[[aix:aix_mkuser]]
 
Trace: aix_mkuser

Table of Contents

Creating Users

1. Add users from CMD line

There is a requirement to create user accounts for Diamond/Emerald on dmcsp.unix.brm.pri which can be done from the command line to save time.

The example below adds a user called tmpuser, with the ability to change their password:- 

mkuser shell=/usr/bin/passwd gecos="Temp User" tmpuser

Then set the users password to the same as the username with:- 

passwd tmpuser

If you dont want the user to change their password on first login (if they are logging in via documentum, they cant change it themselves), then clear the ADMCHG flag with the pwdadm command. 

pwdadm -c tmpuser

2. Add large amounts of users in one go (test001 - test500)

If you have a large amount of users to create (for example “test001” to “test500”) then you can do a little script to loop through the alpha part of the username and increment it, like below 

#!/usr/bin/bash
for i in {1..500}; do
mkuser shell=/usr/bin/passwd test$prefix$(printf %03d $i)
done

Once this is done, you'll need to set the password for them (in this case 'password'), the command below does a similar loop to the above, but pipes the output to xargs, which creates a username:password string like “test001:password” which is then redirected to a file. 

printf "%03d\n" {1..500} |xargs -i% echo "test%:password" > chpasswd.file

then just run chpasswd using the file as input. 

cat chpasswd.file | chpasswd

As these passwords are set by root and not the user, they have a flag set so that they are forced to change the password, for documentum accounts this is not desirable, so run the following script to clear the flag. 

#!/usr/bin/bash
for i in {1..500}; do
pwdadm -c test$prefix$(printf %03d $i)
done

3. Creating Large Volume of Users (Unique Names)

This is particular relevant to Document Management Team & Documentum. They currently have user accounts created in uppercase characters for a roll out of EIM. Gareth has created some scripts on docprcs.unix.brm.pri, in /home/support/mkusers.

3.1 Creating The Files Used By The Scripts

Sample of EIMUsers spreadsheet;

BCC Login First Name Surname Go Live Date
SOCBJEWD JUNE WOOD 10/06/2010
SOCFJEOR JACKIE OLIVIER 10/06/2010
SOCASETY SARAH-JAYNE THACKER 10/06/2010
SOCATABN TANYA BOWEN 10/06/2010

Login to docprcs.unix.brm.pri, via putty and cd to /home/support/mkusers 

cd /home/support/mkusers

Copy the BCC Login, First Name & Surname columns from the spreadsheet and paste into a file such as 20100615-all or yardley-all (using vi). Re-arrange in Excel (move/insert columns) if they are not in the correct order.

3.2 Running the Script

You are now ready to run the script. You need to pass 3 parameters to the script; 

./createusers.sh 20100615-all LetMeIn007 20100615b

Where 20100615-all is user names to be processed, and LetMeIn007 is the password to be set, and the third parameter is normally the 'go live date', for this batch. The 20100615b in this example means that there were 2 batches with the same date. This will create a copy of the chpasswd.file with this date on the end. This can be used to reset the password for the whole of this batch if required.

For security reasons, please pick your own password for each roll-out, (not limited to 8 characters)

If there are duplicate BCC Login IDs, you will see something similiar to this; 

3004-689 User "BCCADOJY" exists.
3004-689 User "SOCASEAR" exists.
3004-689 User "SOCAJSRS" exists.
3004-689 User "SOCAJEWS" exists

Or an error such as; 

Creating user accounts from ldusers-all with password of xxxxxxxx
3004-694 Error adding "BCCBCEDSN" : Name is too long.
Setting passwords ..............
3004-687 User "BCCBCEDSN" does not exist.
Done!!!!
  • Email info on duplicates or other errors to BOTH Ravi Sibal (SBham) & EDMS Support
  • Email details of the password ONLY to Ravi Sibal (SBham) and nick.fawson@capita.co.uk

3.3 Resetting the passwords for a Batch Previously Created

Let's assume that a batch of users created on 17/05/2010 didn't atually 'go live' as there was some mix up. They will be going live on 17/06/2010. For security reasons, the policy on this server has been set, as follows;

  • A password is valid for 4 weeks
  • 2 weeks after maxage when user can still change password
  • other users cannot switch to this account
  • 10 days before a forced password change warning is given
  • 3 invalid login attempts before locked out
  • 26 weeks you can't reuse a password
  • The last 12 previous passwords cannot be reused
  • minimum alphabetic characters = 2
  • minimum non alphabetic characters = 3
  • minimum length = 8
  • maximum time a character can appear in a password = 3

Based on this policy, users will only have 2 more weeks (grace period) remaining to login before their accounts are locked. So we want to change all the passwords for this batch of users. The chpasswd.file.20100517 has a list of users & passwords stored for that batch of users.

Assuming previously that the password was set to LetMeIn1705, the command below performs a search & replace toreplace each occurance with H0n3yBee1706, and outputs this file to chpasswd.file.100610.pwchange 

sed "s/LetMeIn1705/H0n3yBee1706/g" chpasswd.file.20100517 > chpasswd.file.20100617.pwchange

Then issue this command to actually change the password; 

cat chpasswd.file.20100617.pwchange |chpasswd
 
aix/aix_mkuser.txt · Last modified: 06/04/2022 00:12 by andrew