13.3.11 /etc/environment

13.4 User Administration Tasks

User administration creates users, defines or changes their attributes, and defines security environment for the users. These topics are discussed in the following sections.

13.4.1 Adding a New User Account

The mkuser command creates a new user account. The Name parameter must be a unique 8-byte or less string. By default, the mkuser command creates a standard user account. To create an administrative user account, specify the -a flag.

The mkuser command does not create password information for a user, and, therefore, the new accounts are disabled until the passwd command is used to add authentication information to the /etc/security/passwd file. The mkuser command only initializes the Password attribute of /etc/passwd file with an * (asterisk).

13.4.2 Creating or Changing User Password

The passwd command will create an encrypted passwd entry in /etc/security/passwd and change the Password attribute of /etc/passwd from * to ! (exclamation).

You could also use the (SMIT) smit mkuser fast path to run this command.

13.4.3 Changing User Attributes

The chuser command changes attributes for the user identified by the Name parameter. The user name must already exist as an alphanumeric string of eight bytes or less.

Note

Do not use the chuser command if you have a Network Information Service (NIS) database installed on your system.

Only the root user can use the chuser command to perform the following tasks:

The following examples show the use of the chuser command with various flags.

13.4.4 Displaying User Attributes

The lsuser command displays the user account attributes. You can use this command to list all attributes of all the users or all the attributes of specific users except their passwords. Since there is no default parameter, you must enter the ALL keywords to see the attributes of all the users. By default, the lsuser command displays all user attributes. To view selected attributes, use the -a List flag. If one or more attributes cannot be read, the lsuser command lists as much information as possible.

Note-NIS Users

If you have a Network Information Service (NIS) database installed on your system, some user information may not appear when you use the lsuser command.

By default, the lsuser command lists each user's attributes on one line. It displays attribute information as Attribute=Value definitions each separated by a blank space. To list the user attributes in stanza format, use the -f flag. To list the information as colon-separated records, use the -c flag.

The following examples shows the use of the lsuser command with various flags.

13.4.5 Removing a User Account

The rmuser command removes the user account identified by the Name parameter. This command removes a user's attributes without removing the user's home directory and files. The user name must already exist as a string of eight bytes or less. If the -p flag is specified, the rmuser command also removes passwords and other user authentication information from the /etc/security/passwd file.

Only the root user can remove administrative users.

13.4.6 Changing Security Attributes of User

The chsec command changes the attributes stored in the security configuration stanza files. The following security configuration stanza files have attributes that you can specify with the Attribute = Value parameter.

When modifying attributes in the /etc/security/environ, /etc/security/lastlog, /etc/security/limits, /etc/security/passwd, and /etc/security/user files, the stanza name specified by the Stanza parameter must either be a valid user name or default.

When modifying attributes in the /etc/security/group file, the stanza name specified by the Stanza parameter must either be a valid group name or default.

When modifying attributes in the /usr/lib/security/mkuser.default file, the Stanza parameter must be either admin or user.

When modifying attributes in the /etc/security/portlog file, the Stanza parameter must be a valid port name. When modifying attributes in the /etc/security/login.cfg file, the Stanza parameter must either be a valid port name, a method name, or the usw attribute.

When modifying attributes in the /etc/security/login.cfg or /etc/security/portlog files in a stanza that does not already exist, the stanza is automatically created by the chsec command.

Note

You cannot modify the password attribute of the /etc/security/passwd file using the chsec command. Instead, use the passwd command.

The following examples show the usage of chsec command to change security stanzas in various files.

13.4.7 Displaying Currently Logged Users

The who command displays information about all users currently on the local system. The following information is displayed: Login name, tty, and the date and time of login. Entering who am i or who am I displays your login name, tty, and the date and time you logged in. If the user is logged in from a remote machine, then the host name of that machine is displayed as well. The who command can also display the elapsed time since line activity occurred, the process ID of the command interpreter (shell), logins, logoffs, restarts, and changes to the system clock, as well as other processes generated by the initialization process.

Note

The /etc/utmp file contains a record of users logged into the system. The command who -a processes the /etc/utmp file, and if this file is corrupted or missing, no output is generated from the who command.

The following examples show the usage of the who command with various flags.

13.4.8 Changing User Login Shell

The chsh command changes a user's login shell attribute. The shell attribute defines the initial program that runs after a user logs in to the system. This attribute is specified in the /etc/passwd file. By default, the chsh command changes the login shell for the user who gives the command.

The chsh command is interactive. When you run the chsh command, the system displays a list of the available shells and the current value of the shell attribute, as shown in Figure 122. In addition to the default shells (/usr/bin/ksh, /usr/bin/sh, /usr/bin/bsh, /usr/bin/csh) your system manager may have defined more. Then, the system prompts you to change the shell. You must enter the full path name of an available shell.

If you have execute permission for the chuser command, you can change the login shell for another user.



Figure 122: chsh Command

13.4.9 Changing the Shell Prompt

The shell uses the following three prompt variables.

PS1
Prompt used as the normal system prompt.
PS2
Prompt used when the shell expects more input.
PS3
Prompt used when you have root authority.

You can change any of your prompt characters by changing the value of its shell variable. The changes to your prompts last until you log off. To make your changes permanent, place them in your .env file.

The following command shows how to display the current value of the PS1 variable.

# echo "prompt is $PS1":
prompt is $

The following example shows the command to change the prompt to Ready>:

export PS1="Ready> "

The following example shows the command to change the continuation prompt to Enter more->:

export PS2="Enter more->"

The following example shows the command to change the root prompt to Root->:

export PS3="Root-> "

13.4.10 Starting AIX Common Desktop Environment

If the AIX Common Desktop Environment is not set up to start automatically on a locally attached graphics display, you can use the following command to start the desktop from an AIX command line.

xinit /usr/dt/bin/Xsession

Using the xinit command starts the desktop without bringing up the whole desktop environment. You will bypass the login screen when you start the desktop, and when you exit, you will return to a command line rather than an AIX Common Desktop Environment login screen. You will, however, use the same desktop applications you would use had you started the desktop from the welcome screen.

You can set up the system so that the AIX Common Desktop Environment comes up automatically when you start the system, or you can start AIX Common Desktop Environment manually. You must log in as root to perform each of these tasks.

13.4.10.1 Enabling and Disabling Desktop Autostart

To enable the desktop autostart, use smit dtconfig or dtconfig -e.

To disable the desktop autostart, use smit dtconfig or dtconfig -d.

13.4.10.2 Starting AIX Common Desktop Environment Manually.

Use the following command to start the AIX Common Desktop Environment at the command line.

/usr/dt/bin/dtlogin -daemon

A Desktop Login screen will display. When you log in, you will start a desktop session.

13.4.10.3 Stopping AIX Common Desktop Environment Manually.

When you manually stop the login manager, all X servers and desktop sessions that the login manager started are stopped.

  1. Open a terminal emulator window and log in as root.

  2. Obtain the process ID of the Login Manager by entering the following:
    cat /var/dt/Xpid
    

  3. Stop the Login Manager by entering:
    kill -term process_id
    

13.5 Error Messages