IBM Wikis - AIX 5L Wiki - AIXV53AdminBPFiles

Country/region [select]

Services & solutions

Support & downloads

	AIX	Log In \| Sign Up
	AIXV53AdminBPFiles

Browse Space

View
Info

Added by Steve Pittman, last edited by Steve Pittman on May 11, 2008 (view change)

Files for AIX V5.3 system administration best practices

The contents of this web page solely reflect the personal views of the authors and do not necessarily represent the views, positions, strategies or opinions of IBM or IBM management. Please use the Add Comment link at the bottom of the page to provide feedback. Note: Until you sign up and log in (using links in the upper right corner of this web page), you will not see the Add Comment link and you can not add a comment.

Click here to download file tarball containing all the files on this page. Use the commands /opt/freeware/bin/zcat bestprac[1].tar.tgz | tar -tvf- to list contents of the tarball. (Please note that /opt/freeware/bin/zcat delivered in the rpm.rte fileset must be used rather than /usr/bin/zcat delivered in the bos.rte.archive fileset.)

The following file is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/.profile (set ownership & permissions to root.system & rwxr-----):

ENV=/.kshrc
export ENV

if [ $TERM = aixterm ]
# Display hostname & user name on X-window title bar
then print -n "\033]0;$(hostname -s):$USER\007"
fi

if [ $TERM = xterm ]
then
  # Set erase key so <-Backspace key (ASCII octal 177) works properly with PuTTY OpenSSH client
  stty erase $(print -n "\0177")
  # Display hostname & user name on PuTTY DOS window title bar
  print -n "\033]0;$(hostname -s):$USER\007"
fi

# Tell user's fortune if we can
if [ -x /usr/games/fortune ]
then echo ; echo ; echo ; /usr/games/fortune
fi

if [ -s "$MAIL" ]           # This is at Shell startup.  In normal
then echo "$MAILMSG"        # operation, the Shell checks
fi                          # periodically.

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/.kshrc (set ownership & permissions to root.system & rwxr-----):

set -o vi
PS1=$(hostname -s):'$PWD # '

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/usr/lib/security/mkuser.sys for Technology Levels below 7 (set ownership & permissions same as existing mkuser.sys.orig - root.security & rwxr-x---):

# @(#)18	1.9  src/bos/usr/lib/security/mkuser.sys.sh, cmdsuser, bos530 3/3/93 16:31:24
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# bos530 src/bos/usr/lib/security/mkuser.sys.sh 1.9
#
# Licensed Materials - Property of IBM
#
# (C) COPYRIGHT International Business Machines Corp. 1989,1993
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
#
#   COMPONENT_NAME: CMDSUSER
#
#   FUNCTIONS:
#
#   ORIGINS: 27
#
#
#   (C) COPYRIGHT International Business Machines Corp. 1989,1993
#   All Rights Reserved
#   Licensed Materials - Property of IBM
#   US Government Users Restricted Rights - Use, duplication or
#   disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#

#
# Check the number of arguments first
#
if [ $# -lt 4 ]
then
	exit 1
fi

#
# Create the named directory if it does not already exist
# and set the file ownership and permission
#
if [ ! -d $1 ]
then
	mkdir $1
	chgrp $3 $1
	chown $2 $1
fi

# Lines added by Steve Pittman (925-277-5080) of IBM on 9/5/2001 to handle Korn
# shell user as a special case.  Original mkuser.sys saved as mkuser.sys.orig.
if [ `basename $4` = "ksh" ] && [ ! -f $1/.profile ]
then
	cp -ip /etc/security/.profile.ksh $1/.profile
	if [ $? = 0 ]
	then
	  chmod u+rwx,go-w $1/.profile
	  chgrp $3 $1/.profile
	  chown $2 $1/.profile
	fi
	cp -ip /etc/security/.kshrc $1/.kshrc
	if [ $? = 0 ]
	then
	  chmod u+rwx,go-w $1/.kshrc
	  chgrp $3 $1/.kshrc
	  chown $2 $1/.kshrc
	fi
fi

