thing... I noticed SAM enforces that Password Life Time (lftm) greater than or equal to Password Expiration Time (exptm). modprpw doesn't enforce that rule. I haven't seen an explanation of what the Password Life Time parameter is though so not sure what ramifications exist if it's less than the Password Expiration Time.
--
Jeff Traigle
0 Kudos
Reply
dictum9
Super Advisor

‎11-30-2005 01:55 AM

‎11-30-2005 01:55 AM

Re: Modifying a user questions

Thank you. SAM log is the answer. I cut-and-paste its line into comnmand line and it worked wonderfully.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.