check if account is locked 1

[philipose]

hi,
If I am a non root user and cannot read any files in /etc/security. Is it possible for me to see if a user id is locked or not ? The lsuser command does not show the account_locked attribute. The OS I am using is AIX 5.3

Regards
philipose

 

[khalidaaa]

I don't think you can philipose! This will violate the reason behind maintaining those files with root access only! unless you change the those files permissions which i don't advice you to do! or use sudo!

The way you do it is to use root is this:

lsuser -a account_locked unsuccessful_login_count {ALL|user_name}

http://www.tek-tips.com/viewthread.cfm?qid=1432961&page=10

Regards,
Khalid

 

[khalidaaa]

Going thru the lsuser man page, i was surprise to see no mention on the root only permission!

http://publib.boulder.ibm.com/infoc...pic=/com.ibm.aix.cmds/doc/aixcmds3/lsuser.htm

I never used the lsuser with other than root to be honest! shame that i don't have aix box for now to try it though!

Regards,
Khalid

 

[sraj142]

It is as simple as the following....from any user )

lsuser -f <user_id> | grep locked

Regards,
Sraj

 

[philipose]

Khalid,
Thanks for your help. But this is what I get when I do
lsuser -a account_locked $USER

3004-697 Attribute "account_locked" is not valid.

A user with root access confirmed that he could see this attribute when running lsuser.

I think I wont pursue this further.
Thanks again
philipose

 

[sraj142]

Hi philipose....

Have you got the reqult with my above suggestion ? If you need status of all the attributes you may just use " lsuser -f <userid> "

Regards,
Sraj

 

[philipose]

Sraj,

The attributes I can see when I do a lsuser or a lsuser -f are

id, pgrp, groups, home, shell, gecos, roles, registry

Maybe at an SA level they could change things.
philipose

 

[sraj142]

Hi philipose,
You are right, its required SA rights at least, but not the super user.
Without SA, I am also with Khalid. It may not be possible.

Regards- Sraj