There are basically three types of user groups in aix
1.system-defined user group
2.system
3. staff
system defined users are having user identifier(UID) below 200.we can't login using these users.
root user(superuser) is having UID 1 by default.
all the users that we are creating will have default UID greater than 200.
In aix root is superuser, he can do anything .
"system "group users are also having some administrative priviledge .ex. it can't create user.
what is UID?
UID is called user identifier. this is unique for each user.
whenever we are creating any user,system will automatically generate a UID for that user
. you can also define yours own UID while creating.
how to create group?
for creating group use ....#smit mkgroup
for removing group ----#smit rmgroup
for changing group attributes use ....# smit chgroup
*By default when we are creating any user, UID and GID will be same.
#mkuser abhi
# ls -l /home/abhi
suppose i am creating one user abhi, by default a directory named"abhi" will be created in /home..
/home/abhi is our home directory. any files or directories that abhi is creating will be saved here.
while creating user we can define our own home directory also and also can change later.
creating user
for creating user "mkuser command is used.kindly assign the password also same time.
here we are creating normal user (i.e. member of staff group)
#mkuser abhi
#passwd abhi
after that try to run,
#ls -l /home|grep abhi
drw-rw-rw- 2 abhi staff ......................
staff is the primary group of this user.
here we are creating admin user(i.e. member of system group)
#mkuser -a ashu
#passwd ashu
again try to run
#ls -l /home|grep ashu
drw-rw-rw- 2 ashu system ................
here ,system is the primary group
you can use smit also for creating users.
#smit mkuser.
listing user attributes
for listing user attributes lsuser command is used.
#lsuser -ALL
it will list details of all the users
#lsuser abhi
it will list the attributes of user abhi
changing the attributes of user
#chuser su=false abhi
setting the su parameter to false
#chuser shell=/bin/csh abhi
changing the login shell
#chuser home=/back/abhi abhi
changing the home directory.
you can also use
#smit chuser
removing the user account
rmuser is used to remove the user account in aix
#rmuser abhi
it will remove the user but will not remove the password attributes that are stored on passwords file
#rmuser -p abhi
it will remove user and its associated password attributes from
/etc/passwd and /etc/security/passwd files
* when we run mkuser command it calls "/usr/lib/security/mkuser.sys" shell script which customizes the new user account using the parameters defined in "/usr/lib/security/mkuser.default" file.
content of /usr/lib/security/mkuser.default
# cat /usr/lib/security/mkuser.default
user:
pgrp = staff
groups = staff
shell = /usr/bin/ksh
home = /home/$USER
admin:
pgrp = system
groups = system
shell = /usr/bin/ksh
home = /home/$USER
whenever you are creating normal user(using #mkuser ashu), it will take user parameter from above file.and whenever you are creating user using (#mkuser -a aks)it will take admin parameter.
*****try to edit this file and change the pgrp to system in user's stanza. then you create a normal user, and notice the difference.**********
/etc/security/user-- this file contains the extended attributes of user.using this file only we are controlling password.length,password expiry,password length.
content of /etc/security/user
#cat /etc/security/user
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 022
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =
root:
admin = true
SYSTEM = "compat"
registry = files
loginretries = 0
account_locked = false
abhi:
admin = true
admgroups = system
minlen = 4
minalpha = 1
maxrepeats = 3
* you can set the complexity if assigning the user password by defining using smit.
minalpha=3
maxrepeat=2
minlen=6
here we are defining that our password must contain atleast 3 alphabet,we can't repeat any alphabet or number more than 2 times and our password length should be atleast of 6 characters.
/etc/passwd-- list the basic attributes of users
in password attribute field if:
* is there then, that user is invalid
if ! is there , then it is valid user
content of /etc/passwd file
# cat /etc/passwd
root:!:0:0::/:/bin/bsh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
lp:*:11:11::/var/spool/lp:/bin/false
invscout:*:6:12::/var/adm/invscout:/usr/bin/ksh
snapp:*:200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
ipsec:*:201:1::/etc/ipsec:/usr/bin/ksh
nuucp:*:7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
ashu:!:207:1::/home/ashu:/usr/bin/ksh
abhish:!:204:1::/home/abhish:/usr/bin/ksh
ex:!:8:0::/ambar/ex:/usr/bin/ksh
/etc/security/passwd --it contains the password information of the user.
users who have invalid password(*) in /etc/passwd will not have entry in this file.
content of /etc/security/passwd
# cd /etc/security
# cat passwd
root:
password = 85tnC0rb2lxn.
