User/Groups Administration

http://www.ibm.com/developerworks/aix/library/au-aixuseradmin/
Look at the some of the files that affect the user itself: /etc/passwd /etc/security/.profile /etc/security/limits /etc/security/passwd /etc/security/user /usr/lib/security/mkuser.default

File-1:

/etc/passwd

The file /etc/passwd contains the basics of a user:

As you can see, the file is colon (:) delimited, and each entry contains seven fields in the following format:

Each of the field is: i. ii. Username. This is the login/user name associated with the account. Password Flag. This field varies slightly in different flavors of UNIX and Linux. In AIX, the second field can contain one of two characters, either ! or *. If the ! is displayed, a password has been set for the user. If no password has been set, * appears. The passwords themselves are stored in /etc/security/passwd. UID. The User Identifier (UID) is a numeric identifier to a user. GID. The Group Identifier (GID) is similar to the UID but is associated with groups. The GIDs are defined in /etc/group.

iii. iv.

v.

vi. vii.

GECOS. The General Electric Comprehensive Operating System (GECOS) information is stored in the fifth field. The user's name, phone numbers, and other generic personal information are stored here. Home. This is the user's home directory. Shell/Command. Typically, the seventh and final field contains the shell that is started at the user's login. Administrators can also change this field to execute other commands instead of shells to limit access (for example, /bin/false).

File-2:

/etc/security/.profile

When you create a user using the mkuser command, the script /usr/lib/security/mkuser.sys is executed. This script creates the user's directory, sets the correct permissions, and "creates" the user's .profile. The mkuser.sys script actually copies the /etc/security/.profile file into the user's new home directory.

If you are building a new system, or maybe a new division of 100 people needs accounts on a system, make sure you make your changes to the /etc/security/.profile file before creating all the users' accounts.

File-3:

/etc/security/limits

The /etc/security/limits file contains all the ulimits, or users' system resource limitations. Table 1 defines the fields in the /etc/security/limits file and their use.

Soft limit is a value that a user or application can change on the fly up to the maximum (the hard limit). Hard limit is just that -- the maximum value a parameter can be set to. You can set the parameter to -1, which translates to unlimited. The /etc/security/limits file contains a section called default that defines a template of standard values for each user unless that user has set custom values.

In the given example few resource values are maintained for user pac.

File-4:

/etc/security/passwd

The /etc/security/passwd file contains the AIX user's password information. The file contains three fields per user: password. Encrypted password. Note: If this field contains only an asterisk (*), the account is locked until a password has been set. lastupdate. Number of seconds since epoch when the password was last updated. flags. Restrictions to changing the user's password. You can set three different flags: o o o ADMIN. If set, only the root user can change the user's password. ADMCHG. If set, the user is prompted to change his or her password on the next login/su. NOCHECK. If set, any additional restrictions in /etc/security/user are ignored.

File -5:

/etc/security/user

The /etc/security/user file contains the most important settings:

File -6:

/usr/lib/security/mkuser.default

The /usr/lib/security/mkuser.default file contains values used when creating a new AIX user through mkuser. Listing 5 provides an example of what the file may look like on your system.

Commands: 1) mkuser: create new user

2) chuser: change users resource limit

3) chsh: change users default shell

4) chfn: change GECOS field

5) lsuser: all user information from various files

6) passwd: Basically used to change user password. Also can be used to change GECOS and shell.

Also can use pwdadm to change user password:

7) rmuser: To remove a user, simply execute rmuser with the user's account name as the argument. Doing so with no switches removes the user from the system, but the user's password information will be retained in the /etc/security/passwd file:

Groups Administration
File-1: Etc/group Etc/security/group /etc/group

The /etc/group file contains the basics of a group.

Each entry contains only four fields in the following format:

Group Name. The group name associated with the group. Password Flag. This field is not used in AIX. Instead, AIX uses the /etc/security/group file for group administrators. GID. The GID associated with the group. User(s). The list of users who are members of the group. Note: This field is comma delimited.

