Add Internal User (UNIX, Linux)
Use this page to add internally authenticated users and users who do not have accounts on the host operating system.
Prerequisites:
- For internal users, the OpenAdmin Tool (OAT) for Informix® requires IBM® Informix 11.70.
- To create users with database authentication, Informix 11.70.xC2 or later is required.
- For Informix 11.70.xC3 or later, the mapped user surrogates file must be set up before you can create internal users. Specify operating system (OS) user names, user IDs, group names, and group IDs in /etc/informix/allowed.surrogates to control which operating system users and groups can act as surrogates for mapped users.
Add users that the database server authenticates by checking their credentials with a hashed password that is stored by the database server. Grant database access to users by mapping each user to the appropriate user and group privileges, regardless of whether these users have operating system accounts on the database server host computer. The users can be mapped to either an operating system user name or an operating system user ID and one or more group IDs.
- Internal user
- Enter the user name for the internal user. For a user with OS authentication, enter the user name that is authenticated by the operating system or Pluggable Authentication Module (PAM).
- Administrative privileges
- Select the administrative privileges for the internal user. If the level of privileges for internal users (USERMAPPING) is not set to Administrative, the internal user cannot perform administrative operations, even if the user is mapped to a server administrator user or group ID.
- On UNIX, members of the bargroup group can execute ON–Bar commands.
- Define as default user
- Select this option to define the default user for internal users on this database server. Only one default user is defined. The default user must be defined if you add internal users that are authenticated by the database and not mapped to a specific operating system user or user group. The default user is assigned the name public.
- Authentication
- Select the method by which the internal user is authenticated.
- Database
- The user is internally authenticated by the database server.
- OS
- The user is authenticated by the operating system.
- Account access
- For a user who is authenticated by the database, specify whether the account is locked or unlocked. Access to the database server is enabled for unlocked users and disabled for locked users.
- Map the user name to an operating system user name or user ID
- Operating system user name
- Select this option to specify the user name of an existing operating system user on the host computer to map the internal user to.
- Operating system user ID (UID)
- Select this option to specify the UID of an existing operating system user on the host computer to map the internal user to. Also enter one or more GIDs.
- Group ID (GID)
- Enter the group ID of an existing database group to map the internal user to. When the user is mapped to an operating system name, one GID can be entered, optionally. When the user is mapped to a UID, one or more GIDs are required. Separate multiple GIDs with commas.
- Inherited Properties
- Select this option to specify that the internal user inherits user properties. A user who is authenticated by the database inherits the properties of the default user. A user who is authenticated by the operating system inherits the properties that are defined for the user by the operating system account.
- Server home directory
- Enter the directory in which the user files for the internal user are stored. If the directory exists, the database server ensures that it belongs to the mapped UID and GID and that it is not publicly writable. If a home directory is not specified, the database server creates the directory with the correct permissions under $INFORMIXDIR/users/username.
- Password
- Specify the password that the database server uses to authenticate the internal user. The database server authenticates the user by checking a hashed password that is stored in the SYSINTAUTHUSERS catalog table of the SYSUSER database.
- Show SQL
- Click to display the SQL statement.