Solved

AIX 5.3 - What does admin=true means?

Posted on 2009-07-03
4
1,700 Views
Last Modified: 2013-12-04
Hi

I am not that clear about what kind of user is the one with this setting: admin=true. Per IBM reference
"The user is an administrator. Only the root user can change the attributes of users defined as administrators. "

However, I've also seen on other sites that it means that only root can change the password of this user.

So my question is, does the user with admin=true have full (administrator) access to the system or is just a restriction on who can change the user password?

Any thoughts would be appreciated.

Thanks!
0
Comment
Question by:ralmada
  • 2
  • 2
4 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24773284

Hi,
this flag applies to users and groups.

Normally, user attributes can be changed by root and the members of the security group (gid = 7).
With the admin flag set to true, only root can change such attributes.

For groups, you can have group admins. These users normally can change the attributes (and list of members) of the groups they are admins for, unless the admin flag of the group is set to true, which means, like for users above, that only root can do such changes.
 
That's all. admin=true doesn't have other effects than the ones I wrote above. Particularly, it doesn't give the affected user or group any privileges.

Using your words: " [It] is just a restriction on who can change the user password..."
 
wmp
0
 
LVL 41

Author Comment

by:ralmada
ID: 24773505
Thanks wmp.
One follow up question then. How can I determine if an user is an administrator or not? What command should I execute?
Sorry I'm a newbie in AIX.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24773806
No reason to be sorry.  I'm always pleased to be able to help.

"... is an admin ..."  is not quite correct. You should have said "... whose account is under admin restriction ..."
The appropriate command would be:

lsuser -a admin username

Output could be

username admin=true     (or false, of course)

Instead of username you can also use ALL (uppercase) to list all users.

The command for group is (you guess it):

lsgroup -a admin groupname

Please have a look at this EE case, where I explain 'lsuser' in detail:

http://www.experts-exchange.com/OS/Unix/AIX/Q_24519566.html

More questions? You're welcome!

wmp





0
 
LVL 41

Author Closing Comment

by:ralmada
ID: 31599609
Thanks so much! You've been very helpful
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
OfficeMate Freezes on login or does not load after login credentials are input.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now