Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

user permissions report on *nix servers

Posted on 2013-06-12
7
Medium Priority
?
584 Views
Last Modified: 2013-06-28
How can you determine what permissions each local user account on a *nix server has? In this case I am interested in a AIX IBM SYstem. I can see a list of users in \etc\password, but how can you marry that up to what permissions they have over the System.

On a Windows Server you typically have local groups, i.e. administrators, power users, users, backup operators etc. Is the concept similar in *nix systems? If so which are the more powerful groups/type of user to be concious about?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 668 total points
ID: 39240700
Run

id username

This will show the user's ID, their primary group as well as the group set the user belongs to.

"Powerful" groups are "system", "sys", "bin" and "security", but none of these groups will give its members full superuser ("root") privileges.
Only the user with ID "0" (= root) has those privileges.
0
 
LVL 3

Author Comment

by:pma111
ID: 39240713
Thanks, is there no way to run one command to list out all users and there groups (as there are quite a few), also is there anyway  to see an accounts "status", i.e. assume like windows servers you can have an active or disabled account status?
0
 
LVL 3

Author Comment

by:pma111
ID: 39240726
Would also be useful to see if there is a last login timestamp associated with accounts to help identify stale / unused accounts? Would an account that hasnt logged in in some time indicate a stale accounts, or can accounts exist that are used for purposes other than logging in to the server.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39240748
lsuser -a time_last_login username

Time is in seconds since epoch.

Convert it (example 1371036583) with

perl -we ‘print(my $time = localtime 1371036583, “\n”)’


There are system accounts which never log in, like daemon, esaadmin, pconsole etc.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 668 total points
ID: 39240972
You can use last to determine last login.

Can you clarify what are you trying to achieve?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39240998
To answer your question in #39240713:

lsuser -fa pgrp groups account_locked ALL

or in one line per user

lsuser -a pgrp groups account_locked ALL

Run

lsuser -f root

to see all available attributes.
0
 
LVL 62

Assisted Solution

by:gheist
gheist earned 664 total points
ID: 39242860
Actually list of users is in /etc/security/passwd
/etc/passwd is a decoration generated by SMIT for POSIX compatibility

I think you need some crash course in UNIX basics
step 1)
instal AIX manuals (bos.rte.man) from AIX CDs You will not get anywhere without those
1a) if you dont have CDs cough up 50$ and order them from IBM
step 2)
make usable server out of debian or netbsd (to learn some commands) virtualbox and vmware are good.
step3)
learn to press F6 in smit/smitty (and read manuals after)

As you learn you can stroll through
https://benchmarks.cisecurity.org/tools2/aix/CIS_IBM_AIX_5.3-6.1_Benchmark_v1.0.0.pdf
and http://redbooks.ibm.com/
to gradually secure your system
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question