mkuser.sys Command

Purpose

Customizes a new user account.

Syntax

mkuser.sys Directory User Group Shell

Description

The mkuser.sys command customizes the new user account specified by the User parameter. The mkuser command calls the mkuser.sys command after it has created and initialized the new account. The tsm, login, and getty commands and the pam_mkuserhome module call the mkuser.sys command at your login time if you do not have a home directory already.

The program as shipped creates the home directory specified by the Directory parameter, with the owner specified by the User parameter, the primary group specified by the Group parameter, and a copy of the appropriate profile for the user's shell. The shipped program can be replaced at installation by another program to customize local new-user creation. The installation-specific program should adhere to the error conventions of the supplied program.

Note: The shipped mkuser.sys file must not be customized directly. If a customized version is required, a new file /etc/security/mkuser.sys.custom must be created. The mkuser.sys program detects this new program and if it is present on the system, it runs it instead of the original mkuser.sys. The shipped mkuser.sys file is now a non-volatile file and must not be modified. The installation-specific program must adhere to the error conventions of the supplied program.

Security

Access Control: This command should grant read (r), write (w), and execute (x) access for the root user and members of the security group.

Files Accessed:

Mode File
r /etc/passwd
r /etc/security/user
Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Files

Item Description
/usr/lib/security/mkuser.sys Contains the mkuser.sys command.
Note: You cannot use the /etc/security/mkuser.sys file to edit with the chuser , and rmuser commands. To assign default attributes such as primary group, home directory , and login shell to a user, use the /etc/security/mkuser.default file.