Recommended user attributes

A major attribute of users is how they are authenticated. Users are the primary agents on the system. Their attributes control their access rights, environment, how they are authenticated, as well as how, when, and where their accounts can be accessed.

Groups are collections of users who can share the same access permissions for protected resources. A group has an ID and is composed of members and administrators. The creator of the group is usually the first administrator.

Many attributes can be set for each user account, including password and login attributes. For a list of configurable attributes, refer to Disk quota system overview. The following attributes are recommended:

• Each user should have a user ID that is not shared with any other user. All of the security safeguards and accountability tools work only if each user has a unique ID.
• Give user names that are meaningful to the users on the system. Actual names are best, because most electronic mail systems use the user ID to label incoming mail.
• Add, change, and delete users using the SMIT interface. Although you can perform all of these tasks from the command line, the SMIT interface helps to reduce small errors.
• Do not give an initial password to a user account until the user is ready to log in to the system. If the password field is defined as an * (asterisk) in the /etc/passwd file, account information is kept, but no one can log in to that account.
• Do not change the system-defined user IDs that are needed by the system to function correctly. The system-defined user IDs are listed in the /etc/passwd file.
• In general, do not set the admin parameter to true for any user IDs. Only the root user can change attributes for users with admin=true set in the /etc/security/user file.