Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ./../../../../../../usr/man/man8/useradd.8
Real path: /usr/share/man/man8/useradd.8
Zurück

'\" te .\" Portions Copyright (c) 2008, 2023, Oracle and/or its affiliates. .\" Copyright (c) 1989, AT&T. All rights reserved. .TH useradd 8 "14 Apr 2023" "Oracle Solaris 11.4" "System Administration Commands" .SH NAME useradd, roleadd, usermod, rolemod \- administer an existing or add a new user or role login to the system .SH SYNOPSIS .LP .nf \fBuseradd\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization...\fR]] [\fB-b\fR \fIbase_dir\fR | \fB-d\fR \fIdir\fR] [\fB-c\fR \fIcomment\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...] [\fB-K\fR \fIkey=value\fR] [\fB-m\fR [\fB-k\fR \fIskel_dir\fR]] [\fB-p\fR \fIprojname\fR] [\fB-z\fR \fByes\fR | \fBno\fR | \fBnodelegation\fR] [\fB-P\fR \fIprofile\fR[,\fIprofile...\fR]] [\fB-R\fR \fIrole\fR [,\fI role...\fR]] [\fB-s\fR \fIshell\fR] [\fB-S\fR \fIrepository\fR] [\fB-u\fR \fIuid\fR [\fB-o\fR]] \fIusername\fR .fi .LP .nf \fBuseradd\fR \fB-D\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization...\fR]] [\fB-b\fR \fIbase_dir\fR] [\fB-s\fR \fIshell\fR [\fB-k\fR \fIskel_dir\fR]] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-K\fR \fIkey=value\fR] [\fB-p\fR \fIprojname\fR] [\fB-P\fR \fIprofile\fR[,\fIprofile...\fR]] .fi .LP .nf \fBroleadd\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization...\fR]] [\fB-b\fR \fIbase_dir\fR | \fB-d\fR \fIdir\fR] [\fB-c\fR \fIcomment\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [,\fIgroup\fR]...] [\fB-K\fR \fIkey=value\fR] [\fB-m\fR [\fB-k\fR \fIskel_dir\fR]] [\fB-p\fR \fIprojname\fR] [\fB-z\fR \fByes\fR | \fBno\fR | \fBnodelegation\fR] [\fB-P\fR \fIprofile\fR[,\fIprofile...\fR]] [\fB-s\fR \fIshell\fR] [\fB-S\fR \fIrepository\fR] [\fB-u\fR \fIuid\fR [\fB-o\fR]] \fIrolename\fR .fi .LP .nf \fBroleadd\fR \fB-D\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization...\fR]] [\fB-b\fR \fIbase_dir\fR] [\fB-s\fR \fIshell\fR [\fB-k\fR \fIskel_dir\fR]] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-K\fR \fIkey=value\fR] [\fB-p\fR \fIprojname\fR] [\fB-P\fR \fIprofile\fR[,\fIprofile...\fR]] .fi .LP .nf \fBusermod\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization...\fR]] [\fB-d\fR \fIdir\fR] [\fB-c\fR \fIcomment\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [,\fIgroup\fR]...] [\fB-K\fR \fIkey=value\fR] [\fB-m\fR [\fB-k\fR \fIskel_dir\fR]] [\fB-p\fR \fIprojname\fR] [\fB-z\fR \fByes\fR | \fBno\fR | \fBnodelegation\fR] [\fB-P\fR \fIprofile\fR[,\fIprofile...\fR]] [\fB-R\fR \fIrole\fR [,\fI role...\fR]] [\fB-l\fR \fInew_username\fR] [\fB-q\fR \fIqualifier\fR] [\fB-s\fR \fIshell\fR] [\fB-S\fR \fIrepository\fR] [\fB-u\fR \fIuid\fR [\fB-o\fR]] \fIusername\fR .fi .LP .nf \fBrolemod\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization...\fR]] [\fB-d\fR \fIdir\fR] [\fB-c\fR \fIcomment\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [,\fIgroup\fR]...] [\fB-K\fR \fIkey=value\fR] [\fB-m\fR [\fB-k\fR \fIskel_dir\fR]] [\fB-p\fR \fIprojname\fR] [\fB-z\fR \fByes\fR | \fBno\fR | \fBnodelegation\fR] [\fB-P\fR \fIprofile\fR[,\fIprofile...\fR]] [\fB-l\fR \fInew_rolename\fR] [\fB-q\fR \fIqualifier\fR] [\fB-s\fR \fIshell\fR] [\fB-S\fR \fIrepository\fR] [\fB-u\fR \fIuid\fR [\fB-o\fR]] \fIrolename\fR .fi .SH DESCRIPTION .sp .LP The \fBuseradd\fR and \fBroleadd\fR utilities add a new user or role entry to the \fBpasswd\fR(5), \fBshadow\fR(5), and \fBuser_attr\fR(5) databases in the \fBfiles\fR or \fBldap\fR repository. .sp .LP The \fBusermod\fR and \fBrolemod\fR utilities modify a user's or role's login definition on the system. They change the definition of the specified login and make the appropriate login-related changes to the appropriate repository and corresponding file system changes. .sp .LP The \fB-A\fR and \fB-P\fR options respectively assign authorizations and profiles to the user or role. The \fB-R\fR option assigns roles to a user. (Roles cannot be assigned to other roles.) The \fB-p\fR option associates a project with a user or role. The \fB-K\fR option adds a \fIkey=value\fR pair to the \fBuser_attr\fR entry for the user or role. Multiple \fIkey=value\fR pairs may be added with multiple \fB-K\fR options. .sp .LP The \fB-G\fR option creates supplementary group memberships for the user or role. The \fB-m\fR option creates the home directory for the user or role if requested. The new login remains locked until the \fBpasswd\fR(1) command is executed. .sp .LP Specifying the \fB-D\fR to \fBuseradd\fR or \fBroleadd\fR with the \fB-s\fR, \fB-k\fR, \fB-g\fR, \fB-b\fR, \fB-f\fR, \fB-e\fR, \fB-A\fR, \fB-P\fR, \fB-p\fR, \fB-R\fR, or \fB-K\fR option (or any combination of these options) sets the default values for the respective fields. See the \fB-D\fR option, below. Subsequent \fBuseradd\fR or \fBroleadd\fR