Purpose
Creates a new domain.
Description
The mkdom command creates
a new domain in the domain database. The domain attributes can be
set during the domain creation phase by using the Attribute = Value parameter.
When
the system is operating in the enhanced Role Based Access Control (RBAC) mode, modifications
made to the domain database are not used for security considerations
until the database is sent to the kernel security tables by using
the setkst command.
Note: The domain id value can be lesser
than or equal to 1024. The mkdom command enables you to create
1024 domains on the system.
Parameters
| Item |
Description |
|---|
| Attribute = Value |
Initializes a domain attribute. See the chdom command
for valid attributes and values. |
| Name |
Specifies a unique domain name string. |
Restrictions on creating domain names: The
Name parameter specified
must be unique and is limited to a 64 single-byte printable character.
While the
mkdom command supports multibyte domain names, it
is recommended that you restrict domain names to characters within
the POSIX portable file name character set. Domain names must not
begin with a - (dash), + (plus sign), @ (at sign), or ~ (tilde) and
must not contain any space, tab, or new-line characters. You cannot
use the keywords ALL, default, ALLOW_OWNER, ALLOW_GROUP, ALLOW_ALL
or * as a domain name. Additionally, do not use any of the following
characters within a domain string:
| Item |
Description |
|---|
| : |
Colon |
| " |
Double quotation mark |
| # |
Number sign |
| , |
Comma |
| = |
Equal sign |
| \ |
Backslash |
| / |
Forward slash |
| ? |
Question mark |
| ' |
Single quotation marks |
| ` |
Grave accent |
Security
The
mkdom command is a
privileged command. Callers of the command must have activated a role
that has the following authorization to run the command successfully.
| Item |
Description |
|---|
| aix.security.domains.create |
Required to run the command. |
Files Accessed
| Item |
Description |
|---|
| File |
Mode |
| /etc/security/domains |
rw |
Examples
- To create a domain hrdom and to have the mkdom command
assign an appropriate ID value:
mkdom hrdom