Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

/etc/security/user questions

Status
Not open for further replies.
madra

madra

MIS
Feb 12, 2003
95
GB

I've changed /etc/security/user defaults, for example:
maxage=4
histexpire=52
minlen=6

My questions are:

1) When creating a new user through smit, these defaults do not appear as part of the stanza, is this correct ?

2) Do I need to have a create user script to implement the new defaults ?

3) If a user ID exists before these changes are made, when is their ID/stanza updated and the changes come into effect ?

thanks in advance

the dog
 
Sort by date Sort by votes
Sorry forgot to answer other parts.

I believe these only come into effect when using mkuser see end of man page for which file does what. Also see chuser

Mike

"A foolproof method for sculpting an elephant: first, get a huge block of marble, then you chip away everything that doesn't look like an elephant."

 
Upvote 0 Downvote
1.) new users do not need to have defaults explicitly defined

2.) no script needed, unless you want one for other reasons

3.) stanzas for current users don't have to update (sorta)

The way /etc/security/user works is that any attribute NOT defined in a user's stanza is picked up from the default stanza.

So a default user should have a mostly empty stanza, possibly with nothing but an "admin" value.

When an attribute is changed for a particular user, for instance by using chuser, then the new attribute/value pair is written into their stanza and overrides the default stanza for them.

So look through your /etc/security/user file for stanzas containing any of the attributes who's defaults you've changed. Those will be the only users you'll need to change if you want them to have the default values. The safest way to change them is with chuser, but if you really know what you're doing you can edit the file directly (but back it up first!).

Admin Horror Note: On a machine I recently took over administration of, the /etc/security/user file contained oodles of ^M, which were causing strange behaviour when trying to do simple lsuser commands. Someone had ftp'd the file in binary mode to a Windows or DOS machine, edited it, and ftp'd it back in binary mode. <shudder>

Rod Knowlton
IBM Certified Advanced Technical Expert pSeries and AIX 5L
CompTIA Linux+
CompTIA Security+

 
Upvote 0 Downvote
thanks for your replies, v much appreciated
 
Upvote 0 Downvote
For those nervous about editing /etc/security/user, or, like me, want to do it from a script file, try
Code: 
man chsec
I know that real gurus edit security files with 'ed' but mere mortals are only too aware of what can happen when typos appear. I just love Rods story about the ^Ms. Reminds me of a time when someone edited /etc/passwd with Uniplex (ask your parents) and left ruler lines.

Columb Healy
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AnjuSingh
  • Locked
  • Question
Hello, I have a generic user whi
Replies
3
Views
163
iggsterman
iggsterman
sivakavi
  • Locked
  • Question
unable to delete user or create user
Replies
1
Views
171
sivakavi
sivakavi
generaal
  • Locked
  • Question
Samba security
Replies
0
Views
123
generaal
generaal
macrun95
  • Locked
  • Question
Bypassing /etc/nologin for specific users
Replies
1
Views
103
AIXLogician
AIXLogician
generaal
  • Locked
  • Question
Copying a user profile
Replies
6
Views
216
generaal
generaal

Part and Inventory Search

Sponsor

Back
Top