Can an AIX user that appears in etc/group but not etc/passwd still log into a server

access-controlaixgrouppasswd

Looking at etc/group and etc/passwd files, I see accounts listed in various groups in the etc/group file that do not appear in the etc/passwd files. Can these accounts still log in to the AIX server?

Best Answer

While these accounts may be leftovers from an incomplete removal, it is also possible that they are being served externally from /etc/passwd. Check the output of grep ^login /etc/pam.conf | grep account (assuming AIX >= 5.3) to see if you have any PAM modules that could be supplying the account information. LDAP, NIS, and other 3rd-party software may be configured to provide account and/or authorization data.

Let me add a shortcut answer to the actual question that was asked (inspired by the appearance of the getent answer, because I'm not aware of a getent for AIX):

lsuser -a login rlogin USERNAME

... should query whatever account repositories have been configured and tell you whether USERNAME can log in or not.

Best Answer

Related Solutions

Why don’t /etc/group and /etc/password match

Why only one active group at a time

Related Question