#
# Copy the user's default .profile if it does not already
# exist and change the file ownership, etc.
#
if [ `basename $4` != "csh" ] && [ ! -f $1/.profile ]
then
	cp /etc/security/.profile $1/.profile
	chmod u+rwx,go-w $1/.profile
	chgrp $3 $1/.profile
	chown $2 $1/.profile

else
   if [ `basename $4` = "csh" ] && [ ! -f $1/.login ]
   then
	echo "#!/bin/csh" > "$1"/.login
	echo "set path = ( /usr/bin /etc /usr/sbin /usr/ucb \$HOME/bin /usr/bin/X11 /sbin . )" >> "$1"/.login
	echo "setenv MAIL \"/var/spool/mail/\$LOGNAME\"" >> "$1"/.login
	echo "setenv MAILMSG \"[YOU HAVE NEW MAIL]\"" >> "$1"/.login
	echo "if ( -f \"\$MAIL\" && ! -z \"\$MAIL\") then" >> "$1"/.login
        echo "	echo \"\$MAILMSG\"" >> "$1"/.login
	echo "endif" >> "$1"/.login
	chmod u+rwx,go-w $1/.login
	chgrp $3 $1/.login
	chown $2 $1/.login
   fi
fi

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/tmp/mkuser.sys.orig for Technology Levels below 7 (Not to be installed. To be used only to confirm that /usr/lib/security/mkuser.sys is as expected in the process of replacing it.):

# @(#)18	1.9  src/bos/usr/lib/security/mkuser.sys.sh, cmdsuser, bos530 3/3/93 16:31:24
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# bos530 src/bos/usr/lib/security/mkuser.sys.sh 1.9
#
# Licensed Materials - Property of IBM
#
# (C) COPYRIGHT International Business Machines Corp. 1989,1993
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
#
#   COMPONENT_NAME: CMDSUSER
#
#   FUNCTIONS:
#
#   ORIGINS: 27
#
#
#   (C) COPYRIGHT International Business Machines Corp. 1989,1993
#   All Rights Reserved
#   Licensed Materials - Property of IBM
#   US Government Users Restricted Rights - Use, duplication or
#   disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#

#
# Check the number of arguments first
#
if [ $# -lt 4 ]
then
	exit 1
fi

#
# Create the named directory if it does not already exist
# and set the file ownership and permission
#
if [ ! -d $1 ]
then
	mkdir $1
	chgrp $3 $1
	chown $2 $1
fi

#
# Copy the user's default .profile if it does not already
# exist and change the file ownership, etc.
#
if [ `basename $4` != "csh" ] && [ ! -f $1/.profile ]
then
	cp /etc/security/.profile $1/.profile
	chmod u+rwx,go-w $1/.profile
	chgrp $3 $1/.profile
	chown $2 $1/.profile

else
   if [ `basename $4` = "csh" ] && [ ! -f $1/.login ]
   then
	echo "#!/bin/csh" > "$1"/.login
	echo "set path = ( /usr/bin /etc /usr/sbin /usr/ucb \$HOME/bin /usr/bin/X11 /sbin . )" >> "$1"/.login
	echo "setenv MAIL \"/var/spool/mail/\$LOGNAME\"" >> "$1"/.login
	echo "setenv MAILMSG \"[YOU HAVE NEW MAIL]\"" >> "$1"/.login
	echo "if ( -f \"\$MAIL\" && ! -z \"\$MAIL\") then" >> "$1"/.login
        echo "	echo \"\$MAILMSG\"" >> "$1"/.login
	echo "endif" >> "$1"/.login
	chmod u+rwx,go-w $1/.login
	chgrp $3 $1/.login
	chown $2 $1/.login
   fi
fi

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/usr/lib/security/mkuser.sys for Technology Levels 7 or above (set ownership & permissions same as existing mkuser.sys.orig - root.security & rwxr-x---):

# @(#)18        1.9.1.1  src/bos/usr/lib/security/mkuser.sys.sh, cmdsuser, bos53L, l2007_25C0 6/20/07 16:36:47
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# bos53L src/bos/usr/lib/security/mkuser.sys.sh 1.9.1.1
#
# Licensed Materials - Property of IBM
#
# (C) COPYRIGHT International Business Machines Corp. 1989,1993
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
#
#   COMPONENT_NAME: CMDSUSER
#
#   FUNCTIONS:
#
#   ORIGINS: 27
#
#
#   (C) COPYRIGHT International Business Machines Corp. 1989,1993
#   All Rights Reserved
#   Licensed Materials - Property of IBM
#   US Government Users Restricted Rights - Use, duplication or
#   disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#

