Jan 1, 2010

Changing the user characteristic in AIX from command prompt

No comments

Generally in AIX based server ‘smit’ (System Management Interface Tool) tool is used for showing and changing the characteristic of root user. But sometimes in remote access (e.g. Split IP/VNC/VPN) it is not very easy to use smit (System Management Interface Tool) tool remotely. Below are the some useful commands that can be used for seeing and changing the characteristics of root password.

  • To check the various parameters of root password below is the command :
# lsuser -f root

   e.g.

   # lsuser -f root
   root:
        id=0
        pgrp=system
        groups=system,bin,sys,security,cron,audit
        home=/home/root
        shell=/bin/fash
        login=true
        su=true
        rlogin=true
        daemon=true
        admin=true
        sugroups=ALL
        admgroups=
        tpath=nosak
        ttys=ALL
        expires=0
        auth1=SYSTEM
        auth2=NONE
        umask=22
        registry=files
        SYSTEM=compat
        logintimes=
        loginretries=0
        pwdwarntime=7
        account_locked=false
        minage=0
        maxage=4
        maxexpired=-1
        minalpha=1
        minother=1
        mindiff=0
        maxrepeats=0
        minlen=6
        histexpire=0
        histsize=0
        pwdchecks=
        dictionlist=
        dce_export=false
        fsize=2097151
        cpu=-1
        data=262144
        stack=65536
        core=2097151
        rss=65536
        nofiles=2000
        usrenv=TMOUT=600,TIMEOUT=10
        time_last_login=1259300096
        time_last_unsuccessful_login=1259269654
        tty_last_login=/dev/pts/0
        tty_last_unsuccessful_login=/dev/pts/0
        host_last_login=47.129.231.121
        host_last_unsuccessful_login=47.130.48.72
        unsuccessful_login_count=0
        roles=



  • To disable password aging, we can change ‘maxage’ parameter for root password to ‘0’ using command prompt.



# chuser maxage=0 root



  • To allow immediate re-use of a password, we can change ‘NUMBER OF PASSWORDS before reuse’ and ‘WEEKS before password reuse’ parameter for root password to ‘0’ using command prompt.



# chuser histexpire=0 root 
# chuser histsize=0 root



  • Some more parameters generally used to change using chuser command.



a) To enable user smith to access this system remotely, type:

     #chuser rlogin=true smith

b) To change the expiration date for the davis user account to 8 a.m., 1         
            May, 1995, type:

    #chuser expires=0501080095 davis

c) To add davis to the groups finance and accounting, type:

    #chuser groups=finance, accounting Davis 

d) To change the user davis, who was created with the LDAP load module,     
            to not be allowed remote access, type:

    #chuser -R LDAP rlogin=false davis


Conclusion



This command is very useful to change the user parameter from command line. This command should grant execute (x) access only to the root user and the security group. This command should be installed as a program in the trusted computing base (TCB). The command should be owned by the root user with the setuid (SUID) bit set.



Reference



0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Text Widget

Copyright © Vinay's Blog | Powered by Blogger

Design by | Blogger Theme by