System Administration Guide
Chapter 1, Administering user accounts

Configuring database precedence and recovery

Configuring database precedence and recovery

When the Low or Traditional security profiles are configured on your system, inconsistencies between the TCB and UNIX System V database files are handled transparently without interrupting system operation. Under the higher security profiles, the TCB database files take precedence and any corruption or inconsistencies that occur result in a lockout of non-root users until the problem is corrected.

This behavior can be set independently of the security profile with the usermod(ADM) command.

To reconfigure database precedence, use this command:

usermod -D -x "{tcbDatabaseIsMaster value}"

where value is either 1 (yes) or 0 (no). If you set value to 0, the UNIX System V database files described in ``Understanding account database files'' are used as the master. The non-master database files are maintained only for consistency and are not relied upon for data used by the system.

To reconfigure how the system treats inconsistencies, use this command:

usermod -D -x "{integrityRequired value}"

where value is either 1 (lock out all users until problem is fixed) or 0 (generate warnings but do not lock out users). If set to 1, the administrator must log in on the override terminal as described in ``Using the override terminal''.

See also: