Solved

AIX 5.3 - What does admin=true means?

Posted on 2009-07-03
4
1,746 Views
Last Modified: 2013-12-04
Hi

I am not that clear about what kind of user is the one with this setting: admin=true. Per IBM reference
"The user is an administrator. Only the root user can change the attributes of users defined as administrators. "

However, I've also seen on other sites that it means that only root can change the password of this user.

So my question is, does the user with admin=true have full (administrator) access to the system or is just a restriction on who can change the user password?

Any thoughts would be appreciated.

Thanks!
0
Comment
Question by:ralmada
  • 2
  • 2
4 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 24773284

Hi,
this flag applies to users and groups.

Normally, user attributes can be changed by root and the members of the security group (gid = 7).
With the admin flag set to true, only root can change such attributes.

For groups, you can have group admins. These users normally can change the attributes (and list of members) of the groups they are admins for, unless the admin flag of the group is set to true, which means, like for users above, that only root can do such changes.
 
That's all. admin=true doesn't have other effects than the ones I wrote above. Particularly, it doesn't give the affected user or group any privileges.

Using your words: " [It] is just a restriction on who can change the user password..."
 
wmp
0
 
LVL 41

Author Comment

by:ralmada
ID: 24773505
Thanks wmp.
One follow up question then. How can I determine if an user is an administrator or not? What command should I execute?
Sorry I'm a newbie in AIX.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
ID: 24773806
No reason to be sorry.  I'm always pleased to be able to help.

"... is an admin ..."  is not quite correct. You should have said "... whose account is under admin restriction ..."
The appropriate command would be:

lsuser -a admin username

Output could be

username admin=true     (or false, of course)

Instead of username you can also use ALL (uppercase) to list all users.

The command for group is (you guess it):

lsgroup -a admin groupname

Please have a look at this EE case, where I explain 'lsuser' in detail:

http://www.experts-exchange.com/OS/Unix/AIX/Q_24519566.html

More questions? You're welcome!

wmp





0
 
LVL 41

Author Closing Comment

by:ralmada
ID: 31599609
Thanks so much! You've been very helpful
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question