AIX user (Group) Management

References:

Http://www.ibm.com/developerworks/cn/aix/library/au-aixuseradmin/

Http://blog.csdn.net/victor1220/article/details/5338331

The user (Group) management method in AIX is the same as that in rhel. It maintains several text files. Compared with commands and parameters, I prefer to modify files.

Several files used

/Etc/passwd stores user information.

/Etc/security/passwd stores user password information,

/Etc/group stores user group information.

/Etc/security/group stores the management information of user groups.

/Etc/security/limits stores various restriction parameters for each user.

/Etc/security/users stores the parameters of each user.

When setting users and user groups, remember that the formats of these files are almost the same.

/Etc/passwd format

Username: Password Flag: UID: GID: GECOS: Home: Shell/Command

Each field is separated by a colon.

Several parameters to be interpreted are:

Password FlagIndicates whether the user's password is set. If it is "!" The user has set a password. If it is "*", no password is set.

GIDID of the user's group.

GECOSThe General Electric Comprehensive Operating System stores basic user information, such as phone number and name.

/Etc/security/passwd format

User:

Password =

Lastupdate =

Flags =

PasswordIs the encrypted password information that the system sets for the user through the passwd command.

LastupdateThe last time the password was updated (the number of seconds since the system EPOCH ).

FlagsSet limits for changing user passwords. The configurable parameters are ADMIN, ADMCHG, and NOCHECK.

ADMIN. If this parameter is set, only the root user can change the password of the user.

ADMCHG. If this parameter is set, the user will be prompted to change the password the next time they log on, not every time they log on.

NOCHECK. If this parameter is set, all the settings in/etc/security/user are ignored.

/Etc/group format

Group Name: Password Flag: GID: User (s)

Parameters to be interpreted include:

Password flag.This parameter is not applicable. All parameters are set to "!".

Users.List of members in the group.

/Etc/security/group format

Group name:

Adms =

Admin =

AdmsTo list users with management permissions for this group, multiple users are separated by commas.

AdminOptional values: true/false. If it is set to true, the group has the management permission.

/Etc/security/limits format

Limits files store the restrictions on user usage of system resources. Corresponds to the ulimit command.

Soft Limits	Hard limit	Description
Fsize	Fsize_hard	Size of files that can be created by users
Core	Core_hard	Size of core files that can be created by users
Cpu	Cpu_hard	Allowed System Time
Data	Data_hard	Process Data Segment Size
Stack	Stack_hard	Size of the process stack segment
Rss	Rss_hard	Amount of physical memory allowed
Nofiles	Nofiles_hard	Number of file descriptors simultaneously opened
Nproc	Nproc_hard	Number of processes running simultaneously

First, let's talk about the difference between soft and hard limits.

The hard limit is introduced only from AIX4.1. Its value is the upper limit for the user to use this resource. Anyone can reduce this value, but only members of the security group can increase this value.

The soft limit is the idle resource parameter currently used by the AIX core. This value can be modified by anyone, but cannot exceed the hard limit. In addition, these settings can only take effect permanently for the security group members. The settings of common users expire after the users exit the system.

If this value is set to-1, it indicates no restriction.

Parameter Parsing

FsizeThe value is defined as the maximum file size that the user can generate. The Unit is 512 bytes.

CoreFiles are stored in a core file in the specified directory when the program encounters a problem. For example, the core dump file in oracle is used for debugging. This value is used to set the maximum size of the file. The Unit is 512 bytes.

CpuThe cpu limit (in seconds) for the user process ). Normal users can only reduce this value, and root can increase this value. Note that the CPU usage time of a process depends on the AIX Kernel (core program) process scheduling algorithm. This value is for reference only.

DataIs the size limit of the Process Data Segment (in bytes ). If you do not know the definition of the Data Segment, refer to the following article: http://www.cnblogs.com/younes/archive/2010/01/18/1651090.html

StackIs the limit of the size of the process stack segment (in bytes ).

RssIs the limit of the resident memory segment of the process (in bytes ). AIX kernel does not refer to this value.

NofilesIs the maximum number of files that a process can open. The kernel uses file descriptors to access files. A file descriptor represents a file.

NprocIs the number of processes that run simultaneously.

This user does not need to set resource limits for every user. By default, the AIX operating system has a configuration item, default.

The settings for this file need to be restarted to take effect.

/Etc/security/users format

Parameters	Format	Description
Account_locked	TRUE | FALSE	The account is locked. If it is set to True, the user cannot log on.
Admin	TRUE | FALSE	If it is set to True, the user has the management power.
Expires	MMDDHHYY	If this date is reached, the account will expire and be locked.
Histexpire	0-260	The user cannot reuse the password (number of weeks) within this period ).
Histsize	0-50	The number of previously used passwords that cannot be reused.
Login	TRUE | FALSE	If it is set to True, you can log on.
Maxage	0-52	Password validity period (number of weeks ).
Minage	0-52	The user can change the password (number of weeks) only after this period ).
Rlogin	TRUE | FALSE	If this parameter is set to True, You can remotely access this account.
Su	TRUE | FALSE	If this parameter is set to True, other users can use su to access this account.

For more parameters, see: http://publib.boulder.ibm.com/infocenter/pseries/v5r3/index.jsp? Topic =/com. ibm. aix. files/doc/aixfiles/user.htm

Several related commands

Mkuser

Chuser changes user information

Chsh Change User's default shell

Chfn changes the user's personal information, that is, the GECOS information in/etc/passwd exists.

Lsuser-f view user information

Passwd sets a password for the user

Rmuser delete user

Create a user group in Mkgroup

Chgroup changes user group information

Lsgroup

Rmgroup deletes a user group.

The specific command parameters can be man.