Solved

user permissions report on *nix servers

Posted on 2013-06-12
7
579 Views
Last Modified: 2013-06-28
How can you determine what permissions each local user account on a *nix server has? In this case I am interested in a AIX IBM SYstem. I can see a list of users in \etc\password, but how can you marry that up to what permissions they have over the System.

On a Windows Server you typically have local groups, i.e. administrators, power users, users, backup operators etc. Is the concept similar in *nix systems? If so which are the more powerful groups/type of user to be concious about?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 167 total points
ID: 39240700
Run

id username

This will show the user's ID, their primary group as well as the group set the user belongs to.

"Powerful" groups are "system", "sys", "bin" and "security", but none of these groups will give its members full superuser ("root") privileges.
Only the user with ID "0" (= root) has those privileges.
0
 
LVL 3

Author Comment

by:pma111
ID: 39240713
Thanks, is there no way to run one command to list out all users and there groups (as there are quite a few), also is there anyway  to see an accounts "status", i.e. assume like windows servers you can have an active or disabled account status?
0
 
LVL 3

Author Comment

by:pma111
ID: 39240726
Would also be useful to see if there is a last login timestamp associated with accounts to help identify stale / unused accounts? Would an account that hasnt logged in in some time indicate a stale accounts, or can accounts exist that are used for purposes other than logging in to the server.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39240748
lsuser -a time_last_login username

Time is in seconds since epoch.

Convert it (example 1371036583) with

perl -we ‘print(my $time = localtime 1371036583, “\n”)’


There are system accounts which never log in, like daemon, esaadmin, pconsole etc.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 167 total points
ID: 39240972
You can use last to determine last login.

Can you clarify what are you trying to achieve?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39240998
To answer your question in #39240713:

lsuser -fa pgrp groups account_locked ALL

or in one line per user

lsuser -a pgrp groups account_locked ALL

Run

lsuser -f root

to see all available attributes.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 166 total points
ID: 39242860
Actually list of users is in /etc/security/passwd
/etc/passwd is a decoration generated by SMIT for POSIX compatibility

I think you need some crash course in UNIX basics
step 1)
instal AIX manuals (bos.rte.man) from AIX CDs You will not get anywhere without those
1a) if you dont have CDs cough up 50$ and order them from IBM
step 2)
make usable server out of debian or netbsd (to learn some commands) virtualbox and vmware are good.
step3)
learn to press F6 in smit/smitty (and read manuals after)

As you learn you can stroll through
https://benchmarks.cisecurity.org/tools2/aix/CIS_IBM_AIX_5.3-6.1_Benchmark_v1.0.0.pdf
and http://redbooks.ibm.com/
to gradually secure your system
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question