#
# Check the number of arguments first
#
if [ $# -ne 4 ]
then
        exit 1
fi

#
# Create the named directory if it does not already exist
# and set the file ownership and permission
#
if [ ! -d $1 ]
then
        mkdir $1
        chgrp $3 $1
        chown $2 $1
fi

# Lines added by Steve Pittman (925-277-5080) of IBM on 9/5/2001 to handle Korn
# shell user as a special case.  Original mkuser.sys saved as mkuser.sys.orig.
if [ `basename $4` = "ksh" ] && [ ! -f $1/.profile ]
then
        cp -ip /etc/security/.profile.ksh $1/.profile
        if [ $? = 0 ]
        then
          chmod u+rwx,go-w $1/.profile
          chgrp $3 $1/.profile
          chown $2 $1/.profile
        fi
        cp -ip /etc/security/.kshrc $1/.kshrc
        if [ $? = 0 ]
        then
          chmod u+rwx,go-w $1/.kshrc
          chgrp $3 $1/.kshrc
          chown $2 $1/.kshrc
        fi
fi

#
# Copy the user's default .profile if it does not already
# exist and change the file ownership, etc.
#
if [ `basename $4` != "csh" ] && [ ! -f $1/.profile ]
then
        cp /etc/security/.profile $1/.profile
        chmod u+rwx,go-w $1/.profile
        chgrp $3 $1/.profile
        chown $2 $1/.profile

else
   if [ `basename $4` = "csh" ] && [ ! -f $1/.login ]
   then
        echo "#!/bin/csh" > "$1"/.login
        echo "set path = ( /usr/bin /etc /usr/sbin /usr/ucb \$HOME/bin /usr/bin/X11 /sbin . )" >> "$1"/.login
        echo "setenv MAIL \"/var/spool/mail/\$LOGNAME\"" >> "$1"/.login
        echo "setenv MAILMSG \"[YOU HAVE NEW MAIL]\"" >> "$1"/.login
        echo "if ( -f \"\$MAIL\" && ! -z \"\$MAIL\") then" >> "$1"/.login
        echo "  echo \"\$MAILMSG\"" >> "$1"/.login
        echo "endif" >> "$1"/.login
        chmod u+rwx,go-w $1/.login
        chgrp $3 $1/.login
        chown $2 $1/.login
   fi
fi

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/tmp/mkuser.sys.orig for Technology Level 7 or above (Not to be installed. To be used only to confirm that /usr/lib/security/mkuser.sys is as expected in the process of replacing it.):

# @(#)18        1.9.1.1  src/bos/usr/lib/security/mkuser.sys.sh, cmdsuser, bos53L, l2007_25C0 6/20/07 16:36:47
# IBM_PROLOG_BEGIN_TAG
# This is an automatically generated prolog.
#
# bos53L src/bos/usr/lib/security/mkuser.sys.sh 1.9.1.1
#
# Licensed Materials - Property of IBM
#
# (C) COPYRIGHT International Business Machines Corp. 1989,1993
# All Rights Reserved
#
# US Government Users Restricted Rights - Use, duplication or
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# IBM_PROLOG_END_TAG
#
#   COMPONENT_NAME: CMDSUSER
#
#   FUNCTIONS:
#
#   ORIGINS: 27
#
#
#   (C) COPYRIGHT International Business Machines Corp. 1989,1993
#   All Rights Reserved
#   Licensed Materials - Property of IBM
#   US Government Users Restricted Rights - Use, duplication or
#   disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#

#
# Check the number of arguments first
#
if [ $# -ne 4 ]
then
        exit 1
fi

#
# Create the named directory if it does not already exist
# and set the file ownership and permission
#
if [ ! -d $1 ]
then
        mkdir $1
        chgrp $3 $1
        chown $2 $1
fi

#
# Copy the user's default .profile if it does not already
# exist and change the file ownership, etc.
#
if [ `basename $4` != "csh" ] && [ ! -f $1/.profile ]
then
        cp /etc/security/.profile $1/.profile
        chmod u+rwx,go-w $1/.profile
        chgrp $3 $1/.profile
        chown $2 $1/.profile

else
   if [ `basename $4` = "csh" ] && [ ! -f $1/.login ]
   then
        echo "#!/bin/csh" > "$1"/.login
        echo "set path = ( /usr/bin /etc /usr/sbin /usr/ucb \$HOME/bin /usr/bin/X11 /sbin . )" >> "$1"/.login
        echo "setenv MAIL \"/var/spool/mail/\$LOGNAME\"" >> "$1"/.login
        echo "setenv MAILMSG \"[YOU HAVE NEW MAIL]\"" >> "$1"/.login
        echo "if ( -f \"\$MAIL\" && ! -z \"\$MAIL\") then" >> "$1"/.login
        echo "  echo \"\$MAILMSG\"" >> "$1"/.login
        echo "endif" >> "$1"/.login
        chmod u+rwx,go-w $1/.login
        chgrp $3 $1/.login
        chown $2 $1/.login
   fi
fi

