Solved

AIX account creation date

Posted on 2004-10-14
5
2,481 Views
Last Modified: 2013-11-17
Hi All,

What command would i use to find out when an account was created on a AIX box... thanks in advance.
0
Comment
Question by:mrorange
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 12309806
AFAIK, there is no definitive way - Tho' the order in /etc/passwd may give you a clue. Or check smitty logs, if you have a _long_ history...

But if you `cd` to the users home directory and do `ls -lrt`, it will show you the earliest modified file in that directory; Chances are that that is the .profile (and maybe also a .cshrc) that was created when the userid was created. If both types of startuop file are there, I'll bet the one they don't use has nevert been modified

What's the problem? Are you trying to track a hacker, or just find out who created the user?
0
 
LVL 1

Author Comment

by:mrorange
ID: 12309939
Hi tfewster im, looking for some auditable records for certain user accounts.....  

In Linux I would have done a lsome thing like:-
ls -l --time=ctime --time-style=full-iso
on the users home directory...

I was hoping AIX would have some sort of similar command... Guess I may have to try different methods to get an idea of when the account was created....
0
 
LVL 21

Expert Comment

by:tfewster
ID: 12310866
That seems to be equivalent to ls -lc;  However, both show the last modification time of the _inode_ (rather than the _contents_ of the file [in the case of a directory, the contents are the entries in the directory]) and it is unreliable; A chmod on the directory will modify the inode, as will a number of other operations.  (See http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/files/aixfiles/inode.h.htm  for the struture of a inode)

Maybe one of the AIX gurus can suggest another approach, from the auditing angle...
0
 
LVL 2

Expert Comment

by:warba
ID: 12313855
I believe if you have auditing enabled, then you make reference to one of the auditable events described in /etc/security/audit/events.
In your case I think you are interested in:
*       mkuser
        USER_Create = printf "%s %s"

This gets added to a group set in /etc/security/audit/config and then auditing (if enabled) picks this up and can report on these events.

You can tell if you system is running auditing by executing
/usr/sbin/audit  query

If auditing is not currently enabled, then the best you can do is to turn it on now and you will have the information for the future, but anything that has happened in the past is not available.

Hope that explains it for you,
Warren.
0
 
LVL 62

Accepted Solution

by:
gheist earned 50 total points
ID: 12318387
In default configuration AIX do not require changing passwords, so /etc/security/user file contains all account creaation times in epoch format
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question