Solved

AIX 5.3 - What does admin=true means?

Posted on 2009-07-03
4
1,808 Views
Last Modified: 2013-12-04
Hi

I am not that clear about what kind of user is the one with this setting: admin=true. Per IBM reference
"The user is an administrator. Only the root user can change the attributes of users defined as administrators. "

However, I've also seen on other sites that it means that only root can change the password of this user.

So my question is, does the user with admin=true have full (administrator) access to the system or is just a restriction on who can change the user password?

Any thoughts would be appreciated.

Thanks!
0
Comment
Question by:ralmada
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24773284

Hi,
this flag applies to users and groups.

Normally, user attributes can be changed by root and the members of the security group (gid = 7).
With the admin flag set to true, only root can change such attributes.

For groups, you can have group admins. These users normally can change the attributes (and list of members) of the groups they are admins for, unless the admin flag of the group is set to true, which means, like for users above, that only root can do such changes.
 
That's all. admin=true doesn't have other effects than the ones I wrote above. Particularly, it doesn't give the affected user or group any privileges.

Using your words: " [It] is just a restriction on who can change the user password..."
 
wmp
0
 
LVL 41

Author Comment

by:ralmada
ID: 24773505
Thanks wmp.
One follow up question then. How can I determine if an user is an administrator or not? What command should I execute?
Sorry I'm a newbie in AIX.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24773806
No reason to be sorry.  I'm always pleased to be able to help.

"... is an admin ..."  is not quite correct. You should have said "... whose account is under admin restriction ..."
The appropriate command would be:

lsuser -a admin username

Output could be

username admin=true     (or false, of course)

Instead of username you can also use ALL (uppercase) to list all users.

The command for group is (you guess it):

lsgroup -a admin groupname

Please have a look at this EE case, where I explain 'lsuser' in detail:

http://www.experts-exchange.com/OS/Unix/AIX/Q_24519566.html

More questions? You're welcome!

wmp





0
 
LVL 41

Author Closing Comment

by:ralmada
ID: 31599609
Thanks so much! You've been very helpful
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question