Set up admin users in AIX

Pretty simple question I hope - basically I want to set up a group on AIX that I can then add certain users to who can then be somewhat limited admins- ie, change other users passwords, create and manage user accounts etc but not be able to change the root password or actually modify the system, just user accounts.

Thanks.
suns0ftAsked:
Who is Participating?
 
woolmilkporcConnect With a Mentor Commented:
Hi,
now that I've found some time, here is more info -
1) Some commands (such as useradd, userdel) are not directly aware of "security" group privileges. In such a case use the original AIX commands (mkuser, rmuser) or the appropriate "smit" panels, such as "smit mkuser". To avoid having to enter a user's old password when trying to change it, use "smit passwd" instead of "passwd" alone.
2) Userids can be protected from being changed by members of the security group by changing the attribute "admin" to "true" - "chuser admin=true userid". On the other hand, you can "open" a userid to the security group by setting this attribute to "false" (default). Attention - even "root", which is protected by default,  can be changed to "admin=false" (but only by "root" itself").
3) The same is true for groups (there is also the "admin" flag), but in addition to the members of the security group you can enable more userids to manage groups. Do this either via "chgroup adms=user1,user2,... groupname" or via "chuser admgroups=group1,group2,... userid" The group itself must carry the "admin=true" flag in any case to enable changes by other userids than "root".
Should you decide to go with "sudo" nonetheless, I'd recommend using the rpm package from the "quasi official" AIX Toolbox, which came as a separate CD with your system or can be found online here -
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/alpha.html
Another great resource for AIX Open Source rpms is here - http://www.perzl.org/aix/
There are many more packages than just "sudo" available. The "rpm" binary itself is part of the AIX standard installation.
Good luck, and have fun with AIX!
wmp
0
 
thetmanvnCommented:
Use should go with sudo:

Here is tutorial for installing sudo on AIX:

http://it.toolbox.com/wiki/index.php/Install_and_configure_sudo_in_AIX (install from source)
or
http://it.toolbox.com/blogs/my-two-cents/install-and-configure-sudo-on-aix-32802 (install from binary)

More info to configure sudoers:
http://www.gratisoft.us/sudo/man/sudoers.html

Good luck, bro


0
 
suns0ftAuthor Commented:
@thetmanvn

Sudo would indeed be my first choice but I am slightly hesitant to install anything on this box as it's quite an important one, however I'll read through the guides you posted and see about building myself a test server to try it out on.

Thanks for the info, I'll get back to you soon as I can, meantime any other info lying around is never unwelcome!
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
woolmilkporcCommented:
Hi,
Simply add those future admin users to the 'security' group.
This group is meant exactly for the purpose you describe.

wmp
0
 
suns0ftAuthor Commented:
Thankyou woolmilkporc!

AIX has been somewhat of a headache for me thusfar, but you've answered a lot of questions - I'll do as you suggested and let you know the result.
0
 
suns0ftAuthor Commented:
Extremely helpful answer, got me running exactly how I wanted to be, thankyou!
0
All Courses

From novice to tech pro — start learning today.