IBM Support

IV66207: RESTRICTING ROOT USER TO HAVE ONLY LOCAL GROUPS FOR ADMGROUPS APPLIES TO AIX 7100-03

A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Root user can be assigned LDAP groups to its admgroups and
    sugroups when domainlessgroups feature is enabled.
    

Local fix

Problem summary

  • Root user can be assigned LDAP groups to its admgroups and
    sugroups when domainlessgroups feature is enabled.
    

Problem conclusion

  • Via API even without domainlessgroups feature, one can upload
    any group name for admgroups and sugroups. So the fix is
    provided in the user space commands to prevent adding ldap
    groups to root user's account as admgroups or sugroups. This
    will main the API behaviour as is.
    

Temporary fix

Comments

  • 7100-03 - use AIX APAR IV66207
    

APAR Information

  • APAR number

    IV66207

  • Reported component name

    AIX V7.1

  • Reported component ID

    5765H4000

  • Reported release

    710

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Submitted date

    2014-10-22

  • Closed date

    2014-10-22

  • Last modified date

    2015-12-31

  • APAR is sysrouted FROM one or more of the following:

    IV66113

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    AIX V7.1

  • Fixed component ID

    5765H4000

Applicable component levels

  • R710 PSY U867640

       UP15/05/19 I 1000

PTF to Fileset Mapping



Document information

More support for: AIX Enterprise Edition

Software version: 710

Operating system(s): AIX

Reference #: IV66207

Modified date: 31 December 2015