System Management Guide: Operating System and Devices

Chapter 4. Users and Groups

This chapter contains procedures for managing users and groups. Also included in this chapter is information on setting up the environment for authenticating a user (see Setting Up the Disk Quota System). See Disk Quota System Overview section in the AIX 5L Version 5.1 System Management Concepts: Operating System and Devices for an overview on this topic.

Perform the following tasks to manage users and groups. You must have root authority to perform many of these tasks.

Managing Users and Groups Tasks
Task	SMIT Fast Path	Command or File
Add a User	smit mkuser
Set Initial Login Shell for a User¹ Environment	smit chuser	chsh UserName
Set Login Attributes for a User	smit login_user
Change/Show Login Attributes for a Port	smit login_port
Assign or Change a User's Password	smit passwd	passwd
Change User's Password Attributes	smit passwdattrs
Manage Authentication Methods for a New User	smit mkuser	/etc/security/users
Manage Authentication Methods for an Existing User	smit chuser	/etc/security/users
Establish Default Attributes for New Users		Use chsec command to edit /usr/lib/security/mkuser.default
Change User Attributes	smit chuser
Lock a User's Account	smit chuser	chuser account_locked=true AccountName
Unlock a User's Account	smit chuser	chuser account_locked=false AccountName
List Attributes for All Users	smit lsuser
List All Attributes for a Specific User	smit chuser	lsuser UserName
List Specific Attributes for a Specific User		lsuser -a Attributes User
List Specific Attributes for All Users		lsuser -a Attributes ALL
Remove a User²	smit rmuser
Turn Off/On Access for Users³	smit chuser	chuser login=no (or yes) UserName
Add a Group	smit mkgroup
Change Group Attributes	smit chgroup
List Groups	smit lsgroup
List Specific Attributes for All Groups		lsgroup -a Attributes \| pg
List All Attributes for a Specific Group		lsgroup system
List Specific Attributes for a Specific Group		lsgroup -a Attributes Group
Remove a Group⁴	smit rmgroup	lsgroup -a Attributes Group

Notes:

The shell you specify must be defined in the usw stanza of the /etc/security/login.cfg file.
You must remove information in other subsystems before removing a user, because the cron and at utilities both allow users to request programs to be run at a future date. Use the crontab command to remove a user's cron jobs. You can examine a user's at jobs with the atq command, then remove the jobs with the atrm command.
In general, this procedure is not suggested for systems using NIS. This procedure does not work at all for NIS clients and it works on NIS master servers only for users logging into the master server.
This procedure removes a group and all of its attributes from your network, but it does not remove all of the users in the group from the system. Also, if the group you want to remove is the primary group for any user, you must reassign that user to another primary group before removing the user's original primary group.