Adding a new user account : mkuser
The mkuser command creates a new user account. The Name parameter must be a unique 8-byte or less string. By default, the mkuser command creates a standard user account. To create an administrative user account, specify the –a flag.
The mkuser command does not create password information for a user, therefore, the new accounts are disabled until the passwd command is used to add authentication information to the /etc/security/passwd file. The mkuser command only initializes the Password attribute of /etc/passwd file with an * (asterisk).
You use this command to create the AIX user and set its initial values. There are a few simple rules to remember when creating a user:
- Users cannot start with a:
- Dash or minus sign (
- Plus sign (
- At symbol (
- Tilde (
- Dash or minus sign (
- Users cannot be named ALL or default, as those names are reserved for the operating system.
- User names cannot include:
- Colon (
- Quotation marks—single or double (
- Pound or hash symbol (
- Comma (
- Equal sign (
- Slashes—back or forward (
- Question mark (
- Back quote or tick (
- White space (space or tab)
- New-line characters
- Colon (
- User names can only be eight characters or fewer in AIX version 5.2 and earlier. Starting with AIX version 5.3, IBM increased the maximum number of characters to 255.
To verify the setting in AIX 5.3 and later, you can extract the value from
# getconf LOGIN_NAME_MAX 9
# lsattr -El sys0 SW_dist_intr false Enable SW distribution of interrupts True autorestart true Automatically REBOOT OS after a crash True boottype disk N/A False capacity_inc 1.00 Processor capacity increment False capped true Partition is capped False conslogin enable System Console Login False cpuguard enable CPU Guard True dedicated true Partition is dedicated False enhanced_RBAC true Enhanced RBAC Mode True ent_capacity 1.00 Entitled processor capacity False frequency 2656000000 System Bus Frequency False fullcore true Enable full CORE dump True fwversion IBM,EL340_075 Firmware version and revision levels False id_to_partition 0X80000CE988400001 Partition ID False id_to_system 0X80000CE988400000 System ID False iostat false Continuously maintain DISK I/O history True keylock normal State of system keylock at boot time False log_pg_dealloc true Log predictive memory page deallocation events True max_capacity 1.00 Maximum potential processor capacity False max_logname 9 Maximum login name length at boot time True maxbuf 20 Maximum number of pages in block I/O BUFFER CACHE True maxmbuf 0 Maximum Kbytes of real memory allowed for MBUFS True maxpout 0 HIGH water mark for pending write I/Os per file True maxuproc 800 Maximum number of PROCESSES allowed per user True min_capacity 1.00 Minimum potential processor capacity False minpout 0 LOW water mark for pending write I/Os per file True modelname IBM,8203-E4A Machine name False ncargs 256 ARG/ENV list size in 4K byte blocks True nfs4_acl_compat secure NFS4 ACL Compatibility Mode True pre430core false Use pre-430 style CORE dump True pre520tune disable Pre-520 tuning compatibility mode True realmem 3784704 Amount of usable physical memory in Kbytes False rtasversion 1 Open Firmware RTAS version False sed_config select Stack Execution Disable (SED) Mode True systemid IBM,021082744 Hardware system identifier False variable_weight 0 Variable processor capacity weight False
To change the value, simply adjust the
v_max_lognameparameter (shown as
chdevto the maximum number of characters desired plus one to accommodate the terminating character. For example, if you want to have user names that are 128 characters long, you would adjust the
v_max_lognameparameter to 129:
# chdev -l sys0 -a max_logname=129 sys0 changed
Please note that this change will not go into effect until you have rebooted the operating system. Once the server has been rebooted, you can verify that the change has taken effect:
# getconf LOGIN_NAME_MAX 128
Keep in mind, however, that if your environment includes IBM RS/6000® servers prior to AIX version 5.3 or operating systems that cannot handle user names longer than eight characters and you rely on NIS or other authentication measures, it would be wise to continue with the eight-character user names.
To create a user with default settings and allocate the next available UID, simply execute
mkuserplus the user name as the root user:
# mkuser xander # finger xander Login name: xander Directory: /home/xander Shell: /usr/bin/ksh No Plan.
Easy, isn't it? Try something a bit more personable. By adding some values found in the
chuserman page (
man chuser), you can include the user's GECOS information and change his or her core
ulimitto 524,288, as shown in Listing 6.
Listing 6. Change a user's core ulimit
# mkuser core=524288 gecos="Xander Cormany,317.555.1234" xander # finger xander Login name: xander In real life: Xander Cormany Site Info: 317.555.1234 Directory: /home/xander Shell: /usr/bin/ksh No Plan. # su - xander "-c ulimit -a" time(seconds) unlimited file(blocks) unlimited data(kbytes) unlimited stack(kbytes) 4194304 memory(kbytes) unlimited coredump(blocks) 524288 nofiles(descriptors) unlimited threads(per process) unlimited processes(per user) unlimited
It's worth mentioning that the GECOS, like any other field in /etc/passwd, should not include a colon (
:) in the value. By trying to add a colon, the fields will be adjusted, and all expected values would shift to the right. For instance, if the user tried to haveXander:Cormany in the GECOS field in /etc/passwd, Xander would actually be in the correct field, while Cormany would be the value of the field to the right (that is, the home directory). Also, the GECOS field cannot end with
Most administrators do not really use the command line like this, but it is important to understand what utilities like SMIT (
man smitty) are doing behind the scenes. If you would rather continue through SMIT, the process is simple. Here's an example of creating the same user with the same attributes through SMIT. By entering
SMITdirectly into the user creation screen, you go in using the fastpath
# smitty mkuser
Figure shows the SMIT utility in action.
When you are finished filling out the user name, GECOS field, and core
ulimit, click Enter to create the user. When SMIT returns that the command finished successfully, click F10 or Esc + 0 to exit the program. You can verify the user using the code in below listing
Listing Verify that SMIT correctly created the user
# finger xander Login name: xander In real life: Xander Cormany Site Info: 317.555.1234 Directory: /home/xander Shell: /usr/bin/ksh No Plan. # su - xander "-c ulimit -a" time(seconds) unlimited file(blocks) unlimited data(kbytes) unlimited stack(kbytes) 4194304 memory(kbytes) unlimited coredump(blocks) 524288 nofiles(descriptors) unlimited threads(per process) unlimited processes(per user) unlimited