EDRGY(8) Domain/OS BSD EDRGY(8)
NAME
edrgy - edit the network registry database
SYNOPSIS
/etc/edrgy [ -a | -p | -g | -o ] [ -l ] [ -s //site ] [ -synch ] [ -v ]
DESCRIPTION
The edrgy tool views and edits information in the registry database. You
can invoke edrgy from any node.
Though anyone can read information in the registry database, you can
usually change information only if you own the affected database entries.
For example, only the owner of a group can add a name to the group's
membership list.
With edrgy, you can edit and view names, accounts, and policies in the
network registry, as well as entries in the local registry. The tool
operates in one of four domains: person names, group names, organization
names, and accounts.
OPTIONS
You can specify only one of -a, -p, -g, and -o.
-a (default)
Edit or view accounts.
-p Edit or view persons.
-g Edit or view groups.
-o Edit or view organizations.
-l Edit or view entries in local registry.
-s Use the specified registry site.
-synch Synchronize local registry with network registry.
-v View selected entries.
Unless you specify the -v option, edrgy operates interactively. The
following sections describes the commands you can enter in the
interactive mode.
COMMANDS FOR PERSONS, GROUPS, AND ORGANIZATIONS
v[iew] [ name | number ] [ -f ] [ -m ] [ -po ]
View name entries.
If you specify a number, edrgy displays all matching entries,
including any aliases.
The -f option displays entries in full (all fields except the
membership list and organization policy).
If you are viewing groups or organizations, -m displays the
membership list. For persons, -m lists all groups of which the
person is a member, including groups that cannot appear in a
project list.
If you specify -po while viewing organizations, edrgy displays
policy information. Otherwise, it shows only the name and the
UNIX number.
a[dd] [ person number [ fullname ] [ -al ] [ -o owner ] ]
a[dd] [ group number [ fullname [ password ] ] [ -nl ] [ -o owner ] ]
a[dd] [ organization number [ fullname [ password ] ] [ -o owner ] ]
Create a new name entry.
If you do not specify a person, group, or organization name,
the add command enters an interactive mode and prompts you for
each field in the entry. If you are adding organizations in
the interactive mode, the command prompts you for policy
information as well.
Specify the owner as a person.group.organization triplet. You
can use % as a wildcard for any or all of the components. If
you do not use the -o option, edrgy assigns the default owner,
which you can set or display with the defaults command.
For persons, the -al option creates an alias entry. If number
(the UNIX number) is already assigned to a person and you do
not specify -al, an error occurs and you must either choose a
different number or specify -al. If you use -al to create an
alias and number is not already associated with a primary name,
edrgy issues a warning but creates the alias.
For groups, the -nl flag indicates that the group is not to be
included on project lists; omitting this flag allows the group
to appear on project lists.
For groups and organizations, a space between quotation marks
indicates a nil password.
Use quotation marks to embed spaces (or quotation marks) in a
fullname. A single space between quotation marks indicates a
nil fullname.
c[hange] [ person [ -n name ] [ -u number ] [ -f fullname ] [ -o owner ]
[ -al | -pr ] ]
c[hange] [ group [ -n name ] [ -u number ] [ -f fullname ] [ -o owner ]
[ -p password ] [ -nl | -l ] ]
c[hange] [ organization [ -n name ] [ -u number ] [ -f fullname ] [ -o
owner ]
[ -p password ] ]
Change a name entry.
If you do not specify a person, group, or organization name,
the change command enters an interactive mode and prompts you
for a name. If you do not specify any fields, the command
prompts you for each field in succession. To leave a field
unchanged, press <RETURN> at the prompt. If you are changing
organization entries in the interactive mode, the command
prompts you for policy information as well.
For person entries, the -al flag changes a primary name into an
alias, while the -pr flag changes an alias into a primary name.
This change can be made only from the command line, not in the
interactive mode.
For group entries, the -nl flag disallows the group from
appearing in project lists, while the -l flag allows the group
to appear in project lists.
For organization entries, you can change policy information
only in the interactive mode.
A single space between quotation marks indicates a nil fullname
or password.
Specify the owner as a person.group.organization triplet. You
can use % as a wildcard for any or all of the components.
Changes to a person name are reflected in membership lists that
contain the person name. For example, if the person ludwig is
a member of the group composers and the person name is changed
to louis, the membership list for composers is automatically
changed to include louis but not ludwig.
