User Management for AIX

User management is an important part of the system, each user logged into the system has a user account, generally also has a password (in a secure system, a valid user must have a password). If the password is correct, the user will be able to log in with this account to obtain the various privileges of the account. The user's password is saved in the/etc/passwd and/etc/security/passwd files.

A user group is a collection of users who share access permissions on a protected resource. The user group is provided with an identifier that consists of members and administrators. The person who created the group is usually the first administrator of the user group. There are three types of user groups:

User-defined group: A person who shares files on a system, such as people working in the same department or under the same project. Typically, this type of user does not create too many.

System Administrators group: This group of users corresponds to the System user group. Members of the System user group allow administrators who do not have superuser privileges to perform some system maintenance tasks.

System Definition group: Some user groups are defined by the operating system and the default user group for Non-administrator users created by the system is STAFF. The security user group has the privilege of performing secure administration.

1, User Management command

Here are some important commands for system management:

Mkuser Create a new user.

passwd Create or modify user passwords.

Chuser modifies user properties except for user passwords.

Lsuser displays user properties.

Rmuser deletes the user.

Login user logged in.

CHFN modifies the user's descriptive information, and the user can fill in any information such as address, full name, alias, etc.

The Finger command displays the user's descriptive information.

Chsh modifies the user's Shell.

WHO displays the currently logged-on user.

2,/etc/passwd documents

/etc/passwd file to save the user's basic information. This ASCII file contains the portal for all users. Each portal defines the user's basic properties. When you add a user with the Mkuser command, the/etc/passwd file is automatically updated.

Each entry in the/etc/passwd file splits the different attributes with a colon (:), in the following format:

Name:Password:UserID:PrincipleGroup:Gecos:HomeDirectory:Shell

The value of the Password field if an asterisk (*) indicates that the password is invalid, or an exclamation point (!). Indicates that the password is in the shadow file/ETC/SECURITY/PASSWD. In general, the field is an exclamation point (!). ）。 If the password field is an asterisk (*) and an authenticated user is required, the user will not be able to log on to the system.

The Shell field indicates the initial program or shell that the user executes when invoking the login or SU command. The Korn Shell is an AIX operating system standard login Shell that is backward compatible with the Bourne shell. If the user is not defined, the default is to use/usr/bin/sh (Bourne shell). The Bourne shell is a subset of the Korn shell.

When you create a user with Mkuser, the password field is always initialized with an asterisk (*)-indicating an invalid password. To set the password with the passwd or PWDADM command. Once the password is set, exclamation point (! ) will fill in the/etc/passwd file, indicating that there is an encrypted password in the/etc/security/passwd file.

3,/etc/environment documents

The/etc/environment file contains the basic environment variables to be used by all processes. Each start of a new process, the EXEC function generates a string arrangement called "Environment" in name=value format, and the Name on the left of each string is called an environment variable or a shell variable. Each command checks for environment variables before it starts running. When you log on, the system reads the user's logon script. Profile, set the environment variable according to the environment file first.

The following are some of the variables that make up the basic environment:

Home: The full path of the user login or the directory of the owner. The Login program sets this value according to the corresponding field in the/etc/passwd file.

LANG: The international locale where the user is located. When the system is installed, the variable is set in the/etc/environment file.

Path: When a command is not executed as a full path, a sequence of directories specified in path is searched for the command being executed. Different directory names in PATH are separated by colons.

TZ: Time zone information. TZ environment variables are set in/etc/environment.

4. Create and modify user passwords

The passwd command creates an encrypted passwd entry in the/etc/security/passwd file and then changes the corresponding Password field in the/etc/passwd file from an asterisk (*) to an exclamation point (!). ）。 The following example shows

Shows how this command modifies a user password:

passwd

If there is an old password and is not a superuser, the passwd command prompts for a new password first, and then two prompts to enter the password (for confirmation).