Defines the environment attributes for users.
The /etc/security/environ file is an ASCII file that contains stanzas with the environment attributes for users. Each stanza is identified by a user name and contains attributes in the Attribute=Value form, with a comma separating the attributes. Each attribute is ended by a new-line character, and each stanza is ended by an additional new-line character.
If environment attributes are not defined, the system uses default values. Each user stanza can have the following attributes:
| Attribute | Definition |
|---|---|
| usrenv | Defines variables to be placed in the user environment when the initial login command is given or when the su command resets the environment. The value is a list of comma-separated attributes. The default value is an empty string. |
| sysenv | Defines variables to be placed in the user protected state environment when the initial login command is given or when the su command resets the environment. These variables are protected from access by unprivileged programs so other programs can depend on their values. The default value is an empty string. |
For a description of environment variables, refer to the /etc/environment file.
Access to all the user database files should be through the system commands and subroutines defined for this purpose. Access through other commands or subroutines may not be supported in future releases.
The mkuser command creates a user stanza in this file. The initialization of the attributes depends upon their values in the /usr/lib/security/mkuser.default file. The chuser command can change these attributes, and the lsuser command can display them. The rmuser command removes the entire record for a user.
Access Control:
This command should grant read (r) access to the root user, members of the security group, and others consistent with the security policy for the system. Only the root user should have write (w) access.
Auditing Events:
| Event | Information |
|---|---|
| S_ENVIRON_WRITE | file name |
A typical stanza looks like the following example for user dhs:
dhs: usrenv = "MAIL=/home/spool/mail/dhs,MAILCHECK=600" sysenv = "NAME=dhs@delos"
| /etc/security/environ | Specifies the path to the file. |
| /etc/environment | Specifies the basic environment for all processes. |
| /etc/group | Contains the basic attributes of groups. |
| /etc/security/group | Contains the extended attributes of groups. |
| /etc/passwd | Contains the basic attributes of users. |
| /etc/security/passwd | Contains password information. |
| /etc/security/user | Contains the extended attributes of users. |
| /etc/security/limits | Contains the process resource limits of users. |
| /usr/lib/security/mkuser.default | Contains the default values for user accounts. |
| /etc/security/lastlog | Contains last login information. |
The chuser command, login command, lsuser command, mkuser command, rmuser command, setsenv command, su command.
The getpenv subroutine, getuserattr subroutine, putuserattr subroutine, setpenv subroutine.
File and System Security Overview in AIX 5L Version 5.2 System Management Guide: Operating System and Devices.