IBM SG24-5131-00 User Manual

IBM Certification Study Guide  AIX HACMP

The following sections describe various aspects of User ID Planning. 

One of the basic tasks any system administrator must perform is setting up 
user accounts and groups. All users require accounts to gain access to the 
system. Every user account must belong to a group. Groups provide an 
additional level of security and allow system administrators to manipulate a 
group of users as a single entity. 

For users of an HACMP for AIX cluster, system administrators must create 
duplicate accounts on each cluster node. The user account information 
stored in the /etc/passwd file, and in other files stored in the /etc/security 
directory, should be consistent on all cluster nodes. For example, if a cluster 
node fails, users should be able to log on to the surviving nodes without 
experiencing problems caused by mismatches in the user or group IDs.

System administrators typically keep user accounts synchronized across 
cluster nodes by copying the key system account and security files to all 
cluster nodes whenever a new account is created or an existing account is 
changed.Typically 

rdist

 or 

rcp

 is used, for that. On RS/6000 SP systems 

pcp

 

or 

supper

 are widely used. For C-SPOC clusters, the C-SPOC utility simplifies 

the cluster-wide synchronization of user accounts by propagating the new 
account or changes to an existing account across all cluster nodes 
automatically. 

The following are some common user and group management tasks, and are 
briefly explained in 8.8, “User Management” on page 178:

  • Listing all user accounts on all cluster nodes

  • Adding users to all cluster nodes

  • Changing characteristics of a user account on all cluster nodes

  • Removing a user account from all cluster nodes.

  • Listing all groups on all cluster nodes

  • Adding groups to all cluster nodes

  • Changing characteristics of a group on all cluster nodes

  • Removing a group from all cluster nodes