Login Problems with Non-Root Users in AIX

About This Document

Users, including root users, could possibly get the following error message, which could indicate a broken or missing group file:

 
   3004-010 failed setting terminal ownership and mode 

The primary group for that user as found in /etc/passwd cannot be found in the /etc/group file.

 
tps:!:215:1::/u/tps:/bin/ksh 
          * 

*In this example, the group is 1. Check /etc/group and make sure the group #1 exists.

• Only root can login; normal users get:

   
     3004-009 failed running login shell 
  

  or

   
     system unavailable 
  

  or

• The command su - user_name returns with the following message:

   
     3004-505 Cannot set process environment 
  

  or
• After the login, the user will get the following message:

   
     0653-345 permission denied 
        (when trying to do anything after the login) 
  

  or

   
     ksh: pwd: Cannot access parent directories 
        (when doing pwd, after login) 
  

These symptoms are caused by the user not being able to execute the login shell (ksh, csh, or bsh, depending upon which is being used) or by a permissions problem in the home directory path.

The following steps show how to check the files and directories that may have a problem with permissions, owner, or group.

If there is a problem with any of the files or directories, use chmod, chown, or chgrp to change the permissions, ownership, or group.

If a symbolic link is missing, use the ln command to recreate it.

For example, to create /bin linked to /usr/bin, run the following command:

 
   ln -s /usr/bin /bin 

1. Log in as root.
2. If users other than root see the message "system unavailable" when they attempt to login, follow this step. Otherwise, skip to the next step.

   Check for the /etc/nologin file with

    
      ls -l /etc/nologin 
   

   If the file /etc/nologin exists, delete it with

    
      rm /etc/nologin 
   

3. For AIX 3.2 Run:

    
      cd / 
      ls -al |pg 
   

   Example output:

    
      drwxr-xr-x  45 bin   bin      1536 Dec 24 10:08 . 
      drwxr-xr-x  45 bin   bin      1536 Dec 24 10:08 .. 
      lrwxrwxrwx   1 root  system      8 Feb 25 1994  bin -> /usr/bin 
      drwxr-xr-x  16 root  system   7168 Dec 24 10:10 etc 
      drwxr-xr-x  71 bin   bin      1536 Dec 14 09:37 home 
      lrwxrwxrwx   1 root  system      8 Jul 15 1996  lib -> /usr/lib 
      lrwxrwxrwx   1 root  system      5 Feb 25 1994  u -> /home 
      lrwxrwxrwx   1 root  system     18 Dec 22 1996  unix -> 
                                                      /usr/lib/boot/unix 
      drwxr-xr-x  24 bin   bin      1024 Jun 17 1994  usr 
      drwxr-xr-x  11 bin   bin       512 Dec 23 10:43 var 
   

   For AIX 4.x Run:

    
      cd / 
      ls -al 
   

   Example output:

    
   drwxr-xr-x  19 bin   bin      1024 Dec 12 21:14 . 
   drwxr-xr-x  19 bin   bin      1024 Dec 12 21:14 .. 
   lrwxrwxrwx   1 bin   bin         8 Nov 22 09:37 bin -> /usr/bin 
   drwxrwxr-x   4 root  system   2048 Dec 12 21:12 dev 
   drwxr-xr-x  12 root  system   2048 Dec 12 21:11 etc 
   drwxr-xr-x   5 bin   bin       512 Nov 22 14:51 home 
   lrwxrwxrwx   1 bin   bin         8 Nov 22 09:37 lib -> /usr/lib 
   drwxr-xr-x  20 bin   bin       512 Nov 22 13:33 lpp 
   drwxr-xr-x   3 bin   bin       512 Nov 22 09:37 sbin 
   lrwxrwxrwx   1 bin   bin         5 Nov 22 09:37 u -> /home 
   drwxr-xr-x  20 bin   bin       512 Nov 22 14:24 usr 
   drwxr-xr-x  12 bin   bin       512 Nov 22 12:59 var 
   

4. Run

    
      ls -ld /usr/bin /usr/lib /tmp 
   

   Example output:

    
      drwxr-xr-x   3 bin   bin     10752 Nov 22 12:53 /usr/bin 
      drwxr-xr-x  28 bin   bin      4096 Dec 15 17:08 /usr/lib/ 
      drwxrwxrwt   8 bin   bin      2560 Jan 22 14:46 /tmp/ 
   

5. Run:

    
      ls -l /usr/bin/csh /usr/bin/ksh /usr/bin/bsh 
   

   Example output:

    
      -r-xr-xr-x   2 bin   bin    341020 Nov 22 09:37 /usr/bin/bsh 
      -r-xr-xr-x   1 bin   bin    154412 Nov 22 09:37 /usr/bin/csh 
      -r-xr-xr-x   4 bin   bin    230148 Nov 22 09:37 /usr/bin/ksh 
   

   Determine the user's home directory. In these steps, we will refer to the user's ID and directory as "user_one".

6. Run:

    
       ls -ld u/user_one  (use path of user's directory) 
   

   Example output:

    
      -drwxr-xr-x  9 user_one system   7680 Dec 24 15:00 /u/user_one 
   

   The directory should be owned by the user and the user should have "rwx" permissions.

7. Run

    
      cd /u/user_one 
      ls -al | pg 
   

   Example output:

    
      drwxr-xr-x   9 user_one system   7680 Dec 24 15:00 . 
      drwxr-xr-x  71 bin      bin      1536 Dec 14 09:37 .. 
   

   The owner of the "." directory should be the user. The permissions on the ".." directory should be at least r-x for group and r-x for other.

8. If the user still has permission denied problems (but not login problems), the cause could be file system mount point permissions.

   In order to check the permissions on the mount point, the file system must first be unmounted. Some file systems' mount points can only be checked from service mode after booting from boot media.

   The permissions of the underlying mount point should be at least d--x--x--x, but full permissions (drwxrwxrwx) are recommended. The permission setting of the mounted file system can be used to restrict access.