This chapter contains information on managing users and groups. Also included in this chapter is information on disk quotas and on setting up the environment for authenticating a user. For suggestions on how to improve the efficiency of managing users, see CPU-Efficient UserID Administration in Chapter 5 of AIX Versions 3.2 and 4 Performance Tuning Guide.
The following table lists tasks that are used for managing users and groups. You must have root authority to perform many of these tasks.
|Managing Users and Groups Tasks|
|Web-based System Manager: wsm users
|Task||SMIT Fast Path||Command or File|
|Add a User||smit mkuser|
|Set Initial Login Shell for a User1 Environment||smit chuser||chsh UserName|
|Set Login Attributes for a User||smit login_user|
|Change/Show Login Attributes for a Port||smit login_port|
|Assign or Change a User's Password||smit passwd||passwd|
|Change User's Password Attributes||smit passwdattrs|
|Manage Authentication Methods for a New User||smit mkuser||/etc/security/users|
|Manage Authentication Methods for an Existing User||smit chuser||/etc/security/users|
|Establish Default Attributes for New Users||Use chsec command to edit /usr/lib/security/mkuser.default|
|Change User Attributes||smit chuser|
|Lock a User's Account||smit chuser||chuser account_locked=true AccountName|
|Unlock a User's Account||smit chuser||chuser account_locked=false AccountName|
|List Attributes for All Users||smit lsuser|
|List All Attributes for a Specific User||smit chuser||lsuser UserName|
|List Specific Attributes for a Specific User||lsuser -a Attributes User|
|List Specific Attributes for All Users||lsuser -a Attributes ALL|
|Remove a User2||smit rmuser|
|Turn Off/On Access for Users3||smit chuser||chuser login=no (or yes) UserName|
|Add a Group||smit mkgroup|
|Change Group Attributes||smit chgroup|
|List Groups||smit lsgroup|
|List Specific Attributes for All Groups||lsgroup -a Attributes | pg|
|List All Attributes for a Specific Group||lsgroup system|
|List Specific Attributes for a Specific Group||lsgroup -a Attributes Group|
|Remove a Group4||smit rmgroup||lsgroup -a Attributes Group|
- The shell you specify must be defined in the usw stanza of the /etc/security/login.cfg file.
- You must remove information in other subsystems before removing a user, because the cron and at facilities both allow users to request programs to be run at a future date. Use the crontab command to remove a user's cron jobs. You can examine a user's at jobs with the atq command, then remove the jobs with the atrm command.
- In general, this procedure is not suggested for systems using NIS. This procedure will not work at all for NIS clients and it will work on NIS master servers only for users logging into the master server.
- This procedure removes a group and all of its attributes from your network, but it does not remove all of the users in the group from the system. Also, if the group you want to remove is the primary group for any user, you must reassign that user to another primary group before removing the user's original primary group.