[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 4

nismkuser Command


Creates a new NIS+ user account.


nismkuser [ Attribute=Value ... ] Name


The nismkuser command creates a NIS+ user entry in the NIS+ domain. The Name parameter must be a unique 8-byte or less string. You cannot use the ALL or default keywords in the user name. By default, the nismkuser command creates a standard user account. To create an administrative user account, specify the -a flag.

Note: You cannot use the nismkuser command to add users to an NIS+ groups. Use the nisgrpadm command to perform this function.

The nismkuser command will allow the input of the NIS+ user password at the time of user creation.  If no password is given at user creation time, the NIS+ user's LOCAL and DES cred is created with the password nisplus.  Later, passwords may be set or reset with the passwd command.  New accounts are not disabled and are active after the nismkuser command completes.

  1. Although this command allows the user to set the "home" directory for the NIS+ user, no actual physical directory is created if the directory does not already exist.
  2. You need to have a group in group.org_dir with the gid that matches the new users gid first before you can add a user. The default gid for nismkuser is 1.

You can use the Web-based System Manager Users application or the System Management Interface Tool (SMIT) to run this command (under the NIS+ administration area).

Restrictions on Creating User Names

To prevent login inconsistencies, you should avoid composing user names entirely of uppercase alphabetic characters. While the nismkuser command supports multi-byte user names, it is recommended that you restrict user names to characters with the POSIX portable filename character set.

To ensure that your user database remains uncorrupted, you must be careful when naming users. User names must not begin with a - (dash), + (plus sign), @ (at sign), or ~ (tilde). You cannot use the keywords ALL or default in a user name. Additionally, do not use any of the following characters within a user-name string:

. Dot
: Colon
" Double quote
# Pound sign
, Comma
= Equal sign
\ Back slash
/ Slash
? Question mark
' Single quote
` Back quote

Attention: You will not be allowed to create a NIS+ user with the identical name of a pre-existing  NIS+ client or server name.

Finally, the Name parameter cannot contain any space, tab, or new-line characters.


Attribute=Value Initializes a user attribute. Refer to the chuser command for the valid attributes and values.
Name Specifies a unique 8-byte or less string.

Valid Parameters

nismkuser will allow an administrator to enter the same attributes and parameters as you would with the mkuser command. However, only the following parameters will be used by the nismkuser command (the others will be ignored and not considered an error):
uid, gid, gecos, shell, home, minage,, maxage, maxexpired, expires.


Access Control: This command should grant execute (x) access only to the root user and members of the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.

Auditing Events:

Event Information
USER_Create user


  1. To create the davis user account with the default values in the /usr/lib/security/nismkuser.default file, enter:

    nismkuser davis
  2. To create the davis user account and set the su attribute to a value of false, enter:

    nismkuser su=false davis


/usr/bin/nismkuser Contains the nismkuser command.

Related Information

The chfn command, chgroup command, chgrpmem command, chsh command, chuser command, lsgroup command, lsuser command, mkgroup command, passwd command, pwdadm command, rmgroup command, rmuser command, setgroups command, setsenv command.

For more information about the identification and authentication of users, discretionary access control, the trusted computing base, and auditing, refer to Standalone System Security in the AIX 5L Version 5.2 Security Guide.

For more information about administrative roles, refer to Users, Groups, and Passwords in theAIX 5L Version 5.2 Security Guide.

For information on installing the Web-based System Manager, see Chapter 2: Installation and System Requirements in AIX 5L Version 5.2 Web-based System Manager Administration Guide.

[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home | Legal | Search ]