How to Change Characteristics of Users 2

[shoux]

Dear friends,

Currently, I’m using AIX 4.3 on Risc 6000 Box. I have 500 user ID setup into the system. I want to change the characteristic of each user ID. The following is the criteria :-

Password MIN. LENGTH [6]
Password Max. AGE [8]
Number of pass. Before reuse [3]

Normally, I have to run a command such as smit users > change/show char. Of a User to implement this. As far I’m concern, I believe this exercise can be done through scripts. Therefore, if any one of you have a scripts please provide to me in order me to setup into my system.

Thanks you in advance

Shoux

 

[crowe]

I believe that you could just edit the /etc/security/user file and add these three lines to each users stanza that you wanted to.

testuser:
minlen = 6
maxage = 8
histsize = 3

crowe

 

[aixqueen]

Well two things to consider....

do one and then modify the /smit.script file which will have the commands for you...

an easier way may be to go to /etc/security/user

and edit the default .......... (and make sure it is not included in each user profile for min and max etc....... then those that are exceptions you can add the stanzas for them....
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups = ALL
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 022
expires = 0
SYSTEM = "compat"
logintimes =
pwdwarntime = 0
account_locked = false
loginretries = 0
histexpire = 0
histsize = 0
minage = 0
maxage = 8
minlen = 6
maxexpired = -1
minalpha = 0
minother = 0
root:
admin = true



MAKE SURE YOU DO THE README On the file......... to be sure you are covered...remember default is for everyone who does not have their own stanza with the exact parameters reset......
Good luck

Maybe someone will have a script for you.
SYSTEM = "compat"
loginretries = 0
minlen = 0
maxage = 0
account_locked = false
minage = 0
maxage = 0
maxexpired = -1
minalpha = 0
minother = 0

 

[shoux]

Dear crowe and aixqueen,

How to run global change in vi mode for that particular field ? (/ect/security/user)

Thanks for your co-operation

Shoux

 

[aixqueen]

you just vi the file ....do just the default user section........when they log out and log back in...it is in effect....(do not change permissions of the file) because if you are not root and you change permissions, you will have problems logging in.....so do cautiously....and make sure you have a good current mksysb on hand just in case...

Just double check that each user does not have a stanza that includes the three specific variable you change...if it does it will overwrite what you set in default....

Each user will have a stanza...but usually it does not include all the fields...so the default user is the way to go...If your user stanzas have all the variables...then it is not an easy process....

 

[LHCB]

Changing the default is best. That way every time a new user is created in smit it will always be there. But if you REALLY want it in a script let me know.

 

[ElgisRamon]

Try [tt]man chsec[/tt], it's a command to edit variables in any file (specially security related).

I think you can use it like:
[tt]
chsec -f /etc/security/user -s default -a varname=value
[/tt]

I hope it works...
Unix was made by and for smart people.

 

[aixqueen]

http://www.rs6000.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds1/chsec.htm

You are correct ElgisRamon....chsec is the best way to do it...I guess we all get
sloppy with using vi...............

The chsec command changes the attributes stored in the security configuration
stanza files. These security configuration stanza files have attributes that you can
specify with the Attribute = Value parameter:

/etc/security/environ
/etc/security/group
/etc/security/lastlog
/etc/security/limits
/etc/security/login.cfg
/usr/lib/security/mkuser.default
/etc/security/passwd
/etc/security/portlog
/etc/security/user

 

[shoux]

Dear friends

First of all I would like to thank you guys for the information previously. That is crowe,aixqueen,LHCB and ElgisRamon.
Your assistance has been a great help to me.
However, I would like to ask favour from you to solve this matter, here it is :-
I would like to remove a field from vi editor. The field is minalpha and minother and as follows.

User1
admin = false
minalpha = 3
minother = 2
maxexpired = 0
histexpire = 0


How to execute a global removed using vi editor ?. Four your info. I am new to vi editor environment.

2. How to stop errors messages from keep on appearing on console screen.

Kindly advise the soonest. Thanking you in advance.

Shoux

 

[MikeLacey]

Hi Shoux,

To remove all lines containing the string "minalpha" from a file using vi:

Hit Esc twice to make sure you're in the right mode and then...
[tt]
:g/minalpha/d
[/tt]
Mike
michael.j.lacey@ntlworld.com
Email welcome if you're in a hurry or something -- but post in tek-tips as well please, and I will post my reply here as well.

 

[MikeLacey]

The console error messages - sorry, I forgot.

It's not always a good idea to stop error messages from appearing on the console; what error messages are these then? Mike
michael.j.lacey@ntlworld.com
Email welcome if you're in a hurry or something -- but post in tek-tips as well please, and I will post my reply here as well.