Set up admin users in AIX

Pretty simple question I hope - basically I want to set up a group on AIX that I can then add certain users to who can then be somewhat limited admins- ie, change other users passwords, create and manage user accounts etc but not be able to change the root password or actually modify the system, just user accounts.

Thanks.
suns0ftAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thetmanvnCommented:
Use should go with sudo:

Here is tutorial for installing sudo on AIX:

http://it.toolbox.com/wiki/index.php/Install_and_configure_sudo_in_AIX (install from source)
or
http://it.toolbox.com/blogs/my-two-cents/install-and-configure-sudo-on-aix-32802 (install from binary)

More info to configure sudoers:
http://www.gratisoft.us/sudo/man/sudoers.html

Good luck, bro


0
suns0ftAuthor Commented:
@thetmanvn

Sudo would indeed be my first choice but I am slightly hesitant to install anything on this box as it's quite an important one, however I'll read through the guides you posted and see about building myself a test server to try it out on.

Thanks for the info, I'll get back to you soon as I can, meantime any other info lying around is never unwelcome!
0
woolmilkporcCommented:
Hi,
Simply add those future admin users to the 'security' group.
This group is meant exactly for the purpose you describe.

wmp
0
Redefining Cyber Security w/ AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Join our webinar on Sept. 21st to learn more about leveraging AI and machine learning to protect your business.

woolmilkporcCommented:
Hi,
now that I've found some time, here is more info -
1) Some commands (such as useradd, userdel) are not directly aware of "security" group privileges. In such a case use the original AIX commands (mkuser, rmuser) or the appropriate "smit" panels, such as "smit mkuser". To avoid having to enter a user's old password when trying to change it, use "smit passwd" instead of "passwd" alone.
2) Userids can be protected from being changed by members of the security group by changing the attribute "admin" to "true" - "chuser admin=true userid". On the other hand, you can "open" a userid to the security group by setting this attribute to "false" (default). Attention - even "root", which is protected by default,  can be changed to "admin=false" (but only by "root" itself").
3) The same is true for groups (there is also the "admin" flag), but in addition to the members of the security group you can enable more userids to manage groups. Do this either via "chgroup adms=user1,user2,... groupname" or via "chuser admgroups=group1,group2,... userid" The group itself must carry the "admin=true" flag in any case to enable changes by other userids than "root".
Should you decide to go with "sudo" nonetheless, I'd recommend using the rpm package from the "quasi official" AIX Toolbox, which came as a separate CD with your system or can be found online here -
http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/alpha.html
Another great resource for AIX Open Source rpms is here - http://www.perzl.org/aix/
There are many more packages than just "sudo" available. The "rpm" binary itself is part of the AIX standard installation.
Good luck, and have fun with AIX!
wmp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
suns0ftAuthor Commented:
Thankyou woolmilkporc!

AIX has been somewhat of a headache for me thusfar, but you've answered a lot of questions - I'll do as you suggested and let you know the result.
0
suns0ftAuthor Commented:
Extremely helpful answer, got me running exactly how I wanted to be, thankyou!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.