lastupdate = 1296302793
flags =
daemon:
password = *
bin:
password = *
sys:
password = *
adm:
password = *
ashu:
password =
lastupdate = 1302130037
flags = ADMCHG
/etc/security/login.cfg -- this file contains the details of configuration information for login and user information
content of /etc/security/login.cfg
#cat /etc/security/login.cfg
default:
sak_enabled = false
logintimes =
logindisable = 0
logininterval = 0
loginreenable = 0
logindelay = 0
usw:
shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd
maxlogins = 32767
logintimeout = 60
auth_type = STD_AUTH
/etc/security/limits -- this file contains details about the process resource limits for each user.
content of /etc/security/limits
# cat /etc/security/limits
default:
fsize = 2097151
core = 2097151
cpu = -1
data = 262144
rss = 65536
stack = 65536
nofiles = 2000
abhi:
fsize = -1
core = 2097151
cpu = -1
data = 262144
rss = 65536
stack = 65536
nofiles = 2000
you can also change the parameters by directly editting the above file.
if you are setting any parameter to unlimited you edit that to -1.
etc/security/lastlog --------this file contains details about the last login attributes for the user.
/etc/group --- contains basic attributes of the group.
/etc/security/group -- contains extended attributes of groups
$HOME/.profile ---- environment setting for that user.
/var/adm/wtmp ---- contains connect-time accounting
/etc/utmp .. contains the record of user logged into the system. who command reads this file.
*for editting the files in /etc/security directory we are using the "chsec" command
#chsec -f /etc/security/user -s abhi -a su=true.
here,
-f for file
-s for stanza
-a for attribute
1.system-defined user group
2.system
3. staff
system defined users are having user identifier(UID) below 200.we can't login using these users.
root user(superuser) is having UID 1 by default.
all the users that we are creating will have default UID greater than 200.
In aix root is superuser, he can do anything .
"system "group users are also having some administrative priviledge .ex. it can't create user.
what is UID?
UID is called user identifier. this is unique for each user.
whenever we are creating any user,system will automatically generate a UID for that user
. you can also define yours own UID while creating.
how to create group?
for creating group use ....#smit mkgroup
for removing group ----#smit rmgroup
for changing group attributes use ....# smit chgroup
*By default when we are creating any user, UID and GID will be same.
#mkuser abhi
# ls -l /home/abhi
suppose i am creating one user abhi, by default a directory named"abhi" will be created in /home..
/home/abhi is our home directory. any files or directories that abhi is creating will be saved here.
while creating user we can define our own home directory also and also can change later.
creating user
for creating user "mkuser command is used.kindly assign the password also same time.
here we are creating normal user (i.e. member of staff group)
#mkuser abhi
#passwd abhi
after that try to run,
#ls -l /home|grep abhi
drw-rw-rw- 2 abhi staff ......................
staff is the primary group of this user.
here we are creating admin user(i.e. member of system group)
#mkuser -a ashu
#passwd ashu
again try to run
#ls -l /home|grep ashu
drw-rw-rw- 2 ashu system ................
here ,system is the primary group
you can use smit also for creating users.
#smit mkuser.
listing user attributes
for listing user attributes lsuser command is used.
#lsuser -ALL
it will list details of all the users
#lsuser abhi
it will list the attributes of user abhi
changing the attributes of user
#chuser su=false abhi
setting the su parameter to false
#chuser shell=/bin/csh abhi
changing the login shell
#chuser home=/back/abhi abhi
changing the home directory.
you can also use
#smit chuser
removing the user account
rmuser is used to remove the user account in aix
#rmuser abhi
it will remove the user but will not remove the password attributes that are stored on passwords file
#rmuser -p abhi
it will remove user and its associated password attributes from
/etc/passwd and /etc/security/passwd files
* when we run mkuser command it calls "/usr/lib/security/mkuser.sys" shell script which customizes the new user account using the parameters defined in "/usr/lib/security/mkuser.default" file.
content of /usr/lib/security/mkuser.default
# cat /usr/lib/security/mkuser.default
user:
pgrp = staff
groups = staff
shell = /usr/bin/ksh
home = /home/$USER
admin:
pgrp = system
groups = system
shell = /usr/bin/ksh
home = /home/$USER
whenever you are creating normal user(using #mkuser ashu), it will take user parameter from above file.and whenever you are creating user using (#mkuser -a aks)it will take admin parameter.
