Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

AIX account creation date

Posted on 2004-10-14
5
Medium Priority
?
2,497 Views
Last Modified: 2013-11-17
Hi All,

What command would i use to find out when an account was created on a AIX box... thanks in advance.
0
Comment
Question by:mrorange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 12309806
AFAIK, there is no definitive way - Tho' the order in /etc/passwd may give you a clue. Or check smitty logs, if you have a _long_ history...

But if you `cd` to the users home directory and do `ls -lrt`, it will show you the earliest modified file in that directory; Chances are that that is the .profile (and maybe also a .cshrc) that was created when the userid was created. If both types of startuop file are there, I'll bet the one they don't use has nevert been modified

What's the problem? Are you trying to track a hacker, or just find out who created the user?
0
 
LVL 1

Author Comment

by:mrorange
ID: 12309939
Hi tfewster im, looking for some auditable records for certain user accounts.....  

In Linux I would have done a lsome thing like:-
ls -l --time=ctime --time-style=full-iso
on the users home directory...

I was hoping AIX would have some sort of similar command... Guess I may have to try different methods to get an idea of when the account was created....
0
 
LVL 21

Expert Comment

by:tfewster
ID: 12310866
That seems to be equivalent to ls -lc;  However, both show the last modification time of the _inode_ (rather than the _contents_ of the file [in the case of a directory, the contents are the entries in the directory]) and it is unreliable; A chmod on the directory will modify the inode, as will a number of other operations.  (See http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/files/aixfiles/inode.h.htm  for the struture of a inode)

Maybe one of the AIX gurus can suggest another approach, from the auditing angle...
0
 
LVL 2

Expert Comment

by:warba
ID: 12313855
I believe if you have auditing enabled, then you make reference to one of the auditable events described in /etc/security/audit/events.
In your case I think you are interested in:
*       mkuser
        USER_Create = printf "%s %s"

This gets added to a group set in /etc/security/audit/config and then auditing (if enabled) picks this up and can report on these events.

You can tell if you system is running auditing by executing
/usr/sbin/audit  query

If auditing is not currently enabled, then the best you can do is to turn it on now and you will have the information for the future, but anything that has happened in the past is not available.

Hope that explains it for you,
Warren.
0
 
LVL 62

Accepted Solution

by:
gheist earned 200 total points
ID: 12318387
In default configuration AIX do not require changing passwords, so /etc/security/user file contains all account creaation times in epoch format
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question