This chapter contains procedures for managing users and groups. Also included in this chapter is information on setting up the environment for authenticating a user (see Setting Up the Disk Quota System). See Disk Quota System Overview section in the AIX 5L Version 5.1 System Management Concepts: Operating System and Devices for an overview on this topic.
Perform the following tasks to manage users and groups. You must
have root authority to perform many of these tasks.
|Managing Users and Groups Tasks|
|Task||SMIT Fast Path||Command or File|
|Add a User||smit mkuser|
|Set Initial Login Shell for a User1 Environment||smit chuser||chsh UserName|
|Set Login Attributes for a User||smit login_user|
|Change/Show Login Attributes for a Port||smit login_port|
|Assign or Change a User's Password||smit passwd||passwd|
|Change User's Password Attributes||smit passwdattrs|
|Manage Authentication Methods for a New User||smit mkuser||/etc/security/users|
|Manage Authentication Methods for an Existing User||smit chuser||/etc/security/users|
|Establish Default Attributes for New Users||Use chsec command to edit /usr/lib/security/mkuser.default|
|Change User Attributes||smit chuser|
|Lock a User's Account||smit chuser||chuser account_locked=true AccountName|
|Unlock a User's Account||smit chuser||chuser account_locked=false AccountName|
|List Attributes for All Users||smit lsuser|
|List All Attributes for a Specific User||smit chuser||lsuser UserName|
|List Specific Attributes for a Specific User||lsuser -a Attributes User|
|List Specific Attributes for All Users||lsuser -a Attributes ALL|
|Remove a User2||smit rmuser|
|Turn Off/On Access for Users3||smit chuser||chuser login=no (or yes) UserName|
|Add a Group||smit mkgroup|
|Change Group Attributes||smit chgroup|
|List Groups||smit lsgroup|
|List Specific Attributes for All Groups||lsgroup -a Attributes | pg|
|List All Attributes for a Specific Group||lsgroup system|
|List Specific Attributes for a Specific Group||lsgroup -a Attributes Group|
|Remove a Group4||smit rmgroup||lsgroup -a Attributes Group|
- The shell you specify must be defined in the usw stanza of the /etc/security/login.cfg file.
- You must remove information in other subsystems before removing a user, because the cron and at utilities both allow users to request programs to be run at a future date. Use the crontab command to remove a user's cron jobs. You can examine a user's at jobs with the atq command, then remove the jobs with the atrm command.
- In general, this procedure is not suggested for systems using NIS. This procedure does not work at all for NIS clients and it works on NIS master servers only for users logging into the master server.
- This procedure removes a group and all of its attributes from your network, but it does not remove all of the users in the group from the system. Also, if the group you want to remove is the primary group for any user, you must reassign that user to another primary group before removing the user's original primary group.