Changes to number (the UNIX number) cause the operating system
to change its mapping of the UID, the primary name, and any
aliases from the old number to the new one. However, files
owned by the old number do not automatically show the new
number as their owner.
The only fields of reserved entries that you can change are the
fullname, the password, the owner, and (for groups) the
property that allows a group to appear in project lists. If a
reserved group is allowed to appear in project lists, you can
disallow it; but if the group is disallowed, you cannot allow
it.
m[ember] [ group | organization [ -a member_list ] [-r member_list ] ]
Edit the membership list for a group or organization.
If you do not specify a group or organization, the member
command enters an interactive mode and prompts you for names to
add or remove.
The -a flag precedes the person names (separated by spaces) to
be added to the membership list, while the -r flag precedes
those to be removed. If you do not include either flag on the
command line, edrgy prompts you for names to add or remove.
Adding a person to a membership list permits creation of a
login account for that person with that group or organization.
Removing person from the membership list for group has the side
effect of deleting all login accounts of the form person.group,
and likewise for organizations.
del[ete] { person | group | organization }
Delete a name entry.
You cannot delete reserved names. Deleting a group or
organization has the side effect of deleting any accounts with
that group or organization.
adopt uid_high.uid_low person number [ fullname ] [ -o owner]
adopt uid_high.uid_low group number [ password [ fullname ] ] [ -nl ] [
-o owner]
adopt uid_high.uid_low organization number [ password [ fullname ] ] [ -o
owner]
Create a primary name entry for the specified UID.
The UID must be an orphan (a UID for which no name exists in
any domain). The uid_high and uid_low are hexadecimal numbers.
An error occurs if you specify a name or UNIX number that is
already defined within the same domain of the database.
A single space between quotation marks indicates a nil fullname
or password.
Specify the owner as a person.group.organization triplet. You
can use % as a wildcard for any or all of the components. If
you do not use the -o option, edrgy assigns the default owner,
which you can set or display with the defaults command.
COMMANDS FOR ACCOUNTS
In all of the account operations, the account argument is a
person.group.organization triplet such as jones.graphics.research.
Unless otherwise specified, any or all of the components can be the
wildcard character, %. For example, view %.dev.% views all accounts
associated with the group dev.
In an account argument, if you omit a trailing organization (or
group.organization), % (or %.%) is assumed. Thus, keats.%.%, keats.%,
and keats are equivalent.
v[iew] [ account] [ -f]
Display login accounts specified by the account pgo (person,
group, organization) triplet.
Without the -f flag, view displays only the user fields in each
account entry: abbreviated account S encrypted password,
miscellaneous information, home directory, and login shell.
With -f, view displays the full entry, including the
administrative fields as well as the user fields.
Administrative information includes who created the account,
when it was created, who last changed it, when it was last
changed, when it expires, whether it is valid, whether the
password is valid, and when the password was last changed.
a[dd] [ account [ -a { p | pg | pgo } ] [ password [ misc [ homedir [
shell ] ] ] ]
[ -pnv ] [ -x account_exp | none] [ -anv ] ]
Create a login account.
Specify account as a pgo triplet. Wildcards are not allowed.
If you do not supply an account on the command line, add enters
an interactive mode and prompts you for each field in
succession.
If the person specified in account is not already a member of
the specified group and/or organization, edrgy automatically
attempts to add the person to the membership lists. If you are
not an owner of the group and/or organization, the attempt will
fail and the account will not be created.
The -a flag indicates the degree of abbreviation allowed for
login: p means that only the person is required; pg means the
person and the group; pgo means that all three components of
the account SID are required. (Of course, a user can always
supply more components than are required.) If the abbreviation
you specify is already defined for another account, edrgy
automatically uses the shortest unique abbreviation and issues
a warning.
For example, if you create an account babar.elephants.none with
the abbreviation p, a user need only enter babar at the login
prompt to use the account. If you then create an account
babar.kings.none, the p abbreviation will conflict with the
existing account, so the pg abbreviation, babar.kings, will be
the shortest unique one.
Omitting the -a is equivalent to specifying -a p and results in
use of the shortest unique abbreviation.
The password must adhere to the policy of the associated
organization or the policy of the registry as a whole,
whichever is more restrictive.
