mkpasswd Command

Purpose

Organizes the basic user database for efficient searches.

Syntax

mkpasswd [ -v ] { -f | -d | -c} |indexname

Description

The mkpasswd generates indexes over certain security files. These indexes are used by the getpwnam, getpwuid, getuserattr, and putuserattr library subroutines.

This approach significantly enhances performance for large user base systems. The following indexes, defined in /usr/include/usersec.h, are created:

Item Description
/etc/passwd.nm.idx: Index over /etc/passwd file using username as key.
/etc/passwd.id.idx: Index over /etc/passwd file using userid number as key.
/etc/security/passwd.idx: Index over /etc/security/passwd file.
/etc/security/lastlog.idx: Index over /etc/security/lastlog file.
Notes:
  1. Modifying the security files over which indexes are built by an editor disables the use of indexing mechanism.
  2. Indexed read of a data file is automatically done if a corresponding index exists over the file and is not older than it (except for lastlog index) .
  3. In order for indexed mechanism to be used at login, the mkpasswd command must have generated indexes.
  4. The indexing mechanism replaces the previous hashing mechanism which used dbm files.

Flags

Item Description
-v Reports progress if index built.
-f Forces building of all indexes.
-d Deletes all indexes.
-c Checks all indexes and rebuilds the ones that look suspicious.
indexname Forces building of a particular index.

Security

Access Control: Only the root user and members of the security group should have execute (x) access to this command. The command should be setuid to the root user so the command has access to the user database. Members of the security group should have access to all the files listed in the Files section. This command should have the trusted computing base attribute.

Attention RBAC users and Trusted AIX users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in AIX® Version 7.1 Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.

Files Accessed:

Item Description
Mode File
r /etc/passwd
rw /etc/passwd.nm.idxnnnn.tmp and /etc/passwd.id.idxnnnn.tmp

where nnnn is the process id.

r /etc/security/passwd
rw /etc/security/passwd.idx
rw /etc/security/passwd.idxnnnn.tmp

where nnnn is the process id

r /etc/security/lastlog
rw /etc/security/lastlog.idx
rw /etc/security/lastlog.idxnnnn.tmp

where nnnn is the process id

Examples

  1. To create and enable indexed read of security files, enter:
    mkpasswd -f
  2. To create and enable indexed read of only the /etc/security/passwd file, enter:
    mkpasswd /etc/security/passwd.idx
  3. To check and rebuild outdated or bad indexes, enter:
    mkpasswd -c

Files

Item Description
/usr/sbin/mkpasswd Contains the mkpasswd command.
/etc/passwd Contains basic user attributes.
/etc/security/passwd Contains user password attributes
/etc/security/lastlog Contains lastlog related attributes