User Tools

Site Tools


aix:user_mgmt

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
aix:user_mgmt [2021/10/19 18:15]
manu
aix:user_mgmt [2024/02/07 14:40] (current)
manu [Unlock a user]
Line 1: Line 1:
 ====== Users and group management ====== ====== Users and group management ======
 +
 +===== Create group / user =====
 +
 +List a user with his parameters
 +<cli prompt='#'>​
 +[root@aix01]/​root#​ lsuser -f root
 +root:
 +        id=0
 +        pgrp=system
 +        groups=system,​bin,​sys,​security,​cron,​audit,​lp
 +        home=/root
 +        shell=/​usr/​bin/​ksh93
 +        auditclasses=general
 +        login=true
 +        su=true
 +        rlogin=true
 +        daemon=true
 +        admin=true
 +        sugroups=ALL
 +        admgroups=
 +        tpath=nosak
 +        ttys=ALL
 +        expires=0
 +        auth1=SYSTEM
 +        auth2=NONE
 +        umask=22
 +        registry=files
 +        SYSTEM=compat
 +        logintimes=
 +        loginretries=0
 +        pwdwarntime=0
 +        account_locked=false
 +        minage=0
 +        maxage=0
 +        maxexpired=-1
 +        minalpha=2
 +        minloweralpha=1
 +        minupperalpha=1
 +...
 +[root@aix01]/​root#​ lsuser -a id home root
 +root id=0 home=/root
 +</​cli>​
 +
 +===== User password management =====
 +
 +Add to the following commands **-R LDAP** if LDAP is used, default is **-R files**
  
 Set password for user user1 Set password for user user1
Line 20: Line 66:
 To check with particular user’s last password changed in AIX. To check with particular user’s last password changed in AIX.
 Admin can check by execute following command Admin can check by execute following command
-<cli>+<​cli ​prompt='#'​>
 root@aix-server1:/​etc/​security#​ pwdadm -q user3 root@aix-server1:/​etc/​security#​ pwdadm -q user3
 user3: user3:
Line 27: Line 73:
  
 To determine when a password was last set or changed, as indicated in the last update value in pwdadm output. The UTC time stamp in seconds will need to be converted into a more meaningful current date time stamp. To determine when a password was last set or changed, as indicated in the last update value in pwdadm output. The UTC time stamp in seconds will need to be converted into a more meaningful current date time stamp.
-<cli>+<​cli ​prompt='#'​>
 root@aix-server1:/​etc/​security#​ perl -le ‘print scalar localtime 1406597936’ root@aix-server1:/​etc/​security#​ perl -le ‘print scalar localtime 1406597936’
 Tue Jul 29 09:38:56 2014 Tue Jul 29 09:38:56 2014
 </​cli>​ </​cli>​
  
 +read failed login
 +<cli prompt='#'>​
 +root@aix-server1:/​etc/​security#​ who -a /​etc/​security/​failedlogin
 +root      - ssh         Jan 21 09:43      ?
 +root      - ssh         Jan 21 13:25      ?
 +root      - ssh         Jan 21 14:36      ?
 +</​cli>​
 +
 +===== Unlock a user =====
 +
 +Reset count
 +<cli prompt='#'>​
 +root@aix-server1:/​root#​ lsuser -a unsuccessful_login_count user1
 +user1 unsuccessful_login_count=7
 +root@aix-server1:/​root#​ chsec -f /​etc/​security/​lastlog -a "​unsuccessful_login_count=0"​ -s user1
 +</​cli>​
 +
 +Unlock
 +<cli prompt='#'>​
 +root@aix-server1:/​root#​ lsuser -a account_locked user1
 +user1 account_locked=true
 +root@aix-server1:/​root#​ chuser account_locked='​false'​ user1
 +</​cli>​
 +
 +===== Check connexions =====
 +
 +<cli prompt='#'>​
 +root@aixsrv /root# last -f /​var/​adm/​wtmp
 +root      pts/1        172.10.10.10 ​          Feb 07 14:05 - 14:05  (00:00)
 +user1     ​pts/​1 ​       172.10.10.20 ​          Feb 07 14:05 - 14:05  (00:00)
 +user2     ​pts/​1 ​       172.10.10.12 ​          Feb 07 14:05 - 14:05  (00:00)
 +root      pts/1        172.10.10.32 ​          Feb 07 12:27 - 12:29  (00:02)
 +root      pts/0        172.10.10.32 ​          Feb 07 10:52   still logged in
 +kkpk      ftp          timesrv.test.lan ​      Feb 07 02:32 - 02:32  (00:00)
 +</​cli>​
aix/user_mgmt.1634660107.txt.gz · Last modified: 2021/10/19 18:15 by manu