unretire, chtype -- change the usertype of an account


/tcb/bin/unretire [ -t usertype ] users


unretire changes the usertype of an account. By default (without the -t flag) unretire expects the accounts specified on the command line to be currently ``retired'' and sets their type back to ``general'', or ``pseudo'' if the account has an owner.

Specifying a usertype overrides owned accounts being unretired to usertype ``pseudo''. The other usertypes are ``sso'', ``operator'' and ``admin''. (See addxusers(ADM) for an explanation of usertypes.)

unretire can also be used to retire users by specifying a usertype of ``retired'' (assuming the account is not already retired). When an account is retired, the encrypted password is set to an asterisk (*), further ensuring that the account can no longer be used. Accounts which are logged in cannot have their usertype changed.

If no users are specified on the command line then unretire will read standard input for account names, one per line.

unretire uses ale(ADM) and the underlying chtype shell script. ale requires the invoking user to have the auth subsystem authorization and the chown and execsuid kernel privileges.

Exit values

unretire returns an exit status of 1 if it was interrupted.


Because the re-use of a user account is not allowed on a C2 system, unretire checks for REUSEUID=YES in /etc/default/login before reactivating an account.

Currently the TCB does not distinguish between ``pseudo'', ``sso'', ``operator'' or ``admin'' usertypes. They all indicate that the account is not intended to be logged into directly.


Protected Password database

change type script

See also

ale(ADM), authcap(F)

Standards conformance

unretire and chtype are not part of any currently supported standard; they are an extension of AT&T System V provided by The Santa Cruz Operation, Inc.
© 2003 Caldera International, Inc. All rights reserved.
SCO OpenServer Release 5.0.7 -- 11 February 2003