Modifying local accounts on an SGI system

Unix accounts at Pomona College are maintained in a central directory server and distributed by way of the LDAP protocol. Modern operating systems have integrated LDAP support, allowing them to to query the server directly when you log in. IRIX, therefore, has no such ability. To make DCI accounts available on SGI workstations, we run a custom program which fetches the accounts from the server and updates the /etc/passwd file and its friends.

This means that if you wish to make changes to the local password files, such as when adding a fake user for software installation, you must do it in a special way or your changes will be lost the next time the update program is run. This applies to the files /etc/passwd, /etc/shadow, and /etc/group.

To modify any of these files, look in the directory /etc/ldap_update and you will find a “header” file with a name like passwd.head. If you understand the format, you may edit this file directly with any text editor; your changes will then be preserved on subsequent server updates.

If you are accustomed to using special tools to modify these files indirectly (for example, the IRIX System Manager), you may still use these tools as you normally do, but afterwards you must make sure that these changes are copied to the /etc/ldap_update/*.head files. For example, a convenient way to copy a new user “bill” to the header files would be:

If you don’t know which lines in the configuration files have changed, you can take the shotgun approach and replace the header files completely with new copies. In this case, you must edit the header files and remove the directory accounts, or the system will break in a spectacular way.¹ Directory entries are those which have numeric UIDs greater than or equal to 24000. For example:

Repeat for the files /etc/shadow and /etc/group.