chuser command
Purpose
Changes user attributes.
Syntax
chuser [-ldap] -attr Attribute=Value ... Name
Description
The chuser command changes attributes for the user identified by the Name variable. To change an attribute, specify the attribute name and the new value with the -attr Attribute=Value variable.
Use the -ldap flag if the user is an LDAP user. Specifying the -ldap flag authenticates through the LDAP load module and changes the users attributes specified by the -attr flag.
Attributes
The prime administrator (padmin) user can set the following attributes:
| Attribute name | Description |
|---|---|
| account_locked | Indicates whether the user account is locked. Possible values
are as follows:
|
| default_roles | Specifies the default roles for the user. The Value parameter, a comma-separated list of valid role names, can only contain roles assigned to the user in the roles attribute. You can use the ALL keyword to signify that the default roles for the user are all their assigned roles. |
| expires | Identifies the expiration date of the account. The Value variable is a 10-character string in the MMDDhhmmyy form, where MM = month, DD = day, hh = hour, mm = minute, and yy = last 2 digits of the years 1939 through 2038. All characters are numeric. If the Value variable is 0, the account does not expire. The default is 0. |
| histexpire | Defines the period of time (in weeks) that a user cannot reuse a password. The value is a decimal integer string. The default is 0, indicating that no time limit is set. |
| histsize | Defines the number of previous passwords a user cannot reuse. The value is a decimal integer string. The default is 0. Only an administrative user can change this attribute. |
| loginretries | Defines the number of unsuccessful login attempts allowed after the last successful login before the system locks the account. The value is a decimal integer string. A zero or negative value indicates that no limit exists. Once the user's account is locked, the user is not able to log in until the prime administrator resets the user's account_locked attribute. |
| maxage | Defines the maximum age (in weeks) of a password. The password must be changed by this time. The value is a decimal integer string. The default is a value of 0, indicating no maximum age. The value can be from 0 to 52. |
| maxexpired | Defines the maximum time (in weeks) beyond the maxage value that a user can change an expired password. The value is a decimal integer string. The default is -1, indicating restriction is set. If the maxexpired attribute is 0, the password expires when the maxage value is met. If the maxage attribute is 0, the maxexpired attribute is ignored. The value can be from 0 to 52. |
| maxrepeats | Defines the maximum number of times a character can be repeated in a new password. Since a value of 0 is meaningless, the default value of 8 indicates that there is no maximum number. The value is a decimal integer string. The value can be from 0 to 8. |
| minage | Specifies the minimum age at which a password can be changed. Passwords must be kept for a minimum period. This value is measured in weeks. |
| minalpha | Specifies the minimum number of alphabetic characters. |
| mindiff | Specifies the minimum number of characters in the new password that are not in the old password. Note: This restriction does not consider position. If the new password is abcd and the old password is edcb, the number of different characters is 1. |
| minlen | Defines the minimum length of a password. The value is a decimal integer string. The default is a value of 0, indicating no minimum length. The maximum value allowed is 8. This attribute is determined by minlen or 'minalpha + minother', whichever is greater. The values for 'minalpha + minother' cannot be greater than 8. If 'minalpha + minother' is greater than 8, then the effective value for minother is reduced to '8 - minalpha'. |
| minother | Defines the minimum number of non-alphabetic characters that must be in a new password. The value is a decimal integer string. The default is a value of 0, indicating no minimum number. The value can be from 0 to 8. |
| pgrp | Defines the Primary Group and Groups membership. The valid entries are staff and view. If this attribute is not defined, the default staff is used. |
| pwdwarntime | Defines the number of days before the system issues a warning that a password change is required. The value is a decimal integer string. A zero or negative value indicates that no message is issued. The value must be less than the difference of the maxage and minage attributes. Values greater than this difference are ignored and a message is issued when the minage value is reached. |
| roles | Lists the administrative roles for this user. The Value parameter is a list of role names, separated by commas. |
| fsize | Defines the soft limit for the largest file a user's process can create or extend. The Value parameter is an integer representing the number of 512-byte blocks. To make files greater than 2G, specify -1 or unlimited. The minimum value for this attribute is 8192. |
Exit Status
Security
This command can only be run by the prime administrator (padmin) user.
Examples
To
change the expiration date for the davis user account to 8
a.m., 1 May, 2010, type:
chuser -attr expires=0501080010 davis