Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > U

userstat(1M)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

NAME

userstat — check status of local user accounts

SYNOPSIS

/usr/sbin/userstat [-q] -u name [parm]...

/usr/sbin/userstat [-q] -a [parm]...

DESCRIPTION

userstat checks the status of local user accounts and reports abnormal conditions, such as account locks.

If any parm arguments are specified, abnormal status is displayed only for those parameters, otherwise abnormal status is displayed for all parameters. The Parameters section describes the various parameter values that can be used for parm.

Each account with an abnormal status is displayed on a single line. Each line contains the username followed by one or more parameters, indicating what abnormal conditions exist for the account. The Parameters section describes the various parameters that can be displayed.

Options

The following options are recognized:

-a

Display the status of all users listed in /etc/passwd.

-q

(Quiet) Do not print anything to standard output. This can be used when interested only in the userstat return value.

-u name

Check the status of only the specified user name. The user must be a local user listed in /etc/passwd.

Parameters

The parameters that could be displayed to indicate abnormal account status, or that could be used with the -p option, include the following:

admlock

admlock is displayed if an administrator lock is present on the account. This lock indicates that the encrypted password in /etc/passwd or /etc/shadow begins with *. An administrator lock can be set, for example, with passwd -l.

expacct

expacct=days is displayed if the account is locked because the account expiration date has been reached. days is the number of days that the account has been expired. See the description of the expiration field in shadow(4).

exppw

exppw=days is displayed if the account's password has expired. days is the number of days that the password has been expired. days is displayed only if its value can be determined.

inactive

inactive=days is displayed if the account is locked because there have been no logins to the account for a time interval that exceeds the maximum allowed. days is the number of days that the account has been inactive. See the description of the INACTIVITY_MAXDAYS attribute in security(4).

maxtries

maxtries=num is displayed if the account is locked because the number of consecutive authentication failures exceeded the maximum allowed. num is the number of consecutive authentication failures. See the description of the AUTH_MAXTRIES attribute in security(4).

nullpw

nullpw is displayed if the account is locked because the account has a null password and is not allowed to have a null password. See the description of the ALLOW_NULL_PASSWORD attribute in security(4).

tod

tod=times is displayed if the account has a time-of-day login restriction. times defines the time periods that the user may login. See the description of the LOGIN_TIMES attribute in security(4).

Security Restrictions

Users invoking this command must have the hpux.security.check authorization. See authadm(1M).

userstat is not supported for trusted systems.

RETURN VALUE

userstat exits with one of the following values:

0

did not find abnormal status

1

found abnormal status

2

invalid usage or user not found

EXAMPLES

The following example reports all abnormal status for all local accounts.

/usr/sbin/userstat -a joe nullpw mary admlock maxtries=5

The following example shows that the account for user joe is not locked due to too many consecutive authentication failures.

/usr/sbin/userstat -q -u joe maxtries ; echo $? 0

FILES

/etc/passwd

standard password file

/etc/shadow

shadow password file

/var/adm/userdb

user database

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.