Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Security user Can't change the groups.
Operating Systems AIX Security user Can't change the groups. Post 302315691 by ITHelper on Wednesday 13th of May 2009 04:18:55 AM
Old 05-13-2009
Security user Can't change the groups.
Dears

Security users in AIX don’t have permission to change the group of the user thru Smitty Users

When they try to change the group of the users to any group they'll get permission denied

Security profile in Smitty :

[TOP] [Entry Fields]
User NAME...................................................securityuser
User ID.......................................................[205]
ADMINISTRATIVE USER?...............................false
Primary GROUP............................................[security]
Group SET..................................................[security,staff]
ADMINISTRATIVE GROUPS...........................[]
ROLES.......................................................[]
Another user can SU TO USER?......................true
SU GROUPS................................................[ALL]
HOME directory.......................................... [/home/securityuser]
Initial PROGRAM..........................................[/usr/bin/ksh]
User INFORMATION...................................[securityuser]
EXPIRATION date (MMDDhhmmyy)................[0]



Error message when security user try to change the group for any user !!

============================================================

Command: failed stdout: yes stderr: no

Before command completion, additional instructions may appear below.
3004-692 Error changing "groups" to "sys" : You do not have permission.

============================================================


We are on AIX 5.3

Dears

Can you please advice us in this regard and what's the solution of this issue ?
Last edited by ITHelper; 05-23-2009 at 12:11 PM..
ITHelper
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

dynamic user groups

Is it possible to dynamically allocate a new user group to an existing session on Solaris 5.8 I'd like to be able to allow certain users to access a set of scripts for the life of session (preferably there own session not a specific login created for the purpose) by dynamically giving the session... (0 Replies)
Discussion started by: hammer
0 Replies

2. UNIX for Dummies Questions & Answers

Adding user to groups

How do I add a user to a group? And how do I determine the list of groups to add a user? Solaris 10 newbie (1 Reply)
Discussion started by: peteythapitbull
1 Replies

3. UNIX for Dummies Questions & Answers

User groups

Hi I have a user zak and 4 groups:- oracle stats data archive I want user zak to be part of the oracle and stats group but not be able to view,list anything in data and archive. Also anyone in the data and archive group should not be able to view,list anything in oracle and stats....... (3 Replies)
Discussion started by: Zak
3 Replies

4. UNIX for Advanced & Expert Users

How to remove UNIX user and groups

I created UNIX groups - oinstall, dba and UNIX user - oracle for the installation of Oracle 10g. But I might did something incorrectly. Oracle user account didn't created properly. How to remove these UNIX groups and user so that I can start over again to create them properly. Thanks. (7 Replies)
Discussion started by: duke0001
7 Replies

5. Solaris

Setting user groups

Hi......... I'm trying to set a group of users to login to do a required super-user tasks without knowing the super-user passwd. For example...a user popodude logs in as self with passwd..system accepts the password & then automatically asks for the super-user account passwd. My goal is... (1 Reply)
Discussion started by: Remi
1 Replies

6. AIX

user & groups

1 - what is the maximum no: of groups a user can be a part of ? 2 - what is maximum no: of users a group can contain ? (6 Replies)
Discussion started by: senmak
6 Replies

7. UNIX for Dummies Questions & Answers

How to add user to multiple groups

hi all i am new to solaris how to add a user to multiple(secondary) groups. user :anna Groups : delhi ,mumbai,pune i need like this in cat /etc/group delhi::anna mumbai::anna pune::anna i tried using usermod -a -G hyd anna that does int work how to delete user from group... (3 Replies)
Discussion started by: kalyankalyan
3 Replies

8. AIX

Nested user groups

Is there a command to nest a group in another group in AIX. (2 Replies)
Discussion started by: daveisme
2 Replies

9. UNIX for Advanced & Expert Users

How to get User list from different groups and root?

