Users are the primary agents on the system.
The user supplies the user name of an
account and a password if the account has
one
The /etc/passwd and /etc/security/passwd
files maintain user passwords.
Groups are collections of users who can
share access permissions for protected
resources.
The creator of the group is usually the first
administrator.
Three types of groups:
|
User groups should be made for people who
need to share files on the system, such as
people who work in the same department or
people who are working on the same project.
In general, create as few user groups as
possible.
°
System administrator groups correspond to
the SYSTEM group.
SYSTEM group membership allows an
administrator to perform some system
maintenance tasks without having to operate
with root authority
°
There are several system-defined groups.
The STAFF group is the default group for all non
administrative users created in the system.
You can change the default group by using the
command to edit the
/usr/lib/security/mkuser.default file.
The SECURITY group is a system-defined group
having limited privileges for performing security
administration.
An attribute is a characteristic of a user or a group
that defines the type of functions that a user or a
group can perform.
These can be extraordinary privileges, restrictions,
and processing environments assigned to a user.
Their attributes control their access rights,
environment, how they are authenticated, and how,
when, and where their accounts can be accessed.
The following are a few of the important commands
used for user administration:
Contains the
environment attributes for users.
i i
Contains the last
login attributes for users.
i Contains process
resource limits for users.
Contains extended
attributes for users.
i i
Contains the default attributes for new users.
i
Customizes new user accounts.
Contains the basic attributes
of users.
Contains password
information.
i
Contains
configuration information for login and user
authentication.
Contains the record of users
logged into the system.
Contains connect time
accounting records.
ii
Records all
failed login attempts.
Contains the message to be
displayed every
time a user logs in to the system.
Specifies the basic
environment for all processes.
iSpecifies additional
environment settings for all users.
Ñ
iSpecifies environment
settings for specific user needs.
Contains the basic attributes of
groups.
Contains the
extended attributes of groups.
[
i i i
The
command displays information
about all users currently on the local system.
D i
If the /etc/nologin file exists, the system
accepts the user·s name and password,
prevents the user from logging in and
displays the contents of the /etc/nologin file.
The /etc/nologin file is removed when you
reboot the system.
4 i
ii
The command changes a user's login
shell attribute.
When you run the command, the
system displays a list of the available shells
and the current value of the shell attribute,
4 ii
The following example shows the command
to change the continuation prompt to
:
p
p
p
° 4
[