AIX User Administration

July 11, 2016 by S4

Filed under AIX

Last modified July 15, 2016

AIX User Administration



  1. Introduction
  2. Standard Operating Procedure – AIX User Administration

2.1) AIX user administration related command.

2.2) AIX user administration task.

  1. Adding a new user account
  2. Removing a user
  3. Displaying a user attributes
  4. Create or changing the user password
  5. changing the user attributes

2.3) Common login errors.

2.4)AIX user administration related files.

  1. Acronyms and Definitions
  2. Reference

1.) Introduction:

This document provides the SOP to AIX user administration and trouble shooting procedure.

Note : We can change the group attributes by chsec command or by editing the

/usr/lib/security/mkuser.default file.

2.) Standard Operating procedure :

2.1 ) AIX user administration related command :

Some important command for user administration.

# mkuser : Create the new user account .

# passwd : create or changes the password of a user .

# chuser : Changes the suer attributes.

# lsuser : Display user account.

# rmuser : Removes a user account.

# chsec : Changes the attributes of security stanzas files.

# login : Initiates a user sessions.

# who : Identifies the currently logged in user.

# dtconfig : Enables or Disable the desktop auto start feature.

2.2 ) AIX user administration task :

  1. a) Adding a new user account :

By default the # mkuser command uses to create a new standard user account and it takes

the user name as primary parameter and it has to be unique. To create a administrative user

the command is # mkuser –a <user name>.

We can use smitty fast path also to create a new user.

Example : smitty user è create a new user è press enter and supply the desire inputs.

  1. b) Removing a user :

The # rmuser command is used to remove the user account. The rmuser –p command is

used to remove all user attributes, authentication info and password information from

/etc/security/passwd file.

Example : # mksuer –p < user name>

Alternatively we can use smitty fast path to remove a user account.

Example : # smitty rmuser

  1. c) Displaying a user attributes :

The # lsuser command list the user attributes. The # lsuser all <user name> command will

display all attributes of a user.

To display the user attributes in default format – # lsuser < user name >

To display the user ID, groups and home directory in colon format –

# lsuser –c –a id home groups < user name >

Alternatively we can use smitty fast path.

# smitty user è chamge/show characteristic of a user è hit enter and

give user name.

  1. d) changing the user attributes :

The # chuser command is used to change the user attributes of a existing user.

Note: We should not change the user attributes for NIS implemented system.

Chuser perform the below task –

  1. i) can make a user to an administrative user
  2. ii) can change any attributes of a administrative user.

iii) Add a user to an administrative group.

Example: i) enable user to access the system remotely –

# chuser rlogin=true <user name>

  1. ii) add a user to a new group –

# chuser groups=<new groups> < user name>

Alternatively we can use the smitty fast path –

# smitty chuser è hit the enter and change the desire field .

  1. e) Create or changing the user password :

The passwd command is run to create or change the user password. It creates a encrypted

password entry in /etc/security/passwd file and also change the user’s password attributes in

the /etc/passwd file from ‘*’ to ‘!’ .

Example: i) # passwd –f < user name > – to change the ‘Gecos ‘info from

/etc/passwd file.

  1. ii) # passwd < user name > – it will change the default password of a user.

Alternatively we can use the smitty fast path –

# smitty passwd è hit enter, it will ask for old password 1st then new password.

2.3) Common login error :

Some common user login error code and its possible cause given for reference.

3004-004 : You must “exec” login from the lowest login shell . You

attempted to log off the system while processes are still running

in another shell.

3004-007 : You entered an invalid login name or pa ssword. You tried to

log in to a system that does not recognize your login or


3004-008 : Failed setting credentials. Login failed.

3004-009 : Failed running login shell. You tried to log in to a system that

has a damaged login shell. The login shell does not exist.

3004-030 : You logged in using all uppercase characters. You

attempted to log in with Caps Lock on.

3004-031 : Password read timed out –possible noise on port. You

logged in but did not enter your password within a specified

amount of time. Your password was n ot validated within a

specified amount of time due to a failed network connection.

3004-302 : Your account has expired. Please see the system

administrator. Your password has expired.

3004-312 : All available login sessions are in use. You tried to log in to

a system that had all present sessions in use.

3004-687 : User does not exist. You specified an invalid user name with

the lsuser, chuser, rmuser, or passwd command.

2.4 ) AIX user adminstration related files :

/etc/security/environ : This ascii file Contains the environment attributes of a user. The #

mkuser, # lsuser, # chuser, # rmuser creates, list, change and remove the user environment

attributes stanzas in this file.

/etc/security/lastlog : This ascii file contains the last login attributes of user. When one user

login in to the system the login command updates the file.

/etc/security/limits : This ascii file contains the process resource limits of each user.

/usr/lib/security/mkuser.default : This ascii file contains the default attributes for new users.

/usr/lib/security/mkuser.sys : This file is a script file and i ts Customizes new user accounts.

/etc/passwd : Contains the basic attributes of users. The user password attributes will be in below forms.


/etc/security/passwd : This ascii file contains stanzas of user password information.

/etc/security/login.cfg :This ascii file contains stanzas of configuration information for login and


/etc/security/failedlogin : Records all failed login attempts.

/etc/environment : This file contains basic environment variable of all process. Here are some example of

basic environment variable.

HOME : The full path name of the user login or HOME directory. The login

program sets this to the directory specified in the /etc/passwd file.

LANG : The locale name currently in effect. The LANG variable is set in the

/etc/environment file at installation time.

NLSPATH : The full path name for message catalogs.

PATH : The sequence of directories that commands such as sh, time,

nice, and nohup search when looking for a command whose path

name is incomplete. The directory names are separated by colons.

LPDEST : The printer to use when a print -related command does not specify

a destination printer.

TERM : The terminal type.

EDITOR : The default editor to be used by various commands th at perform

editing functions, such as crontab.

TZ : The time zone information.

/etc/profile : Specifies additional environment settings for all users. It is the 1 st file that OS uses at the

login time. It controls the global default variable such as export variable, umask, terminal types, mail


$HOME/.profile : Specifies environment settings for a specific user.

/etc/group : Contains the basic attributes of groups.

/etc/security/group : Contains the extended attributes of groups.


3.) References

Leave a Comment