Also check out Sudo.....
sudo Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis, it is not a replacement for the shell. andy -----Original Message----- From: Rich Sias [mailto:[EMAIL PROTECTED] Sent: 28 May 2005 08:56 To: [email protected]; Dave Schexnayder Subject: Re: [U2] Creating AIX Users for UniVerse ** Reply to message from "Dave Schexnayder" <[EMAIL PROTECTED]> on Thu, 26 May 2005 10:32:01 -0500 > Hi Gals and Guys, > > We would like to release a administrative tool for our UniVerse/AIX (and > SCO) users which would allow them to create users on Unix and set their > passwords. > > Many of our users do not have IT staff and only do system management in Unix > when they have to. In reviewing the AIX documentation, I cannot find a way > around setting the password that is not interactive. > > In addition, the documentation states that other users can be promoted to > superuser. Has anyone done this for the purpose of creating users. Are > there any disadvantages to doing this? > > Ultimately, we would like an administrative user (other than root) to be > able to fill out a VB screen and upon acceptance, have it create a > functioning Unix user ready for login. > > Thanks, > > > Dave Schexnayder. :-) > Cheetah Advanced Technologies, Inc. On a system I worked with in 90's till 03, we had is as a two part process. One part was the app to interface with the "help desk person". It was a user interface querying for selected data items such as name, login id, creation, deletions, reset and other items we deemed neccessary. This apps only job is to collect the data and save it as a record. The other app is a phantom running as "superuser" in HPUX and when it noticed a record appeard, it would begin processing that record. It would revalidate the data fields again to be sure strings, numbers were what they were supposed to be and be limited to max character counts. Rejects were marked with errors and moved to logfile. Then it would process the data and using the superuser status execute login creation, update, delettion commands using the data provided. Either errors were attached or successful message attached and record moved to logfile. We recorded loginid for supervisor requesting, loginid of help desk person, time stamp at each interval of the process among other things. I later wrote a report for accounting dept that investigated an occasional activity or person looking for certain behaviour. Rich Sias - now looking for more dba work in Philly USA area. ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/ ------- u2-users mailing list [email protected] To unsubscribe please visit http://listserver.u2ug.org/
