Translating Linux for IBM i admins: User profile commands

Linux can run on an AS/400 partition, but without understanding the commands, an IBM i admin may give up. Learn about user profile commands on Linux from an IBM i admin, including how to change passwords and assign users to groups and subgroups.

It's not surprise to anyone reading this web site that the IBM i is the perfect command line operating system (OS). I have heard this comment from other IBM i administrators over the years. The thought that went into the design of the OS and the detail it was given is what helps make it so easy to manage and celebrate.

When you compare it to Linux and its command line structure, the IBM i looks (and is) absolutely perfect. Lets not beat around the bush here Linux and UNIX are powerful operating systems, but they lack a very polished feel when it comes to the command structure, and compared to the IBM i they are both very rough around the edges. As people we are pretty simple and the commands in the IBM i are really easy to remember and make sense.

Computing in general has to make sense logically in order for it to be adopted. The Apple iPod is an example of this: simple design, easy interface and portable. The IBM i falls into that same category. The commands and structure are easy to use, the prompting feature makes things even more simple, and once you grasp the command structure the OS becomes your best friend. You can make the IBM i do back flips and most administrators relish that power. But, while the IBM i is a great OS, sometimes your IT needs don't always call for the IBM i. You might fancy a little Linux to do something that the IBM i would in fact be a little bored with doing. Say you need a file server, an LDAP server, a quick SMTP mail relay or a nice little Web server, and Linux fits the bill. That's where this article comes in, to help explain the new world that is Linux on Power Systems.

When IBM i admins found out we could run Linux on a partition in our iSeries servers, it sounded grand. But, it was in fact an exercise in torture. The exciting part was now you were installing Linux on your new iSeries and on the bleeding edge of cool and technology, then the OS gave you a command prompt, you logged in as ROOT and soon learned the commands were uncultured and at times down right horrible.

You may have asked (like I did): Why would the developer of Linux not have used a more refined command structure for the OS? They were making a modern day OS using free bits along the way hoping it would all stick together. But, despite this, you might actually have a need for the Linux we all know and want to use because it is free. Free is awesome, until you have to type this:

find /usr/share/man/ -type f -ls | sort -k 7 -r -n | head -n 10

When we are used to commands like this:

WRKACTJOB SBS(QBATCH)

The command in the sample is a Linux command to find the commands with the longest "man" pages (short for manual pages). In the UNIX/Linux world, man pages are how you get help. In IBM i, you just hit F1 and help pops up. In Linux you just type man plus the command you want to know about. If you wanted to know more about the command "find," you would enter "man find" at the command prompt, then hit enter to get the details.

The second command in my code examples above is an IBM i command to find all of the active jobs for the subsystem QBATCH.

We all had this experience. At some point in all of our past we had an experience with UNIX and knew bits about it. I had gone so far as to get a UNIX certification from a local college in Atlanta. I loved the freedom of Linux, but would take my IBM i any day. At one point I considered building a shell for Linux that would emulate the IBM i's OS so that you could at least start Linux, install the iShell (that is what I was going to call it) then type in WRKACTJOB and get something that looked kind of like the screen you were used to. Sadly time and energy were not on my side and my iShell didn't get far. With the same idea, I have had it in my head to prepare a session for COMMON that presents the IBM i command you are used to and provides a way to pull out the same information from Linux – like a IBM i to Linux reference dictionary. But, this is not as easy to execute as it sounds. I recently had time and energy on my side, so let's get started.

Some of the UNIX commands, in fact many don't directly match up to anything on the IBM i side, so we will have to give best case examples so that the IBM i administrator can have some options in UNIX/Linux.

NOTE: I am going to assume you are either logged on as ROOT or have ROOT like privileges to your LINUX partition/install. The rule I give people is to "DO NOT ROOT AROUND TO MUCH". Root can get you in trouble, it's very powerful much like QSECOFR is.

User profiles in Linux on IBM i
One of the first commands any administrator has in his toolbox is to set up, change and remove user profiles.

On the IBM i the commands look like this:

CRTUSERPRF
WRKUSRPRF
DLTUSRPRF

This is pretty common and familiar, but on the Linux side they are a bit more involved and there is some detail worth explaining. In order to understand the commands, some background on the system is helpful. Once you get into Linux from the root directory you will notice a slew of other directories: "on," "in," "which," "is," "/etc." ETC (et-cee) is where the bulk of the system configuration and startup information resides. It's mostly owned by root or a group like root. User name and user information is kept in a file in the etc directory called passwd. So to see what I am talking about do the following:

$ cd /etc $ cat passwd

CAT is going to let you see then contents of the file "passwd". You might see something like this:


Click on image for larger version
The root of Linux


Click on image for larger version
The passwd file on Linux

So like most think in Linux they take some time to get used to looking at. This looks like a mess now but if you break down what is on the screen using the chart below, it should be more clear.

