Many thanks to all who responded! This message summarizes:
(1) I reported being unable to edit existing user entries with admintool.
The problem was simply a bug in admintool. The solution was to install
patch #101384-01, which gives admintool the ability to read and modify
user entries with -1 in the expiration field. I guess nobody else is
crazy enough to give people passwords with no expiration, or else
everyone else has the patch installed...
(2) I asked about making batch changes to lots of users at once. In my
case, I wanted to change some users' group ID from one GID to another.
Almost everyone who knew, agreed that the NIS+ utilities make this job
easy. In particular, nistbladm seems the way to go, I just hadn't
stumbled across it yet. It was suggested that the man pages for
usermod, useradd, userdel, pwconv, would prove informative (and so they
are...), and even passwd has an awful lot of options of which I was
unaware.
I also received two clever-looking commands to try. I haven't had the
time to hack through them, or the courage to try them yet, with most of
our users still logged in, but I will include them here, in the
interest of expediency. If you want to "play" with them, you assume
all risks...
(bright flash) ... "oops!" ... (sound of explosion)
:-)
+-----------------------+----------------------------+-----------------+
| Sumner K Hushing III | GENERAL DYNAMICS | This space |
| hushing@gdwest.gd.COM | Space Systems Division | intentionally |
| 619-547-4542 | PO Box 85990, MZ 55-5050 | left blank |
| 619-547-5791 messages | San Diego, CA 92186-5990 | :-) |
+-----------------------+----------------------------+-----------------+
Thanks again, to the following, and any who reply in the future:
misik@alpha.dcs.fmph.uniba.sk (Andrej Misik)
David.Miner@East.Sun.COM (Dave Miner - MINERS REFUSE TO WORK AFTER DEATH)
erics@fsg.com (Eric Stone)
"rogerio@bvl.pt <rogerio@bvl.pt>" <rogerio@bvl.pt>
Leif Hedstrom <hedstrom@inf.ethz.ch>
reggie@rentec.com (Reggie Dugard)
peters@oes.amdahl.com (Peter Sivo)
Zdzislaw Meglicki <Zdzislaw.Meglicki@arp.anu.edu.au>
EXAMPLE 1 ==========================================================
This was useful before the admintool patch was available. If you
haven't patched admintool, you can't edit users who have -1 in the
expiration field. The quick hack? Blank out all the expiration
fields:
#!/bin/sh
DOMAINNAME=`domainname`
niscat passwd.org_dir.$DOMAINNAME. |
grep -v ":::::::$" |
awk 'BEGIN{ FS=":"}{ print $1 }' |
while read a
do
echo modifying shadow for $a
nistbladm -m shadow="::::::" [name=$a],passwd.org_dir.$DOMAINNAME.
done
EXAMPLE 2 =========================================================
Here's the command to replace group IDs. I tried the nisgrep line by
itself, and I see that it just generates a list of usernames with
matching group IDs. I suppose I'll bite the bullet and let it run the
nistbladm command on each of those users tonight.
#!/bin/sh
oldgid=<the gid to change>
newgid=<the new gid to replace it with>
nisgrep gid=$oldgid passwd.org_dir | cut -d':' -f1 |
while read u
do
nistbladm -m gid=$newgid [name=$u]passwd.org_dir
done
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:57 CDT