*****try to edit this file and change the pgrp to system in user's stanza. then you create a normal user, and notice the difference.**********
/etc/security/user-- this file contains the extended attributes of user.using this file only we are controlling password.length,password expiry,password length.
content of /etc/security/user
#cat /etc/security/user
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 022
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0
minlen = 0
mindiff = 0
maxrepeats = 8
dictionlist =
pwdchecks =
root:
admin = true
SYSTEM = "compat"
registry = files
loginretries = 0
account_locked = false
abhi:
admin = true
admgroups = system
minlen = 4
minalpha = 1
maxrepeats = 3
* you can set the complexity if assigning the user password by defining using smit.
minalpha=3
maxrepeat=2
minlen=6
here we are defining that our password must contain atleast 3 alphabet,we can't repeat any alphabet or number more than 2 times and our password length should be atleast of 6 characters.
/etc/passwd-- list the basic attributes of users
in password attribute field if:
* is there then, that user is invalid
if ! is there , then it is valid user
content of /etc/passwd file
# cat /etc/passwd
root:!:0:0::/:/bin/bsh
daemon:!:1:1::/etc:
bin:!:2:2::/bin:
sys:!:3:3::/usr/sys:
adm:!:4:4::/var/adm:
uucp:!:5:5::/usr/lib/uucp:
guest:!:100:100::/home/guest:
lp:*:11:11::/var/spool/lp:/bin/false
invscout:*:6:12::/var/adm/invscout:/usr/bin/ksh
snapp:*:200:13:snapp login user:/usr/sbin/snapp:/usr/sbin/snappd
ipsec:*:201:1::/etc/ipsec:/usr/bin/ksh
nuucp:*:7:5:uucp login user:/var/spool/uucppublic:/usr/sbin/uucp/uucico
ashu:!:207:1::/home/ashu:/usr/bin/ksh
abhish:!:204:1::/home/abhish:/usr/bin/ksh
ex:!:8:0::/ambar/ex:/usr/bin/ksh
/etc/security/passwd --it contains the password information of the user.
users who have invalid password(*) in /etc/passwd will not have entry in this file.
content of /etc/security/passwd
# cd /etc/security
# cat passwd
root:
password = 85tnC0rb2lxn.
lastupdate = 1296302793
flags =
daemon:
password = *
bin:
password = *
sys:
password = *
adm:
password = *
ashu:
password =
lastupdate = 1302130037
flags = ADMCHG
/etc/security/login.cfg -- this file contains the details of configuration information for login and user information
content of /etc/security/login.cfg
#cat /etc/security/login.cfg
default:
sak_enabled = false
logintimes =
logindisable = 0
logininterval = 0
loginreenable = 0
logindelay = 0
usw:
shells = /bin/sh,/bin/bsh,/bin/csh,/bin/ksh,/bin/tsh,/bin/ksh93,/usr/bin/sh,/usr/bin/bsh,/usr/bin/csh,/usr/bin/ksh,/usr/bin/tsh,/usr/bin/ksh93,/usr/bin/rksh,/usr/bin/rksh93,/usr/sbin/uucp/uucico,/usr/sbin/sliplogin,/usr/sbin/snappd
maxlogins = 32767
logintimeout = 60
auth_type = STD_AUTH
/etc/security/limits -- this file contains details about the process resource limits for each user.
content of /etc/security/limits
# cat /etc/security/limits
default:
fsize = 2097151
core = 2097151
cpu = -1
data = 262144
rss = 65536
stack = 65536
nofiles = 2000
abhi:
fsize = -1
core = 2097151
cpu = -1
data = 262144
rss = 65536
stack = 65536
nofiles = 2000
#ulimit -a
this command reads the limits file.
#ulimit -f unlimited
changes the file size parameter to unlimited.
#ulimit -f unlimited
changes the file size parameter to unlimited.
you can also change the parameters by directly editting the above file.
if you are setting any parameter to unlimited you edit that to -1.
etc/security/lastlog --------this file contains details about the last login attributes for the user.
/etc/group --- contains basic attributes of the group.
/etc/security/group -- contains extended attributes of groups
$HOME/.profile ---- environment setting for that user.
/var/adm/wtmp ---- contains connect-time accounting
/etc/utmp .. contains the record of user logged into the system. who command reads this file.
*for editting the files in /etc/security directory we are using the "chsec" command
#chsec -f /etc/security/user -s abhi -a su=true.
here,
-f for file
-s for stanza
-a for attribute
Think uid for root is 0 not 1
ReplyDelete*By default when we are creating any user, UID and GID will be same.
DeleteThis statement is not TRUE in AIX