Clip from Linux
login name PW UID GID User Name User Home Dir Shell

The passwd file is where all the user IDs are stored, and you could just grab a text editor and start going to town adding new users, but there is a command for this:

useradd

Notice there is no password in the file and it's represented by an "X" or an "*" which is not the actual password.

Every user who has access to a Linux system needs a login and a password. Each user must belong to a primary group and for security or access purposes can belong to several secondary groups.

In order to create new logins, modify or delete users, you must already be logged in as root. The root login is the highest level and only certain individuals should have access to the root account.

Options for the command useradd:

  • -d users home directory
  • -s starting program or shell
  • -p users password
  • -g primary group assigned to the users
  • -G other groups the user belongs to
  • -m create the user's home directory

So, to add a new user with a primary group of users, a second group admins, starting shell /bin/bash, password abc123, home directory roger, create home directory, and a login name of "kraikkonen."

$ useradd -gusers -Gadmins -s /bin/shell -p fa$tcar$ -d /home/kraikkonen -m kraikkonen


Click on image for larger version

So what did we just do? We added the user "KRAIKKONEN" to the system. He is added to a group called "users" and is in a secondary group called "admins". His shell is /bin/bash or BASH. We set his password to "fa$tcar$". His home directory on the server is /home/kraikonen.

Now we'll look at our passwd file now and see what has been added.


Click on image for larger version

We can see our new addition in the passwd file. The new user KRAIKKONEN and DAVIDVASTA share a secondary group and you can see this with the 100 in the fourth set of data.

Let's also clarify that CAT /etc/passwd is about the same as WRKUSRPRF *PRINT. You can view all of your profiles on the either system this way. Once you get many Linux users, this command is helpful:

$ cat /etc/passwd | more

The cat command looks at the file "passwd", then takes that output and piping or | to the command "more" allows us to view the text one screen at a time.

Now that we have user we might need to change them, and of like on the IBM I we need a command. The Linux usermod command is similar to the CHGUSRPRF command, it modifies the existing user

Options for the command usermod:

  • -d home directory
  • -s starting program (shell)
  • -p password
  • -g primary group assigned to the users
  • -G other groups the user belongs to

To add the group "others" to the user roger

$ usermod -Gnewgroup kraikkonen

It is simple to make quick changes like adding a new group to the user KRAIKKONEN. With that last command we added a group called "newgroup."

The command userdel works much like DLTUSRPRF.

Options for userdel (deleting a user):

-r remove the users home directory

To remove the user KRAIKKONEN and his home directory

$ userdel -r kraikkonen

The passwd command is a multi-function command, kind of like the Swiss Army knife of the user management commands. Your average user can run this command to change his/her password on the system. Options for passwd (changes and password resets):

user's name (Only required if you are root and want to change another user's password)

To change the password for the account you are currently logged in as. So this is for the regular user to use at a command prompt...this is what it might look like:


Click on image for larger version

You can see in the example as a user I typed in "passwd" then it prompted me for my old or current password, then asked me for a new one. Of course I picked something simple and then had to pick a more complex password. It does not display the passwords when you are typing. I like this command as it tells you "Password changed."

Let's assume you need to change kraikkonen's password because he has forgotten it. All you have to do it tell the passwd command who you are changing:


Click on image for larger version

Also notice every time I do one of these changes I am reminding myself of who I am logged in as by using the command "whoami". It lets me see that I am logged in as either myself, davidvasta, or root. In order to change another user's password you need to be root or have write privileges to the passwd file (NOTE: This access and files varies with distributions).

As you can see, it's not easy to do a straightforward translation of IBM i commands to Linux, but I am hopeful that I have explained some of the user management commands on Linux well. More of these tips on other useful commands will follow.

ABOUT THE AUTHOR: David Vasta is the Lotus Notes Administration Team Lead over North America at  Atlas Copco.. He has 17 years of data center and iSeries experience working in companies such as IBM, REAL and Cingular. He writes a regular blog at System i blogger.
 

This was first published in March 2009

Dig deeper on Linux on iSeries

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchEnterpriseLinux

SearchDataCenter

Close