Re: AIX reset users

TechFly,
I have worked in a similar situation. The solution that I implemented was to change the service account to something no one knew and to have people sudo su - <user>. It took quite a while because there were a number of scripts that had the password hard coded (and in the clear) that needed to be addressed. It took some time and some comprimises needed to be made but the end result was satisfactory.

My recommendation to you regarding your code is don't write scripts like this. You will end up copy/pasting all over the place. Instead, write modules that expose AIX admin commands in a consistent manner that can be re-used in script after script. Isn't the following more appealing:

...

my $account = AIX::Account->new($user);
if ($account->locked) {
    print "Attempting to unlock account for '$user'\n";
    if (! $account->unlock) {
        print "Failed to unlock account for '$user': ", $account->last
+_error;
    }
    else {
        print "Account for '$user' successfully unlocked\n";
    }
}
else {
    print "Account for '$user' was not locked\n";
}
[download]

Cheers - L~R

Comment on Re: AIX reset users Download Code

Replies are listed 'Best First'.
Re^2: AIX reset users by TechFly (Scribe) on Feb 11, 2011 at 17:39 UTC
For the su - <username>, that is set up. The problem lies in the human psyche. I have been at my current position for a short time, so cannot force change. The users don't want to use su, and the current admin does not want to go through the hassle of forcing them. it will change when I can force it, but for now, I will have to wait. As for your suggestion, it is a great one. It is actually something I was thinking about working on, but I am fairly new to perl, so have a bit more learning to do. That is on my list of things I wish to do though. Thanks for the great suggestion.	[reply]
Re^2: AIX reset users by ambrus (Abbot) on Feb 12, 2011 at 14:49 UTC
`sudo su - username` seems like an overkill. Don't give the users root access via sudo if they don't need that, just give them access to that one service user, and let them use `sudo -u username -i`.	[reply] [d/l] [select]
Re^3: AIX reset users by Limbic~Region (Chancellor) on Feb 12, 2011 at 21:43 UTC
ambrus, Giving them root access would be insane. Of course you would limit what commands could be issued via sudo by the configuration of the sudoers configuration. While there are shortcuts as you point out, the command I provided doesn't give someone root access. Cheers - L~R	[reply]