Home About BC DR HA Support Training Download
You are here: Home/ Standards/ Please Login or Register

-
Current Location
-

js
  Standards
-
AIX Admin Methodology
Global Consolidation Project
All AIX admins should join
www.aixexpert.com


Join our LinkedIn Group
AIX Advanced Technical Experts
Contract Opportunities

www.LinkedIn.com

-
digg Digg this page
del.icio.us Post to del.icio.us
Slashdot Slashdot it!


LPAR Leasing
Lease an AIX / i5 LPAR
Reduce your costs

www.mtxia.com

Server Leasing
Lease a Server off-site
Reduce your costs

www.mtxia.com

Data Center Automation
Business Continuity and DR
Virtualization/Consolidation

www.mtxia.com

HMC Service
Hardware Management Console
Manage Remote AIX / i5 LPARs

www.siteox.com

Business Web Site Hosting
$3.99 / month includes Tools,
Shopping Cart, Site Builder

www.siteox.com

Disaster Recovery
Small Business Oriented
Off-Site Facilities

www.mtxia.com

IBM pSeries / iSeries
Reduce your Costs
Off-Site Server Hosting

www.mtxia.com

-

Administrator Access

-

The purpose of this document is to describe the various levels of administrator privilege which may be granted to a user on the AIX systems. This level of access granted will depend upon who the user is, what tasks the user needs to perform, and how often the user needs to perform these tasks.

The levels of administrator privilege include:

  • System Administrator
  • Printer Management
  • User Management
  • sudo access
  • ash group access
  • "appl" ID (full access)

System Administrator

The "System Administrator" by default has full access to all system resources, functions, and content. The user ID used for this purpose is "root". Access to this login and password should be strictly reserved for members of the Mt Xia Opensystems Group. No one outside this group should be able to login to any AIX machine as "root" or have access to the "root" password.

Printer Management

Application administrators will need the ability to manage and enable/disable printers. This level of administration can be granted by adding the user name to the "printq" group. This does not provide any other system or application privileges and may be granted to those application users who are AIX literate.

User Management

The system administrator(s) for each machine and members of the information security group will require administrative privileges which provide user management capabilities. These privileges will allow the ability to create, modify, and remove users from a system. They will also allow the ability to reset passwords, unlock a "locked" account, and reset a users failed login count.


From time-to-time vendors, contractors, consultants, and application administrators may need "root" access to one or more AIX machines. In order to provide this access, we must analyze and segment the individual requirements and merits of each request.

"sudo" Access

For those users who need to run a small set of specific commands as "root", they should be granted "sudo" access. The system administrator must configure "sudo" access on each machine and assign privileges to each user to run each required command.

"ash" Group Access

For those users who need to run a larger set of commands or an undetermined set of commands as "root", they should be added to the "ash" group. Members of this group are allowed to run the "ash" shell which provides a "korn" shell with administrator or "root" privileges.

"appl" ID (full access)

For those users who need full "root" access to one or more machines, they should be assigned an "appl" user ID. This ID provides "root" access to the machine, but does not reveal the root password to these users. These users will login to a machine using their normal user login ID, then "su" to their assigned "appl" account. The "appl" IDs have a two digit number on the end just like normal user names. This allows for more than one "appl" account on each machine and has the following form:

  • appl00
  • appl01
  • appl02
  • ...

The "USER INFORMATION" field of each "appl" account should contain information regarding who this account is assigned to and when it was created. By default the appl accounts should automatically expire after 30 days. If a longer duration is required, the requesting user must specify a duration at the time the account is requested.

-
Superuser Access
-
 


LPAR Leasing
Lease an AIX / i5 LPAR
Reduce your costs

www.mtxia.com

Server Leasing
Lease a Server off-site
Reduce your costs

www.mtxia.com

Data Center Automation
Business Continuity and DR
Virtualization/Consolidation

www.mtxia.com

HMC Service
Hardware Management Console
Manage Remote AIX / i5 LPARs

www.siteox.com

Business Web Site Hosting
$3.99 / month includes Tools,
Shopping Cart, Site Builder

www.siteox.com

FREE Domain Registration
included with Web Site Hosting
Tools, Social Networking, Blog

www.siteox.com

Disaster Recovery
Small Business Oriented
Off-Site Facilities

www.mtxia.com

IBM pSeries / iSeries
Reduce your Costs
Off-Site Server Hosting

www.mtxia.com