How to unlock user in IBM AIX server ?
Today in this post, we will see a quick tip how to unlock a user in AIX.
Its quick and a very useful tip during day to day Unix/Linux operations.
I. Check if the user account is locked out or not.
ACTIVE ngeaix001--> lsuser saket saket id=5486 pgrp=ghub groups=ghub,staff home=/UnixMove/ghub/saket shell=/usr/bin/ksh gecos=Biz_FTP_UnixMove_User login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=8 pwdchecks= dictionlist=/usr/share/dict/words fsize=-1 cpu=-1 data=-1 stack=-1 core=-1 rss=-1 nofiles=-1 fsize_hard=-1 time_last_login=1642873178 time_last_unsuccessful_login=1643023549 tty_last_login=ftp tty_last_unsuccessful_login=ftp host_last_login=ngeaix001.NGEINDIA.ngelgroup.net host_last_unsuccessful_login=ngeaix001.NGEINDIA.ngelgroup.net unsuccessful_login_count=11 roles=
II. In case user account is locked, or having more failed login counts.
ACTIVE ngeaix001--> chuser unsuccessful_login_count=0 saket ACTIVE ngeaix001-->
III. Check out if the parameter is reset now.
ACTIVE ngeaix001--> lsuser saket saket id=5486 pgrp=ghub groups=ghub,staff home=/UnixMove/ghub/saket shell=/usr/bin/ksh gecos=Biz_FTP_UnixMove_User login=true su=true rlogin=true daemon=true admin=false sugroups=ALL admgroups= tpath=nosak ttys=ALL expires=0 auth1=SYSTEM auth2=NONE umask=22 registry=files SYSTEM=compat logintimes= loginretries=0 pwdwarntime=0 account_locked=false minage=0 maxage=0 maxexpired=-1 minalpha=0 minother=0 mindiff=0 maxrepeats=8 minlen=0 histexpire=0 histsize=8 pwdchecks= dictionlist=/usr/share/dict/words fsize=-1 cpu=-1 data=-1 stack=-1 core=-1 rss=-1 nofiles=-1 fsize_hard=-1 time_last_login=1642873178 time_last_unsuccessful_login=1643023549 tty_last_login=ftp tty_last_unsuccessful_login=ftp host_last_login=ngeaix001.NGEINDIA.ngelgroup.net host_last_unsuccessful_login=ngeaix001.NGEINDIA.ngelgroup.net unsuccessful_login_count=0 roles= ACTIVE ngeaix001-->
In AIX, we have multiple ways to restrict/control user access to different paths.
Say, for example, we can control access by any of the options like user login=true su=true rlogin=true, etc.
Here we have seen unsuccessful login count is more and due to which user is denied to login on the server, so we can reset it to 0.
It will re-enable/unlock the account on server.
This is one of the common issue we see on AIX server wherein the account gets locked.