AIX 不能创建 高权限ID 的 问题

今天碰到 问题了，帮用户创建 manage ID 的时候，碰到问题了。

结果发现是升级系统后的bug 下面说明一下解决方法：

There is a workaround you can use however. If a role is set up in RBAC

with enough authorization to run mkuser and set some of the account

characteristics, it will be enough to run smitty mkuser.

Here are the steps to set up a role for that and assign to a user

"testadm"

# mkrole

authorizations=aix.security.user.create.admin,aix.security.user.create.n

ormal mkuserauth

update the kernel security tables:

# setkst

Then assign that role to a user

# chuser roles=mkuserauth testadm

That user would be able to run smitty mkuser when they logged in and

switched into the role:

$ swrole mkuserauth

Those two authorizations will give them enough authority to run both

command line mkuser and smitty mkuser. They won't get ALL the

functionality, but the minimum they need until the problem can be fixed.