PreviousNext

Creating Override File Entries

To create override file entries, edit the passwd_override file and supply the override entries. The entry must identify the account (or accounts) to which the override applies by specifying one of the following keyfields:

principal_name
The name of the specific principal to which to apply the overrides. The override applies only to the account for the principal's primary name. For example, if you specify mahler as the principal name in an override entry, the overrides apply only to principal mahler's account, and not to any accounts for mahler's aliases.

principal_uid
A UNIX ID that identifies the accounts to which to apply the override if principal_name is not specified. The override is applied to all accounts for the principal that is identified by principal_uid, including any accounts for the principal's aliases. For example, suppose that principal mahler has a UNIX ID of 2195. If you specify 2195 as the key of the entry, the overrides apply to all accounts that are associated with that UNIX ID. Because a principal's primary name and aliases carry the same UNIX ID, this means that the overrides apply to accounts for the principal's primary name and all aliases.

group_uid
A UNIX ID that identifies the group to which to apply the overrides if neither principal_name nor principal_uid are specified. The overrides are applied to all accounts for all principals that are members of the identified group.

The principal_name field always acts as the keyfield and cannot be overridden. If you enter principal_name, it identifies the specific account to be overridden. The principal_uid or the group_uid field can act as the keyfield or they can act as override fields. Only one of the possible keyfields is used as a key for any one entry; the others (if entered) are used as override fields. The principal_name field takes precedence, followed by principal_uid, and finally group_uid.

For example, if you enter principal_uid and do not enter principal_name, principal_uid is used as the keyfield. If you enter principal_uid and principal_name, principal_name is used as the keyfield and principal_uid is used as an override field.

If you enter the group_uid field and do not enter any other keyfields (principal_name or principal_uid), group_uid is used as the keyfield, and the overrides apply to the accounts of all members of the group. If you enter principal_name and group_uid, principal_name is used as the keyfield, and the group affiliation of the named principal is overridden by the group that is identified by the group UNIX ID.