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/etc/security/.profile.ksh (set ownership & permissions same as /etc/security/.profile - root.security & rw-rw----):

ENV=$HOME/.kshrc
export ENV

if [ $TERM = aixterm ]
# Display hostname & user name on X-window title bar
then print -n "\033]0;$(hostname -s):$USER\007"
fi

if [ $TERM = xterm ]
then
  # Set erase key so <-Backspace key (ASCII octal 177) works properly with PuTTY OpenSSH client
  stty erase $(print -n "\0177")
  # Display hostname & user name on PuTTY DOS window title bar
  print -n "\033]0;$(hostname -s):$USER\007"
fi

# Tell user's fortune if we can
if [ -x /usr/games/fortune ]
then echo ; echo ; echo ; /usr/games/fortune
fi

if [ -s "$MAIL" ]           # This is at Shell startup.  In normal
then echo "$MAILMSG"        # operation, the Shell checks
fi                          # periodically.

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/etc/security/.kshrc (set ownership & permissions same as /etc/security/.profile - root.security & rw-rw----):

PATH=${PATH}:$HOME/bin:.
# If /usr/local/bin is not added to the path in /etc/environment, add it here
#PATH=${PATH}:$HOME/bin:.:/usr/local/bin
PS1=$(hostname -s):'$PWD $ '
set -o vi

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/usr/local/bin/ptree (set ownership & permissions to bin.bin & r-xr-xr-x):

#!/usr/bin/ksh
#
# This shell script lists all children of a specified process
#
# Author: Steve Pittman - IBM - 2/12/1996
#
# Get name of this script and specified parent process
scrname=${0##*/}
if [ $# != 1 ]
then
  echo "Usage: $scrname <parent>"
  exit 1
fi
parent=$1

# Allow ps command to display up to 1024 characters per line
export COLUMNS=1024

# Define function to add a process' pid and all its descendents' pids to plist
children()
{
        parent=$1
        plist=$plist,$parent
        /bin/ps -eF pid=,ppid= | /bin/awk -v parent=$parent '{if ($2 == parent) print $1}' | while read child
        do
          children $child
        done
}
plist=""
children $parent        # Build plist
ps -fp ${plist#,}       # Display processes after dumping leading comma from plist

A tarball can be downloaded which contains the following file, which is referred to in (and can be used to implement) an AIX V5.3 System Administration best practice.

/usr/local/bin/stopcmd (set ownership & permissions to bin.bin & r-xr-xr-x):

#!/usr/bin/ksh
#
# This shell script stops the process that is running the specified command.
#
# Author: Steve Pittman - IBM - 10/19/2001
#
# Get name of this script and specified command to kill
scrname=${0##*/}
if [ $# != 1 ]
then
  echo "Usage: $scrname <command>"
  exit 1
fi
command=$1

# Get our username and set flag for ps command appropriately
username=$(whoami)
if [ "$username" != root ]
then uflag="-u $username"
else uflag="-e"
fi

# Find ID of process that is running the specified commmand
/bin/ps $uflag -F pid=,comm= | /bin/awk -v command=$command '{if ($2 == command) print $1}' | while read pid
do
  if [ -n "$processid" ]
  then
    print -u2 "cmdname: Process $processid and $pid are both running $command!"
    exit 2
  else
    processid=$pid
  fi
done
if [ -n "$processid" ]
then
  echo kill $processid
  kill $processid
else
  print -u2 "cmdname: No process found running command $command!"
  exit 3
fi

Comments (Hide)

Hi.

I am a certified AIX pSeries specialist. This material looks very good. Actually I need to check it out and implement it on a few installations.

I'll let you know about my progress.

Regards,

Alex

Posted by Alexander Zaretsky at Jan 07, 2008 19:28 | Permalink

Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.2.10 Build:#528 Nov 29, 2006)