[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 3

mkpasswd Command


Organizes the basic user database for efficient searches.


mkpasswd [ -v ] { -f | -d | -c} |indexname


The mkpasswd generates indexes over certain security files. These indexes are used by the getpwnam, getpwuid, getuserattr, and putuserattr library subroutines.

This approach significantly enhances performance for large user base systems. The following indexes, defined in /usr/include/usersec.h, are created:

/etc/passwd.nm.idx: Index over /etc/passwd file using username as key.
/etc/passwd.id.idx: Index over /etc/passwd file using userid number as key.
/etc/security/passwd.idx: Index over /etc/security/passwd file.
/etc/security/lastlog.idx: Index over /etc/security/lastlog file.

  1. Modifying the security files over which indexes are built by an editor disables the use of indexing mechanism.
  2. Indexed read of a data file is automatically done if a corresponding index exists over the file and is not older than it (except for lastlog index) .
  3. In order for indexed mechanism to be used at login, the mkpasswd command must have generated indexes.
  4. The indexing mechanism replaces the previous hashing mechanism which used dbm files.


-v Reports progress if index built.
-f Forces building of all indexes.
-d Deletes all indexes.
-c Checks all indexes and rebuilds the ones that look suspicious.
indexname Forces building of a particular index.


Access Control: Only the root user and members of the security group should have execute (x) access to this command. The command should be setuid to the root user so the command has access to the user database. Members of the security group should have access to all the files listed in the Files section. This command should have the trusted computing base attribute.

Files Accessed:

Mode File
r /etc/passwd
rw /etc/passwd.nm.idxnnnn.tmp and /etc/passwd.id.idxnnnn.tmp

where nnnn is the process id.

r /etc/security/passwd
rw /etc/security/passwd.idx
rw /etc/security/passwd.idxnnnn.tmp

where nnnn is the process id

r /etc/security/lastlog
rw /etc/security/lastlog.idx
rw /etc/security/lastlog.idxnnnn.tmp

where nnnn is the process id


  1. To create and enable indexed read of security files, enter:

    mkpasswd -f
  2. To create and enable indexed read of only the /etc/security/passwd file, enter:

    mkpasswd /etc/security/passwd.idx
  3. To check and rebuild outdated or bad indexes, enter:

    mkpasswd -c


/usr/sbin/mkpasswd Contains the mkpasswd command.
/etc/passwd Contains basic user attributes.
/etc/security/passwd Contains user password attributes
/etc/security/lastlog Contains lastlog related attributes

Related Information

The passwd command, pwdadm command mkuser command chuser command rmusers command.

The getpwnam subroutine, getpwuid subroutine, getuserattr subroutine, putuserattr subroutine.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to the AIX 5L Version 5.2 Security Guide.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]