mkdom Command

Purpose

Creates a new domain.

Syntax

mkdom [Attribute = Value ...] Name

Description

The mkdom command creates a new domain in the domain database. The domain attributes can be set during the domain creation phase by using the Attribute = Value parameter.

When the system is operating in the enhanced Role Based Access Control (RBAC) mode, modifications made to the domain database are not used for security considerations until the database is sent to the kernel security tables by using the setkst command.

Note: The domain id value can be lesser than or equal to 1024. The mkdom command enables you to create 1024 domains on the system.

Parameters

Item Description
Attribute = Value Initializes a domain attribute. See the chdom command for valid attributes and values.
Name Specifies a unique domain name string.
Restrictions on creating domain names: The Name parameter specified must be unique and is limited to a 64 single-byte printable character. While the mkdom command supports multibyte domain names, it is recommended that you restrict domain names to characters within the POSIX portable file name character set. Domain names must not begin with a - (dash), + (plus sign), @ (at sign), or ~ (tilde) and must not contain any space, tab, or new-line characters. You cannot use the keywords ALL, default, ALLOW_OWNER, ALLOW_GROUP, ALLOW_ALL or * as a domain name. Additionally, do not use any of the following characters within a domain string:
Item Description
: Colon
" Double quotation mark
# Number sign
, Comma
= Equal sign
\ Backslash
/ Forward slash
? Question mark
' Single quotation marks
` Grave accent

Security

The mkdom command is a privileged command. Callers of the command must have activated a role that has the following authorization to run the command successfully.
Item Description
aix.security.domains.create Required to run the command.

Files Accessed

Item Description
File Mode
/etc/security/domains rw

Examples

  1. To create a domain hrdom and to have the mkdom command assign an appropriate ID value:
    mkdom hrdom