File-2:

/etc/security/group

It contains extended attributes to the specified group. A nice feature of this file is that it allows you to set administrator rights to a standard user for a group. The administrators of that group can then modify the group as they see fit by adding members to or removing members from the group.

Few parameters that are mentioned in this file are: adms (values=user1, user2, ) : list of users with administrative rights to the group. admin (values=TRUE | FALSE) : if True, the group has administrative rights to the group

Commands: 1) mkgroup: create new group/also to add a user in group

To create an admin group, add the a:

To create a group and add Xander as the administrator of the group:

2) chgroup: change GID and user

3) chgrpmem: allows you to list, add, and remove users from a group as well as modify the administrators of the group. Exm-1: user atc is removed from group xangroup)

Exm-2: Add user atc in group, provide administrator rights to atc for the group. Remove user xander from group:

4) lsgroup: display all the info for a group

5) rmgroup : The rmgroup command does not allow you to remove the group until you have moved all users that have the group as their primary group to another group.

Chown/chmod chown Use the chown command to change user and/or group ownership of for given file(or directory)

Example:

(i) change user ownership (user: vivek)for file:

(ii) Change user ownership (user: vivek) as well as group ownership (group:vivek) for file:

Similarly w can change ownership for directories (as well as sub-directories/files):

(change ownership of directory /u and also its sub-directories/files)

Use the chmod command to change file access permissions such as read, write, and access.

PORTS/SERVICES
File: /etc/services On UNIX the /etc/services file maps port numbers to named services. The /etc/services file enables server and client programs to convert service names to these numbers -ports. Each entry in the file have given format:

ServiceName: Specifies an official Internet service name. PortNumber: Specifies the socket port number used for the service. ProtocolName: Specifies the transport protocol used for the service. Aliases: Specifies a list of unofficial service names.

The entries of /etc/services file:

Port no. are divided in 3 ranges:

Command to display listening sockets (open ports): netstat net |grep LISTEN

Mount Filesystem
Step-1: First Export NFS filesystem from source system. To show what is being exported on the source server: showmount e If the command above does not show the correct mount points that needs to be exported. You can run the following command to attempt to export the filesystems: exportfs a

Step-2: Mounting NFS mount points on target server. mount (IP):(mount point) (mount point)

Unmount filesystems.

To unmount the filesystem on the source server that is being NFS on other systems. a) First unmount the NFS mount points on the target server. umount (filesystems) target servers b) Then unmount the filesystem on the source server once the target servers are unmounted. umount (filesystems)

Cronjobs The cron daemon, which translates to Chronological Data Event Monitor, is a program that schedules jobs to run automatically at a specific time and date. The /etc/inittab file contains all the AIX startup programs, including the cron daemon. The init process in AIX starts the cron daemon, or cron, from the inittab file during the initialization process of the operating system. Cron is a daemon that executes scheduled commands. Cron searches its spool area (/var/spool/cron/crontabs) for crontab files (which are named after accounts in /etc/passwd); crontabs found are loaded into memory. Note that crontabs in this directory should not be accessed directly - the crontab command should be used to access and update them. Cron then wakes up every minute, examining all stored crontabs, checking each command to see if it should be run in the current minute. When executing commands, any output is mailed to the owner of the crontab (or to the user named in the MAILTO environment variable in the crontab, if such exists) You can submit jobs, or events, to cron by doing one of the following: Use the at and batch facilities to submit jobs for one-time execution. Use the crontab files to execute jobs at regularly scheduled intervals (hourly, daily, weekly, and so on).