The misc field is not used by the operating system. The gecos
field of each account's entry in the /etc/passwd file is the
concatenation of the person's full name and the account's misc.
Use quotes to include spaces, hyphens, or quotes in misc.
The homedir and shell are pathnames. The default homedir is /.
The default shell is the null string.
Use a single space between quotation marks to indicate a nil
password, misc_info, homedir, or shell.
The -pnv (password not valid) flag specifies that at the next
login (for a newly created account, the first login), the user
must change the password. If you omit this option, the
password is valid.
The -x flag sets an expiration date for the account; the
default is none.
The -anv (account not valid) flag specifies that the account is
not currently valid for login. If you omit this option, the
account is valid.
c[hange] [ account [ -n new_account ] [ -a { p | pg | pgo } ]
[ -p password ] [ -m misc ] [ -h homedir ] [ -s shell ]
[ -pnv | -pv ] [ -x account_exp | none] [ -anv | -av ]
Change one or more account entries.
Specify account as a pgo triplet. Wildcards are allowed,
unless you use the -n option. If you do not supply an account
on the command line, change enters an interactive mode and
prompts you for each field in succession. Press <RETURN> to
leave a field unchanged.
The command line arguments are largely the same as those of the
add command. The -n flag enables you to change the account SID
to new_account, a pgo triplet that cannot contain wildcards.
The -pv flag specifies that the password is valid. The -av
flag specifies that the account is valid.
You can enter a single space between quotation marks to
indicate a nil password, misc, homedir or shell.
del[ete] account
Delete the entry for account, a pgo triplet that cannot contain
wildcards.
MISCELLANEOUS COMMANDS
do[main] [ p | g | o | a ]
Change or display the type of registry information being viewed
or edited.
You can specify p for persons, g for groups, o for
organizations, or a for accounts. If you supply no argument,
edrgy displays the current domain.
s[ite] [ //site ] [ -l ]
Change or display the registry site being viewed or edited.
If you specify a //site, edrgy attempts to use the registry
server at the named site. If you specify -l, edrgy uses the
local registry. If you supply no argument, edrgy displays the
current site.
prop[erties]
Change and/or display the registry properties and policies.
This command prompts you for any changes to make. Press
<RETURN> to leave information unchanged.
synch[ronize]
Update the local registry to match the master registry.
If a matching entry cannot be retrieved from the network
registry, the local entry is marked invalid for login, and its
UNIX numbers are updated.
co[py] [ account ]
Copy information for the specified accounts from the master
registry to the local registry.
The account is a pgo triplet that can contain wildcards;
trailing wildcard components can be omitted. If a matching
account already exists in the local registry, edrgy updates the
information to match that in the master registry; otherwise,
edrgy adds the entry. If all entries in the local registry are
used, copy reports an error and terminates.
def[aults]
Change and/or display the default values that edrgy uses.
h[elp] [ command ]
Display usage information for edrgy.
If you do not specify a particular command, edrgy lists the
available commands.
q[uit]
Exit edrgy.
COMMANDS VALID FOR THE LOCAL REGISTRY
To edit or view the local registry, use the -l flag when you invoke
edrgy. This section lists the commands that are valid for editing or
viewing the local registry. Unless otherwise specified, all options are
as described in the previous command descriptions.
v[iew] [ name | number ] [ -f ] [ -po ]
View name entries. (The -m option is not valid.)
v[iew] [ account] [ -f]
Display specified login accounts.
c[hange] [ account [ -a { p | pg | pgo } ] [ -m misc ] [ -h homedir ] [ -anv ]
Change one or more account entries. (The -p, -s, -pnv, -pv,
-x, and -av options are not valid.)
del[ete] account
Delete an account entry.
do[main] [ p | g | o | a ]
Change or display the type of registry information being viewed
or edited.
s[ite] [ //site ] [ -l ]
Change or display the registry site being viewed or edited.
prop[erties]
Change and/or display the registry properties and policies.
synch[ronize]
Update the local registry to match the master registry.
co[py] [ account ]
Copy information for the specified accounts from the master
registry to the local registry.
def[aults]
Change and/or display the default values that edrgy uses.
h[elp] [ command ]
Display usage information for edrgy.
q[uit]
Exit edrgy.