unretire(ADM)
unretire, chtype --
change the usertype of an account
Syntax
/tcb/bin/unretire [ -t usertype ]
users
Description
unretire
changes the usertype of an account. By default (without the -t flag)
unretire expects the accounts specified on the command line to
be currently ``retired'' and sets their type back to ``general'',
or ``pseudo'' if the account has an owner.
Specifying a usertype overrides owned accounts being unretired to
usertype ``pseudo''. The other usertypes are ``sso'', ``operator'' and ``admin''.
(See
addxusers(ADM)
for an explanation of usertypes.)
unretire can also be used to retire users by specifying a
usertype of ``retired'' (assuming the account is not already retired).
When an account is retired, the encrypted
password is set to an asterisk (), further
ensuring that the account can no longer be used. Accounts which are
logged in cannot have their usertype changed.
If no users are specified on the command line then unretire
will read standard input for account names, one per line.
unretire
uses
ale(ADM)
and the underlying chtype shell script. ale requires
the invoking user to have the auth subsystem authorization and
the chown and execsuid kernel privileges.
Exit values
unretire returns an exit status of 1 if it was interrupted.
Limitations
Because the re-use of a user account is not allowed on a C2 system,
unretire checks for REUSEUID=YES in
/etc/default/login before reactivating an account.
Currently the TCB does not distinguish between ``pseudo'', ``sso'',
``operator'' or ``admin'' usertypes. They all indicate that the account is not
intended to be logged into directly.
Files
/tcb/files/auth/?/-
Protected Password database
/tcb/lib/auth_scripts/chtype-
change type script
See also
ale(ADM),
authcap(F)
Standards conformance
unretire and chtype are not part of any
currently supported standard; they are an extension of
AT&T System V provided by The Santa Cruz Operation, Inc.
© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005