User Attributes in Hierarchical Zones
A user extension object is a serviceConnectionPoint object that is created in
the Users sub-container of the zone. The pseudoattributes for this object are
stored in the keywords attribute.
| User attribute | Stored in Active Directory attribute | Inherited |
|---|---|---|
cn
|
sAMAccountName@domain.name[:*N*]
|
No |
objectType
|
displayName=\$CimsUserVersion4
|
No |
Name
|
keywords:login:name For example: keywords:login:cain |
Yes |
Uid
|
keywords:uid:value For example: keywords:uid:458 |
Yes |
Gid
|
keywords:gid:value For example: keywords:gid:458 |
Yes |
Home
|
keywords:home:value For example: keywords:home:/home/shea |
Yes |
Shell
|
keywords:shell:value For example: keywords:shell:/bin/bash |
Yes |
Gecos
|
gecos:value For example: gecos:%{u:displayName} |
Yes |
User and group extended attributes are specific to a particular computer and can be set on a per-user or per-group basis. The format for extended attributes depend on the format required for a particular operating system. Currently, only AIX extended attributes are supported.
Each attribute name starts with a prefix that indicates the operating system to
which it applies (for example, aix.) and is followed by the attribute name. The
valid values for each attribute depend on the attribute type, and can be a
string, number or Boolean value. Attributes that support multiple values are
specified with separate namevalue pairs.
The specific user and group extended attributes that are available for you to set depend on the version of the operating system running on the computer where the attributes are used. For detailed information about the extended attributes available and valid values on a specific version of the AIX operating system, see your AIX documentation.
The following table lists some of the most commonly-used user extended attributes for illustration purposes. It does not represent the complete list of user and group extended attributes that might be available on any given version of the operating system.
| Extended attribute | Description |
|---|---|
aix.admin
|
Specifies the administrative status of the user as true or false. |
aix.admgroups
|
Lists the groups that the user administrates as a comma-separated list of group names. |
aix.daemon
|
Specifies whether the user can execute programs using the the cron daemon or the system resource controller (src). |
aix.rlogin
|
Specifies whether the user account can be logged into remotely using telnet or rlogin. |
aix.su
|
Indicates whether other users can switch to the user account with the su command. |
aix.sugroups
|
Lists the groups can switch to the user account as a comma-separated list of group names. |
aix.tpath
|
Indicates the user's trusted path status. |
aix.ttys
|
Lists the terminals that can access the account as a comma-separated list of full path names, or using ALL to indicate all terminals. |
aix.fsize
|
Sets the soft limit for the largest file a user's process can create or extend or a value of -1 to specify unlimited for this attribute. |
aix.core
|
Sets the soft limit for the largest core file a user's process can create or a value of -1 to specify unlimited for this attribute. |
aix.cpu
|
Sets the soft limit for the maximum number of seconds of system time that a user's process can use or a value of -1 to specify unlimited for this attribute. |
aix.data
|
Sets the soft limit for the size of a user’s data segment or a value of -1 to specify unlimited for this attribute |
aix.rss
|
Sets the soft limit for the largest amount of physical memory a user's process can allocate or a value of 1 to specify unlimitedfor this attribute. |
aix.stack
|
Sets the soft limit for the largest process stack segment for a user's process or a value of 1 to specify unlimited for this attribute. |
aix.nofiles
|
Sets the soft limit for the number of file descriptors a user process can have open at one time or a value of 1 to specify unlimited for this attribute. |
aix.umask
|
Determines file permissions for the user using a three-digit octal value such as 022. |