At regularly scheduled intervals, cron looks for and reads the crontab files that are located in the directory /var/spool/cron/crontabs. These files contain jobs submitted by users. For example, the file /var/spool/cron/crontabs/john contains John's jobs that are scheduled to be run by cron The cron daemon reads the files in the /var/spool/cron/crontabs directory. The files in this directory are named for the individual users.

crontab -l crontab -e

Lists the contents of your current crontab file Edits your current crontab file (when the file saved, the cron daemon is automatically refreshed.) crontab -r Removes your crontab file from the crontab directory crontab -v Check crontab submission time crontab mycronfile Submit your crontab file to /var/spool/cron/crontabs directory

If you call it with the -u option, it specifies the name of the user whose crontab is to be tweaked. If this option is not given, crontab examines "your" crontab, i.e., the crontab of the person executing the command. To list cron jobs of a specifc user: crontab -u exampleuser -l

crontab file format: minute hour day_of_month month 0-59 0-23 1-31 1-12 weekday command

0-6 Sun-Sat

shell command

* * * * * /bin/script.sh 0 1 15 * * /fullbackup

schedule a job to run every minute 1 am on the 15th of every month

0 0 * * 1-5 /usr/sbin/backup start the backup command at midnight, Mo - Fr 0,15,30,45 6-17 * * 1-5 /home/script1 6AM and 5PM, Mo Fr execute script1 every 15 minutes between

As well as the above there are also special strings that can be used:
@reboot <command> #Runs at boot @yearly <command> #Runs once a year [0 0 1 1 *] @annually <command> #Runs once a year [0 0 1 1 *] @monthly <command> #Runs once a month [0 0 1 * *] @weekly <command> #Runs once a week [0 0 * * 0] @daily <command> #Runs once a day [0 0 * * *] @midnight <command> #Runs once a day [0 0 * * *] @hourly <command> #Runs once an hour [0 * * * *]

Specifying a crontab file to use As mentioned at the top of this post, you can create a new crontab file with the crontab -e command. However, you may already have a crontab file, if you do you can set it to be used with the following command: crontab -u <username> <crontab file>

AIX Emails TO read the email in AIX we use following command: # mailx Or # mail Or # Mail

mail, Mail, or mailx Command Purpose Sends and receives mail. Syntax To Read Incoming Mail mail -e mail -f [ -dlHNn ] [ -F ] [ FileName ] mail [ -dlHNn ] [ -F ] [ -u UserID ]

To Send Mail mail [ -s Subject ] [ -c Address(es) ] [ -dinNv ] Address

The mail command operates on two types of mailboxes, the system mailbox and the personal mailbox. Incoming mail is stored in the system mailbox. By default, a user's system mailbox is a file located in the /var/spool/mail directory. The mailbox file is named after the userID. For example, if your user ID is jeanne, then your system mailbox is /var/spool/mail/jeanne. In addition to the system mailbox, there is the user's personal mailbox. As messages are read, if they are not deleted or saved to a file, they will be marked to be moved to the personal mailbox. The personal mailbox, by default, is $HOME/mbox. For example, if your home directory is /home/lance, then /home/lance/mbox is your personal mailbox. The messages remain in your personal mailbox until you move them to a folder or delete them.

To start the Mail program and list the messages in your mailbox, type the following at the command line prompt:

mail

The mail command lists every messages in your system mailbox. The mail system then displays the mailbox prompt (?) to indicate waiting for input. When you see this prompt, enter any mailbox subcommand. To see a list of subcommands, type: ? This entry lists the Mail subcommands. 2 To send the message letter to the recipient user1@host1 and copies to user2@host2 and user3@host3, type:

mail -c "user2@host2 user3@host3" user1@host1<letter 3 To look at the contents of your personal mailbox, type:

mail -f

This command displays a list of the messages in your personal mailbox, $HOME/mbox. 4 To look at the contents of a specific mail folder, type:

mail -f +dept

This command displays a listing of the messages in the dept folder. 5 To send a message to a user on your local system, type:

mail ron

When you finish typing the message to user ron, press Enter and Standard input

Files

$HOME/.mailrc Contains the mail subcommands to customize the Mail program for a specific user. $HOME/mbox Contains your personal mailbox. /usr/share/lib/Mail.rc Contains the file with mail subcommands to change the Mail program for all users on the system. /var/spool/mail/*

Contains system mailboxes for all users. /usr/bin/mail Contains the mail command. /usr/bin/Mail Contains the Mail command. /usr/bin/mailx Contains the mailx command.