Specifies the administrative user ID for the system. If the userID argument is omitted, the current user is modified. Optional.
Using unlisted arguments can lead to an error
Options
--clear-ssh-key
Clears the SSH keys of the user. Optional.
-k sshKey
Identifies the public SSH key of this user. The key will be added to ~/.ssh/authorized_keys to
enable password-free, key-based access for this user. User is able to add only one external ssh key. Optional.
Quotation marks are needed if the ssh key contains spaces in between.
-l longName
Specifies the human-readable full name of the user. Optional. Only a security user can execute this option.
The maximum length of the full name is 256.
-p | --newPassword newPassword
Sets the new password for the user. Optional.
This option is only allowed for members of the SecurityAdmin group or when changing password for itself.
When this option is used by the user to change the password for itself, user will have to provide the current password.
When this option is used by a member of the SecurityAdmin group and the userID is provided as an argument, the password is reset for the provided userID. The password policies are not enforced in such scenario, however the password is expired for the user and the user must change his password on next login, wherein the password policies are enforced.
--donotexpireonlogin
This option is used with -p option, with this the password will not expire immediately. Hence user will not have to change password on next login, but it will eventually expire due to password policies.
--neverexpire
This option is used with -p option, with this the password will never expire and won't follow the password policy settings for password max age. Also, note that none of the system password policies will be applied to this password ever, since this is a password reset operation performed by the Security Admin user for another CLI user.
--currentPassword currentPassword
Specifies the current password for the user. Optional.
This option is mandatory when chuser is used by the user to change the password for itself.
This is optional when a member of SecurityAdmin group is changing password for any other user, where it is considered as a password reset request.
Replaces the previous group membership. A list of supplementary groups which the user is a member of.
Each group is separated from the next by a comma, with no intervening white space. Optional. Only a security user can execute this option.
-a | --addtogrp name_or_id1[,name_or_id2,...[,name_or_id3]]
Adds the user to the supplemental group or groups. Each group is separated from the next by a comma, with no intervening white space. Optional. Only a security user can execute this option.
Deletes the user from the group or groups. Each group is separated from the next by a comma, with no intervening white space. Optional. Only a security user can execute this option.
--unlock
Unlocks the user specified by the user ID. If user ID is not specified, the current useraqs user ID is used. Optional. Only a security user can execute this option.
--expirePassword
Expires the password for the user specified by the user ID. If the user ID is not specified, the current useraqs user ID is used. Optional. Only a security user can execute this option.
--locale <locale>
Sets the user locale.
Valid values are (case insensitive):
English
Chinese
Taiwan
Japanese
French
German
Italian
Spanish
Korean
Portuguese
If you want to set the system-wide locale setting, you can use the following option too:
System
Using unlisted options can lead to an error.
Description
The
chuser
command modifies an administrative user ID for the management node. Only user IDs which have been created with mkuser can be modified. This command also facilitates the configuration and clearance of ssh keys for root user. Only the --clear-ssh-key, -p and -k options are allowed for modification of the root user. Only user[s] belonging to the "SecurityAdmin" group can execute this command. The only exception to that are password changes to the useraqs own account that can be done by that user.
Example
chuser testuser -k aqssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1W6VzS/Xr6/iTCwbJghDvPc4Z7ZPSXJ8hSk/OOD5s6d8MTsWujtqT0MqfbEwMT/etQSyyPXRWlA+mW0Slni+aRAadtyVqngAqFgLPXmE5uALM389vNIB7L3U3Et6MUQjywFCiQUHmVXSlBdgOnSuqIiXMpuKxy3nuldQtF5k6J8tfVkCbMg0zTyNG63NgtEJbkZ0Dp0hzjTLSriAo6HnmTZ6aOpodH86vrlxb9HpeUkHPRsRULsGm4a8ZAmMYfCJtRUUETJPMwR6YmJVvzNJfUkY1cpVtpukvSlHdGxz9oZiIWwrKshOFS3ISrh7uQH1F3y10+n3939cc+c0Boxm4w== testuseraq
This command will add a new ssh key for passwordless access for the user testuser"
Limitations:
-The number of CLI user groups is limited to 128.
-The number of users per CLI group is limited to 30.
-The number of groups per CLI user is limited to 30.
-Groups cannot be renamed.
-Groups with group IDs (GIDs) outside the defined GID-range are not allowed.
Diagnostics
0
No error - The command was successful.
1
Syntax Error or Help - The command syntax was incorrect or --help was specified.
2
No Permission - The user does not have permission to issue the command.
3
Version Error - Mismatch between the expected and actual version of the software stack.
4
Communication Error - Communication with other cluster nodes or back-end services failed.
5
Timeout error - An operation waiting for data did not receive it within the time it expected it.
6
Input error - An argument or option was invalid.
7
Server error - An error occurred in a back-end service that caused the command to fail.
8
Command error - An internal error occurred while executing the command.
9
Invalid object - An object referenced by an argument or option value does not exist.
10
Duplicate object - The object to be created already exists.
11
Not enabled - The command is not enabled on this hardware platform.
12
Not licensed - The license agreement was not accepted.
14
User abort - The user aborted the command.
Copyright
Licensed Materials - Property of IBM, 5639-SN1, (C) Copyright IBM Corp. 2009, 2014. All rights reserved.