how can find out when user is created in AIX

Hi,

short answer: you can't - at least not in a reliable way, unless you had enabled the auditing feature of AIX and have kept the logs.

You could look at the creation time of the user's .profile and hope that they didn't change it.

Here is a rather good IBM Redbook on auditing:

http://www.redbooks.ibm.com/redbooks/pdfs/sg246396.pdf

Sorry, no better way!

wmp

If this is an on-going requirement Tripwire and / or IBM's tivoli security tool's can capture / log user additions / changes.

If you want to find out when the user first / last logged in try:

last | grep user-id

>> find out when the user first / ... logged in <<

arober11, how would you find out the first login? Would be great if this was possible (but I don't believe so).

The outcome of last depends on the contents of wtmp, a file which gets cleaned up regularly by most people.

wmp

Wouldn't count on the wtmp being rotated / truncated regularly, as most non Development servers I've played on have had 12-36 months worth of history.  If it hasn't been truncated it should give an indication of how long the account has been around, and the IP(s) the ID has been used from, if access was external, not via su.

Note: Have assumed the server isn't subject to SOX of PCI-DSS reg's as audit logging would have been enabled and probably spooled to the syslog and on to a separate log server, to pass an audit.

Another rough option, if you have password aging enabled and a local shadow password file, you'll have a timestamp for the last password change.

not bad

In which way did the answer you accepted help you?

Just curious ...