Adding a new user account : mkuser
The mkuser command creates a new user account. The Name parameter must be a unique 8-byte or less string. By default, the mkuser command creates a standard user account. To create an administrative user account, specify the –a flag.
The mkuser command does not create password information for a user, therefore, the new accounts are disabled until the passwd command is used to add authentication information to the /etc/security/passwd file. The mkuser command only initializes the Password attribute of /etc/passwd file with an * (asterisk).
You use this command to create the AIX user and set its initial values. There are a few simple rules to remember when creating a user:
- Users cannot start with a:
- Dash or minus sign (
-) - Plus sign (
+) - At symbol (
@) - Tilde (
~)
- Dash or minus sign (
- Users cannot be named ALL or default, as those names are reserved for the operating system.
- User names cannot include:
- Colon (
:) - Quotation marks—single or double (
'or") - Pound or hash symbol (
#) - Comma (
,) - Equal sign (
=) - Slashes—back or forward (
\or/) - Question mark (
?) - Back quote or tick (
`) - White space (space or tab)
- New-line characters
- Colon (
- User names can only be eight characters or fewer in AIX version 5.2 and earlier. Starting with AIX version 5.3, IBM increased the maximum number of characters to 255.
To verify the setting in AIX 5.3 and later, you can extract the value from
getconf:# getconf LOGIN_NAME_MAX
9
|
or
lsattr:# lsattr -El sys0
SW_dist_intr false Enable SW distribution of interrupts True
autorestart true Automatically REBOOT OS after a crash True
boottype disk N/A False
capacity_inc 1.00 Processor capacity increment False
capped true Partition is capped False
conslogin enable System Console Login False
cpuguard enable CPU Guard True
dedicated true Partition is dedicated False
enhanced_RBAC true Enhanced RBAC Mode True
ent_capacity 1.00 Entitled processor capacity False
frequency 2656000000 System Bus Frequency False
fullcore true Enable full CORE dump True
fwversion IBM,EL340_075 Firmware version and revision levels False
id_to_partition 0X80000CE988400001 Partition ID False
id_to_system 0X80000CE988400000 System ID False
iostat false Continuously maintain DISK I/O history True
keylock normal State of system keylock at boot time False
log_pg_dealloc true Log predictive memory page deallocation events True
max_capacity 1.00 Maximum potential processor capacity False
max_logname 9 Maximum login name length at boot time True
maxbuf 20 Maximum number of pages in block I/O BUFFER CACHE True
maxmbuf 0 Maximum Kbytes of real memory allowed for MBUFS True
maxpout 0 HIGH water mark for pending write I/Os per file True
maxuproc 800 Maximum number of PROCESSES allowed per user True
min_capacity 1.00 Minimum potential processor capacity False
minpout 0 LOW water mark for pending write I/Os per file True
modelname IBM,8203-E4A Machine name False
ncargs 256 ARG/ENV list size in 4K byte blocks True
nfs4_acl_compat secure NFS4 ACL Compatibility Mode True
pre430core false Use pre-430 style CORE dump True
pre520tune disable Pre-520 tuning compatibility mode True
realmem 3784704 Amount of usable physical memory in Kbytes False
rtasversion 1 Open Firmware RTAS version False
sed_config select Stack Execution Disable (SED) Mode True
systemid IBM,021082744 Hardware system identifier False
variable_weight 0 Variable processor capacity weight False
|
To change the value, simply adjust the
v_max_logname parameter (shown as max_logname in lsattr) using chdev to the maximum number of characters desired plus one to accommodate the terminating character. For example, if you want to have user names that are 128 characters long, you would adjust the v_max_logname parameter to 129:# chdev -l sys0 -a max_logname=129
sys0 changed
|
Please note that this change will not go into effect until you have rebooted the operating system. Once the server has been rebooted, you can verify that the change has taken effect:
# getconf LOGIN_NAME_MAX
128
|
Keep in mind, however, that if your environment includes IBM RS/6000® servers prior to AIX version 5.3 or operating systems that cannot handle user names longer than eight characters and you rely on NIS or other authentication measures, it would be wise to continue with the eight-character user names.
To create a user with default settings and allocate the next available UID, simply execute
mkuser plus the user name as the root user:# mkuser xander
# finger xander
Login name: xander
Directory: /home/xander Shell: /usr/bin/ksh
No Plan.
|
Easy, isn't it? Try something a bit more personable. By adding some values found in the
chuser man page (man chuser), you can include the user's GECOS information and change his or her core ulimit to 524,288, as shown in Listing 6.Listing 6. Change a user's core ulimit
# mkuser core=524288 gecos="Xander Cormany,317.555.1234" xander
# finger xander
Login name: xander In real life: Xander Cormany
Site Info: 317.555.1234
Directory: /home/xander Shell: /usr/bin/ksh
No Plan.
# su - xander "-c ulimit -a"
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 4194304
memory(kbytes) unlimited
coredump(blocks) 524288
nofiles(descriptors) unlimited
threads(per process) unlimited
processes(per user) unlimited
|
It's worth mentioning that the GECOS, like any other field in /etc/passwd, should not include a colon (
:) in the value. By trying to add a colon, the fields will be adjusted, and all expected values would shift to the right. For instance, if the user tried to haveXander:Cormany in the GECOS field in /etc/passwd, Xander would actually be in the correct field, while Cormany would be the value of the field to the right (that is, the home directory). Also, the GECOS field cannot end with !#.Most administrators do not really use the command line like this, but it is important to understand what utilities like SMIT (
man smit or man smitty) are doing behind the scenes. If you would rather continue through SMIT, the process is simple. Here's an example of creating the same user with the same attributes through SMIT. By entering SMIT directly into the user creation screen, you go in using the fastpath mkuser:# smitty mkuser
|
Figure shows the SMIT utility in action.
When you are finished filling out the user name, GECOS field, and core
ulimit, click Enter to create the user. When SMIT returns that the command finished successfully, click F10 or Esc + 0 to exit the program. You can verify the user using the code in below listingListing Verify that SMIT correctly created the user
# finger xander
Login name: xander In real life: Xander Cormany
Site Info: 317.555.1234
Directory: /home/xander Shell: /usr/bin/ksh
No Plan.
# su - xander "-c ulimit -a"
time(seconds) unlimited
file(blocks) unlimited
data(kbytes) unlimited
stack(kbytes) 4194304
memory(kbytes) unlimited
coredump(blocks) 524288
nofiles(descriptors) unlimited
threads(per process) unlimited
processes(per user) unlimited
|
No comments:
Post a Comment