AIX user (Group) Management

Source: Internet
Author: User

References:

Http://www.ibm.com/developerworks/cn/aix/library/au-aixuseradmin/

Http://blog.csdn.net/victor1220/article/details/5338331

The user (Group) management method in AIX is the same as that in rhel. It maintains several text files. Compared with commands and parameters, I prefer to modify files.

Several files used

/Etc/passwd stores user information.

/Etc/security/passwd stores user password information,

/Etc/group stores user group information.

/Etc/security/group stores the management information of user groups.

/Etc/security/limits stores various restriction parameters for each user.

/Etc/security/users stores the parameters of each user.

When setting users and user groups, remember that the formats of these files are almost the same.

/Etc/passwd format

Username: Password Flag: UID: GID: GECOS: Home: Shell/Command

Each field is separated by a colon.

Several parameters to be interpreted are:

Password FlagIndicates whether the user's password is set. If it is "!" The user has set a password. If it is "*", no password is set.

GIDID of the user's group.

GECOSThe General Electric Comprehensive Operating System stores basic user information, such as phone number and name.

/Etc/security/passwd format

User:

Password =

Lastupdate =

Flags =

PasswordIs the encrypted password information that the system sets for the user through the passwd command.

LastupdateThe last time the password was updated (the number of seconds since the system EPOCH ).

FlagsSet limits for changing user passwords. The configurable parameters are ADMIN, ADMCHG, and NOCHECK.

ADMIN. If this parameter is set, only the root user can change the password of the user.

ADMCHG. If this parameter is set, the user will be prompted to change the password the next time they log on, not every time they log on.

NOCHECK. If this parameter is set, all the settings in/etc/security/user are ignored.

/Etc/group format

Group Name: Password Flag: GID: User (s)

Parameters to be interpreted include:

Password flag.This parameter is not applicable. All parameters are set to "!".

Users.List of members in the group.

/Etc/security/group format

Group name:

Adms =

Admin =

AdmsTo list users with management permissions for this group, multiple users are separated by commas.

AdminOptional values: true/false. If it is set to true, the group has the management permission.

/Etc/security/limits format

Limits files store the restrictions on user usage of system resources. Corresponds to the ulimit command.

Soft Limits

Hard limit

Description

Fsize

Fsize_hard

Size of files that can be created by users

Core

Core_hard

Size of core files that can be created by users

Cpu

Cpu_hard

Allowed System Time

Data

Data_hard

Process Data Segment Size

Stack

Stack_hard

Size of the process stack segment

Rss

Rss_hard

Amount of physical memory allowed

Nofiles

Nofiles_hard

Number of file descriptors simultaneously opened

Nproc

Nproc_hard

Number of processes running simultaneously

First, let's talk about the difference between soft and hard limits.

The hard limit is introduced only from AIX4.1. Its value is the upper limit for the user to use this resource. Anyone can reduce this value, but only members of the security group can increase this value.

The soft limit is the idle resource parameter currently used by the AIX core. This value can be modified by anyone, but cannot exceed the hard limit. In addition, these settings can only take effect permanently for the security group members. The settings of common users expire after the users exit the system.

If this value is set to-1, it indicates no restriction.

Parameter Parsing

FsizeThe value is defined as the maximum file size that the user can generate. The Unit is 512 bytes.

CoreFiles are stored in a core file in the specified directory when the program encounters a problem. For example, the core dump file in oracle is used for debugging. This value is used to set the maximum size of the file. The Unit is 512 bytes.

CpuThe cpu limit (in seconds) for the user process ). Normal users can only reduce this value, and root can increase this value. Note that the CPU usage time of a process depends on the AIX Kernel (core program) process scheduling algorithm. This value is for reference only.

DataIs the size limit of the Process Data Segment (in bytes ). If you do not know the definition of the Data Segment, refer to the following article: http://www.cnblogs.com/younes/archive/2010/01/18/1651090.html

StackIs the limit of the size of the process stack segment (in bytes ).

RssIs the limit of the resident memory segment of the process (in bytes ). AIX kernel does not refer to this value.

NofilesIs the maximum number of files that a process can open. The kernel uses file descriptors to access files. A file descriptor represents a file.

NprocIs the number of processes that run simultaneously.

This user does not need to set resource limits for every user. By default, the AIX operating system has a configuration item, default.

The settings for this file need to be restarted to take effect.

/Etc/security/users format

Parameters

Format

Description

Account_locked

TRUE | FALSE

The account is locked. If it is set to True, the user cannot log on.

Admin

TRUE | FALSE

If it is set to True, the user has the management power.

Expires

MMDDHHYY

If this date is reached, the account will expire and be locked.

Histexpire

0-260

The user cannot reuse the password (number of weeks) within this period ).

Histsize

0-50

The number of previously used passwords that cannot be reused.

Login

TRUE | FALSE

If it is set to True, you can log on.

Maxage

0-52

Password validity period (number of weeks ).

Minage

0-52

The user can change the password (number of weeks) only after this period ).

Rlogin

TRUE | FALSE

If this parameter is set to True, You can remotely access this account.

Su

TRUE | FALSE

If this parameter is set to True, other users can use su to access this account.

For more parameters, see: http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp? Topic =/com. ibm. aix. files/doc/aixfiles/user.htm

Several related commands

Mkuser

Chuser changes user information

Chsh Change User's default shell

Chfn changes the user's personal information, that is, the GECOS information in/etc/passwd exists.

Lsuser-f view user information

Passwd sets a password for the user

Rmuser delete user

Create a user group in Mkgroup

Chgroup changes user group information

Lsgroup

Rmgroup deletes a user group.

The specific command parameters can be man.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.