chuser

The chuser command is used to modify and lock or unlock a DS CLI or a DS Storage Manager user account. A CLI user with administrative authority uses this command to update a user account password, modify user group authority, or to lock or unlock a user account. Users that do not have administrator authority, use this command to change an expired password and create a password that is not known to the administrator who created their account. 

Read syntax diagramSkip visual syntax diagram
>>-chuser--+--------------------+--+--------+--+----------+----->
           '- -pw--new_password-'  '- -lock-'  '- -unlock-'   

>--+-------------------------------+--+-User Name-+------------><
   '- -group--group_name [ . . . ]-'  '-" - "-----'   

Parameters

Note: When a person with administrator authority designates the password, the password is set as expired upon its initial use. The user of the password is required to establish a new password using the chuser command before access to the rest of the DS CLI application is granted.
-pw new_password
(Optional) Specifies that a new password be assigned to the user.
Notes:
  1. When a person with administrator authority is using this parameter in association with the -unlock parameter, the new password is temporary and expires upon the initial use.
  2. When a person without administrator authority uses this parameter, the new password becomes their valid password and replaces their prior password.
new_password
The new password.
The new password and its usage must meet the following criteria:
  • Be six to 16 characters long.
  • Must contain five or more letters, and it must begin and end with a letter.
  • Must contain one or more numbers.
  • Cannot contain the user's user ID.
  • Is case-sensitive.
-lock
(Optional) Locks a user account.

Persons with administrator authority can use this parameter to lock a user account. The affect of this locking action is not enacted until the user authenticates their account. In other words, if a user is already active (authenticated) and using the DS CLI application, the lock does not take place until they log out of the application.

-unlock
(Optional) Unlocks a user account.
A person with administrator authority can use this parameter to unlock a user account when the user can no longer log into the DS CLI application. The reasons a user might not be able to log into the DS CLI application can include:
  • The user forgot their password and in an attempt to log in they went beyond the set number of allowable attempts. Going beyond the set limit locks the user account.
    Note: When unlocking a user account for this scenario, the administrator must also assign a new password to the user using the -pw parameter. The new password is temporary and immediately expires after its initial use. The administrator must notify the user of this new password.
  • Someone with administrator authority has locked the user account.
-group group_name […]
(Optional) The user's access authority group.
group_name […]
The following list provides the list choices that can be assigned to a user. Multiple names must be separated by commas. For example, op_copy_services,service.
admin
The administrator user group has access to all management console server service methods and all storage image resources.
op_storage
The storage operator user group has access to physical configuration service methods and resources, including storage complex, storage image, array, rank, and extent pool objects. This user group inherits all the authority of the op_copy_services and monitor user groups, excluding security methods.
op_volume
The volume operator user group has access to service methods and resources that relate to logical volumes, hosts, host ports, logical subsystems, logical volumes, and volume groups, excluding security methods. In addition, this user group inherits all authority of the monitor user group.
op_copy_services
The copy services operator user group has access to all Copy Services service methods and resources, excluding security methods. In addition, this user group inherits all authority of the monitor user group.
service
The service user group includes monitor authority, plus access to all management console server service methods and resources, such as performing code loads and retrieving problem logs.
monitor
The monitor user group has access to list and show commands. It provides access to all read-only, nonsecurity management console server service methods and resources.
no access
The no access user group does not have access to any service methods or storage image resources. By default, this user group is assigned to any user account in the security repository that is not associated with any other user group.
User Name |
(Required) The user account name.
Notes:
  1. The administrator inserts the name of the user account that is affected by the changes (group name, lock, or unlocking).
  2. Users who are changing their passwords insert their user account name.
If you specify the dash (-), this parameter information is automatically supplied.

Example (1750)

Invoking the chuser command
dscli>chuser -pw xy0abcde testuser
The resulting output
Date/Time: Sun Aug 11 02:23:49 PST 2004 IBM DS CLI Version: 5.0.0.0 
DS: IBM.1750-68FA120

User Name testuser successfully modified.
Parent topic: User account and security commands
Related tasks
Setting up user accounts using the DS CLI
Unlocking an administrative password
Unlocking a user account
Modifying user accounts
Logging into the DS CLI application
Related reference
mkuser
lsuser
managepwfile
rmuser
chpass
showpass
showuser
Library | Support | Terms of use | Feedback
© Copyright IBM Corporation 2004, 2007. All Rights Reserved.