Security users in AIX don�t have permission to change the group of the user thru Smitty Users
When they try to change the group of the users to any group they'll get permission denied
Security profile in Smitty :
[TOP] [Entry Fields]
User NAME...................................................securityuser
User ID.......................................................[205]
ADMINISTRATIVE USER?...............................false
Primary GROUP............................................[security]
Group SET..................................................[security,staff]
ADMINISTRATIVE GROUPS...........................[]
ROLES.......................................................[]
Another user can SU TO USER?......................true
SU GROUPS................................................[ALL]
HOME directory.......................................... [/home/securityuser]
Initial PROGRAM..........................................[/usr/bin/ksh]
User INFORMATION...................................[securityuser]
EXPIRATION date (MMDDhhmmyy)................[0]
Error message when security user try to change the group for any user !!
I am not an expert at this so I am probably not the right person to help. Having said that I had to set up a user with the same rights as root. One of the things I had to do was set their User Id to 0 (zero) along with the groups that they can have access to. The problem I believe is that it will give them the same rights as root which may not be what you want. Good luck.
For security reasons only root can use chown and chgrp. Else you could write a program with malicious code, chown/chgrp it to somebody else, maybe root or whoever and try to get it executed by those. So no chown/chgrp for normal users. I have no appropriate line from IBM at hand, but usually it is on many types of systems like this.
Only the root user can change the owner of a file. You can change the group of a file only if you are a root
user or if you own the file. If you own the file but are not a root user, you can change the group only to a
group of which you are a member.
Security User is manging users in AIX by smitty menu and he'll modify group of some exiting users from staff to System will group users to another groups but he is getting below error
=======================================
Command: failed stdout: yes stderr: no
Before command completion, additional instructions may appear below.
3004-692 Error changing "groups" to "sys" : You do not have permission.
=======================================
Security user should has full permission in this regard ?!!
issue is in permission of security Group there is no permission for security Group to change the group of the users ?!!
edit by bakunin: ahem! It is against the rules to bump up threads and your post hardly contains any advancement of the threads content, don't you agree?