Hi all, I want to list out users from different group and root, who are roaming in our group or root as a user. how can i list out this users ? (1 Reply)
Discussion started by: kpatel97
1 Replies

10. HP-UX

Creating user groups that are persistent

Hi, I need to modify the user 'munfai' by adding it into groups bscs, oinstall, dba. I use this command as user root to add the user into the mentioned groups : # usermod -G bscs,oinstall,dba munfai I can thereafter see the id in the groups : # id munfai uid=258(munfai) gid=20(users)... (2 Replies)
Discussion started by: anaigini45
2 Replies

LEARN ABOUT HPUX

fchown

chown(2)							System Calls Manual							  chown(2)

NAME

       chown(), fchown(), lchown() - change owner and group of a file

SYNOPSIS

DESCRIPTION

       The system call changes the user and group ownership of a file.	path points to the path name of a file.  sets the owner ID and group ID of
       the file to the numeric values contained in owner and group respectively.  A value of or can be	specified  in  owner  or  group  to  leave
       unchanged the file's owner ID or group ID, respectively.  Note that owner and group should be less than (see limits(5)).

       The  group ownership of a file can be changed to any group in the current process's access list or to the real or effective group ID of the
       current process.  If privilege groups are supported and the user has the privilege, the file can be given to any group.

       If the path given to contains a symbolic link as the last element, this link is traversed and path name resolution continues.  changes  the
       owner and group of the symbolic link's target, rather than the owner and group of the link.

       The system call functions exactly like except that it operates on a file descriptor instead of a path name.  fildes is a file descriptor.

       The  system call sets the owner ID and group ID of the named file just as does, except in the case where the named file is a symbolic link.
       In this case, changes the owner and group of the symbolic link file itself.

   Access Control Lists - HFS File Systems Only
       A user can allow or deny specific individuals and groups access to a file by using the file's access control list (see acl(5)).	When using
       in  conjunction	with  HFS  ACLs,  if  the new owner and/or group does not have an optional ACL entry corresponding to and/or in the file's
       access control list, the file's access permission bits remain unchanged.  However, if the new owner and/or group is already  designated	by
       an  optional ACL entry of and/or %.group, sets the file's permission bits (and the three basic ACL entries) to the permissions contained in
       that entry.

   Access Control Lists - JFS File Systems Only
       A user can allow or deny specific individuals and groups access to a file by using the file's access  control  list  (see  aclv(5)).   When
       using in conjunction with JFS ACLs, if the new owner and/or group of a file have optional ACL entries corresponding to and/or in the file's
       access control list, those entries remain in the ACL but no longer have any effect, being superseded by the file's and/or entries.

   Security Restrictions
       Only processes with an effective user ID equal to the file owner or a user with the privilege can change the ownership of a file.  If priv-
       ilege  groups  are  supported, the owner of a file can change the ownership only as a member of a privilege group allowing as set up by the
       command (see setprivgrp(1M)).  All users get the privilege by default.

       When a process changes the ownership or group of a file, the file system may clear the set-user-ID and set-group-ID bits.

       See privileges(5) for more information about privileged access on systems that support fine-grained privileges.

RETURN VALUE

       and return the following values:

	      Successful completion.
	      Failure.
		     The owner and group of the file remain unchanged.	is set to indicate the error.

ERRORS

       If or fails, is set to one of the following values:

	      Search permission is denied on a component of the path prefix.

	      path	     points outside the allocated address space of the process.  The reliable detection of this  error	is  implementation
			     dependent.

	      Too many symbolic links were encountered in translating
			     path.

	      A component of path exceeds bytes while is in effect, or path exceeds bytes.

	      The file named by
			     path does not exist.

	      A component of the path prefix is not a directory.

	      Either	     owner or group is greater than or equal to or is an illegal negative value.

	      The effective user ID is not a user with
			     privilege and one or more of the following conditions exist:

			     o	The effective user ID does not match the owner of the file.

			     o	When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege.

			     o	When changing the group of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege and the group number is not in the current process's access list.

	      The named file resides on a read-only file system.

       If fails, is set to one of the following values:

	      fildes	     is not a valid file descriptor.

	      Either	     owner or group is greater than or equal to or is an illegal negative value.

	      The effective user ID is not a user
			     having privilege and one or more of the following conditions exist:

			     o	The effective user ID does not match the owner of the file.

			     o	When changing the owner of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege.

			     o	When changing the group of the file, the owner of the file is not a member of a privilege group allowing the priv-
				ilege and the group number is not in the current process's access list.

	      The named file resides on a read-only file system.

AUTHOR

       was developed by AT&T.

       was developed by the University of California, Berkeley.

SEE ALSO

       chown(1), setprivgrp(1M), chmod(2), setacl(2), acl(5), aclv(5), limits(5), privileges(5).

STANDARDS CONFORMANCE

																	  chown(2)
All times are GMT -4. The time now is 03:55 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy