Solved

aix ibm disabled accounts

Posted on 2014-02-26
3
2,265 Views
Last Modified: 2014-02-26
does AIX IBM have the same equivalent as a disabled account on a server, i.e. those that cant be used to login to the server. If yes, can you elaborate how you can determine if the accounts are live or disabled/cant be used for login
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 500 total points
Comment Utility
Hi,

it's very similar to other Unix/Linux implementations.

There is the /etc/passwd file and there is the file /etc/security/passwd which is the equivalent to /etc/shadow on other systems.

If the second colon-separated field of an entry in /etc/passwd contains an asterisk ("*")
this indicates an invalid password and the concerned user cannot log in.

If the same field contains an exclamation point ("!") this indicates that there is an entry in /etc/security password for that user.

This file contains the encrypted passwords (and the last update timestamps plus several flags).
Here, too, the password can be "*" which means that the user cannot log in.

Besides that we have an "account_locked" attribute in AIX. Such attributes are stored in /etc/security/user, can be viewed with "lsuser <username>" and can be set with "chuser <attribute>=<value> <username>".

Finally, we can set an account "expiration" date in /etc/security/user past which the user cannot log in anymore. This can also be viewed with "lsuser" and set with "chuser".
You can forcibly expire an acoount by setting the expiration date to "0101000070" (MMDDHHMMYY format).
wmp
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Thanks, if the user is locked, but has a weak password, is there any risk whatsoever, if that account can be used to access the server?
0
 
LVL 68

Expert Comment

by:woolmilkporc
Comment Utility
Locked accounts can neither be used for login nor for ssh/ftp/rsh/rcp and so on.

The only exception is that root (and only root) can "su" to this user, whether it's locked or not.

Since root doesn't need a password for "su" the password is irrelevant in any case, and there's no risk if it's "weak".
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now