01-15-2013
The user accounting in AIX is a bit more complicated than you seem to assume: there is not only "/etc/passwd" but also "/etc/security/passwd", similar for groups. In addition some information might be stored in the ODM. You have to change these files and make sure their contents match somehow, otherwise inconsistencies can be expected.
Without complete information i am left to guesses, but first i would check this and make sure the user database is consistent with itself.
The problem about "only root can do that" is probably caused by sloppy programming: usually the system uses numeric UIDs and these are only translated to names via consulting "/etc/passwd" for human convenience (quite like IP addresses are translated via "/etc/passwd"). Some utility might, instead of sticking to this convention, use user names instead of IDs though.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi all.
After installing ssh on a server, i'd like to create a user with root privileges.
My problem is that after creating a user rootssh (uid=0, gid=20, /home/rootshh), i make rootssh's ssh keys. The problem is that normally the ssh-keygen should create the keys under $HOME/.ssh/, and actually... (6 Replies)
Discussion started by: penguin-friend
6 Replies
2. UNIX for Dummies Questions & Answers
All,
I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies
3. UNIX for Advanced & Expert Users
Hi,
I have a program with the following suid setup
-rwsr-sr-x 1 root other 653 Aug 16 17:00 restart_server
It basically starts up a service that has to be started by root. I just want the normal users to be able to restart the service using the script above.
But when the... (7 Replies)
Discussion started by: 0ktalmagik
7 Replies
4. Shell Programming and Scripting
is tty command opens a process in the system if yes then why process got the userid????? (5 Replies)
Discussion started by: Mac91
5 Replies
5. UNIX for Dummies Questions & Answers
Hi folks!
I need you help to discover what's the impact of a duplicated UID in an operating system. What's the meaning when someone put in different users the same UID? (3 Replies)
Discussion started by: phcostabh
3 Replies
6. AIX
Hi,
Can any one please tell what are the risks of having more than one users having UID 0 (root)?
Thanks
Naveed (9 Replies)
Discussion started by: naveedaix
9 Replies
7. Solaris
Hi All
After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies
8. Solaris
Hi Unix Gurus .
I have requirement where in which - I would like create duplicate root equivalent account with all the privileges equal to root. Is it possible to create this duplicate account with different UID. ?
this id i would like give it to my teams - who does multiple activities using... (2 Replies)
Discussion started by: johnavery50
2 Replies
9. Shell Programming and Scripting
I need to list users in /etc/passwd with root's GID or UID or /root as home directory
If we have these entries in /etc/passwd
root:x:0:0:root:/root:/bin/bash
rootgooduser1:x:100:100::/home/gooduser1:/bin/bash
baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies
10. SuSE
Hi
New to Suse - mainly used Solaris.
In solaris dmesg will also show you contents of messages log file but in Suse Liux it doesnt appear to.
I dont have root access to this Suse server, and wondering is there any other tool / utility that allows me to see the messages file contents like on... (1 Reply)
Discussion started by: frustrated1
1 Replies
LEARN ABOUT LINUX
gsscred
gsscred(1M) System Administration Commands gsscred(1M)
NAME
gsscred - add, remove and list gsscred table entries
SYNOPSIS
gsscred [ -n user [-o oid] [-u uid]] [-c comment] -m mech -a
gsscred [ -n user [-o oid]] [-u uid] [-m mech] -r
gsscred [ -n user [-o oid]] [-u uid] [-m mech] -l
DESCRIPTION
The gsscred utility is used to create and maintain a mapping between a security principal name and a local UNIX uid. The format of the user
name is assumed to be GSS_C_NT_USER_NAME. You can use the -o option to specify the object identifier of the name type. The OID must be
specified in dot-separated notation, for example: 1.2.3.45464.3.1
The gsscred table is used on server machines to lookup the uid of incoming clients connected using RPCSEC_GSS.
When adding users, if no user name is specified, an entry is created in the table for each user from the passwd table. If no comment is
specified, the gsscred utility inserts a comment that specifies the user name as an ASCII string and the GSS-APIsecurity mechanism that
applies to it. The security mechanism will be in string representation as defined in the /etc/gss/mech file.
The parameters are interpreted the same way by the gsscred utility to delete users as they are to create users. At least one of the follow-
ing options must be specified: -n, -u, or -m. If no security mechanism is specified, then all entries will be deleted for the user identi-
fied by either the uid or user name. If only the security mechanism is specified, then all user entries for that security mechanism will be
deleted.
Again, the parameters are interpreted the same way by the gsscred utility to search for users as they are to create users. If no options
are specified, then the entire table is returned. If the user name or uid is specified, then all entries for that user are returned. If a
security mechanism is specified, then all user entries for that security mechanism are returned.
OPTIONS
-a Add a table entry.
-c comment Insert comment about this table entry.
-l Search table for entry.
-m mech Specify the mechanism for which this name is to be translated.
-n user Specify the optional principal name.
-o oid Specify the OID indicating the name type of the user.
-r Remove the entry from the table.
-u uid Specify the uid for the user if the user is not local.
EXAMPLES
Example 1: Creating a gsscred Table for the Kerberos v5 Security Mechanism
The following shows how to create a gsscred table for the kerberos v5 security mechanism. gsscred obtains user names and uid's from the
passwd table to populate the table.
example% gsscred -m kerberos_v5 -a
Example 2: Adding an Entry for root/host1 for the Kerberos v5 Security Mechanism
The following shows how to add an entry for root/host1 with a specified uid of 0 for the kerberos v5 security mechanism.
example% gsscred -m kerberos_v5 -n root/host1 -u 0 -a
Example 3: Listing All User Mappings for the Kerberos v5 Security Mechanism
The following lists all user mappings for the kerberos v5 security mechanism.
example% gsscred -m kerberos_v5 -l
Example 4: Listing All Mappings for All Security Mechanism for a Specified User
The following lists all mappings for all security mechanisms for the user bsimpson.
example% gsscred -n bsimpson -l
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWgss |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
gssd(1m), See gsscred.conf(4), attributes(5)
NOTES
Some GSS mechanisms, such as kerberos_v5, provide their own authenticated-name-to-local-name (uid) mapping and thus do not usually have to
be mapped using gsscred. See gsscred.conf(4) for more information.
SunOS 5.10 11 Feb 2004 gsscred(1M)