NAME
userstat — check status of local user accounts
SYNOPSIS
/usr/sbin/userstat
[-q]
-u name
[parm]...
/usr/sbin/userstat
[-q]
-a
[parm]...
DESCRIPTION
userstat
checks the status of local user accounts and
reports abnormal conditions, such as account locks.
If any
parm
arguments are specified, abnormal status is displayed only for those
parameters, otherwise abnormal status is displayed for all parameters.
The
Parameters
section describes the various parameter values that can be used for
parm.
Each account with an abnormal status is displayed on a single line.
Each line contains the username followed by one or more parameters,
indicating what abnormal conditions exist for the account.
The
Parameters
section describes the various parameters that can be displayed.
Options
The following options are recognized:
- -a
Display the status of all users listed in
/etc/passwd.
- -q
(Quiet) Do not print anything to standard output.
This can be used when interested only in the
userstat
return value.
- -u name
Check the status of only the specified user
name.
The user must be a local user listed in
/etc/passwd.
Parameters
The parameters that could be displayed to indicate abnormal
account status, or that could be used with the
-p
option, include the following:
- admlock
admlock
is displayed if an administrator lock is present on the account.
This lock indicates that the encrypted password in
/etc/passwd
or
/etc/shadow
begins with
*.
An administrator lock can be set, for example, with
passwd -l.
- expacct
expacct=days
is displayed if the account is locked because the account expiration
date has been reached.
days
is the number of days that the account has been expired.
See the description of the
expiration
field in
shadow(4).
- exppw
exppw=days
is displayed if the account's password has expired.
days
is the number of days that the password has been expired.
days
is displayed only if its value can be determined.
- inactive
inactive=days
is displayed if the account is locked because there have been no logins
to the account for a time interval that exceeds the maximum allowed.
days
is the number of days that the account has been inactive.
See the description of the
INACTIVITY_MAXDAYS
attribute in
security(4).
- maxtries
maxtries=num
is displayed if the account is locked because the number of
consecutive authentication failures exceeded the maximum allowed.
num
is the number of consecutive authentication failures.
See the description of the
AUTH_MAXTRIES
attribute in
security(4).
- nullpw
nullpw
is displayed if the account is locked because the account has
a null password and is not allowed to have a null password.
See the description of the
ALLOW_NULL_PASSWORD
attribute in
security(4).
- tod
tod=times
is displayed if the account has a time-of-day login restriction.
times
defines the time periods that the user may login.
See the description of the
LOGIN_TIMES
attribute in
security(4).
Security Restrictions
Users invoking this command must have the
hpux.security.check
authorization.
See
authadm(1M).
userstat
is not supported for trusted systems.
RETURN VALUE
userstat
exits with one of the following values:
- 0
did not find abnormal status
- 1
found abnormal status
- 2
invalid usage or user not found
EXAMPLES
The following example reports all abnormal status for all local accounts.
/usr/sbin/userstat -a
joe nullpw
mary admlock maxtries=5
The following example shows that the account for user
joe
is not locked due to too many consecutive authentication failures.
/usr/sbin/userstat -q -u joe maxtries ; echo $?
0
FILES
- /etc/passwd
standard password file
- /etc/shadow
shadow password file
- /var/adm/userdb
user database
Printable version
