Administering user accounts

Configuring database precedence and recovery

When the Low or Traditional security profiles are configured on your system, inconsistencies between the TCB and UNIX System V database files are handled transparently without interrupting system operation. Under the higher security profiles, the TCB database files take precedence and any corruption or inconsistencies that occur result in a lockout of non-root users until the problem is corrected.

This behavior can be set independently of the security profile with the usermod(ADM) command.

To reconfigure database precedence, use this command:

usermod -D -x "{tcbDatabaseIsMaster value}"

where value is either 1 (yes) or 0 (no). If you set value to 0, the UNIX System V database files described in ``Understanding account database files'' are used as the master. The non-master database files are maintained only for consistency and are not relied upon for data used by the system.

To reconfigure how the system treats inconsistencies, use this command:

usermod -D -x "{integrityRequired value}"

where value is either 1 (lock out all users until problem is fixed) or 0 (generate warnings but do not lock out users). If set to 1, the administrator must log in on the override terminal as described in ``Using the override terminal''.

See also:

Next topic: Editing the /etc/passwd file
Previous topic: Understanding account database files

© 2007 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 05 June 2007