commands without the \fB-D\fR option use these arguments. .sp .LP Alternatively, default settings may be specified that are applied dynamically at run time. For accounts that are created using \fB-S\fR ldap, the default values for any of the \fB-K\fR attributes may be specified using \fB-S\fR ldap and the special value \fBdefault@\fR as the account name. The \fBdefault@\fR account is automatically locked since it is not intended to be used for logins. Additional default values may be specified in \fBpolicy.conf\fR(5). .sp .LP \fBuseradd\fR and \fBusermod\fR require that usernames be in the format described in \fBpasswd\fR(5). A warning message is displayed if these restrictions are not met. .sp .LP \fBroleadd\fR and \fBrolemod\fR require that role names be a string of no more than eight bytes consisting of characters from the set of alphabetic characters, numeric characters, period (\fB.\fR), underscore (\fB_\fR), and hyphen (\fB-\fR). The first character should be alphabetic and the name should contain at least one lower case alphabetic character. A warning message is written if these restrictions are not met. A future Solaris release might refuse to accept role names that do not meet these requirements. Role names must contain at least one character and must not contain a colon (\fB:\fR) or a newline (\fB\en\fR). .sp .LP When used with \fBusermod\fR or \fBrolemod\fR the \fB-A\fR, \fB-G\fR, \fB-K\fR, \fB-P\fR, and \fB-R\fR options may take a list of values to add or remove to the granted set using the \fI[+|-]\fR prefix. A prefix \fB+\fR adds the value to the existing set; a prefix \fB-\fR removes the value from the existing granted set. To remove all values an empty list must be specified using \fB''\fR, or any appropriate equivalent according to the shell in use. .sp .LP An administrator must be granted the User Management Profile to be able to create a new user or role. An administrator must be granted the User Security Profile to modify the security attributes for an existing user. To be able to modify the non-security attributes of an existing user requires the User Management Profile. The authorizations required to set the various fields in \fBpasswd\fR, \fBshadow\fR, and \fBuser_attr\fR can be found in \fBpasswd\fR(5), \fBshadow\fR(5), and \fBuser_attr\fR(5). The authorizations required to assign groups and projects can be found in \fBgroup\fR(5) and \fBproject\fR(5). .SH OPTIONS .sp .LP The following options are supported: .sp .ne 2 .mk .na \fB\fB-A\fR [+|-]\fIauthorization\fR\fR .ad .br .sp .6 .RS 4n One or more comma-separated authorizations defined in \fBauth_attr\fR(5). Only a user or role who has \fBgrant\fR rights to the authorization can assign it to an account. .RE .sp .ne 2 .mk .na \fB\fB-b\fR \fIbase_dir\fR\fR .ad .br .sp .6 .RS 4n The base directory for new login home directories (see the \fB-d\fR option below. When a new user account is being created, \fIbase_dir\fR must already exist unless the \fB-m\fR option or the \fB-d\fR option is also specified. .RE .sp .ne 2 .mk .na \fB\fB-c\fR \fIcomment\fR\fR .ad .br .sp .6 .RS 4n Any text string. It is generally a short description of the login, and is currently used as the field for the user's full name. This information is stored in the user's \fBpasswd\fR entry. .RE .sp .ne 2 .mk .na \fB\fB-d\fR \fIdir\fR | \fIserver\fR:\fIdir\fR\fR .ad .br .sp .6 .RS 4n Specifies the home directory path for the new user. If no server name is specified, the specified directory is maintained in the \fBpasswd\fR(5) database. .sp The optional server name specifies the host on which the home directory resides. Entries in this form depend on the automounter, and are maintained in the \fBauto_home\fR map. The path \fB/home/\fIusername\fR\fR is maintained in the \fBpasswd\fR(5) database. When the user subsequently references \fB/home/\fIusername\fR\fR, the automounter will mount the specified directory on \fB/home/\fIusername\fR\fR. .RE .sp .ne 2 .mk .na \fB\fB-D\fR\fR .ad .br .sp .6 .RS 4n Display the default values for \fBgroup\fR, \fBbase_dir\fR, \fBskel_dir\fR, \fBshell\fR, \fBinactive\fR, \fBexpire\fR, \fBproj\fR, \fBprojname\fR, \fBzfshome\fR, and \fBkey=value\fR pairs. When used with the \fB-g\fR, \fB-b\fR, \fB-f\fR, \fB-e\fR, \fB-A\fR, \fB-P\fR, \fB-p\fR, \fB-R\fR, or \fB-K\fR options, the \fB-D\fR option sets the default values for the specified fields. The default values are: .sp .TS tab( ) box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) . FIELD DEFAULT VALUE _ group \fBstaff\fR (\fBGID\fR of 10) _ base_dir \fB/export/home\fR _ skel_dir \fB/etc/skel\fR _ shell \fB/usr/bin/bash\fR _ inactive \fB0\fR _ expire null _ auths null _ profiles null _ auth_profiles null _ proj \fB3\fR _ projname \fBdefault\fR _ zfshome \fByes\fR _ T{ key=value (pairs defined in \fBuser_attr\fR(5)) T} not present _ roles null .TE .sp .RE .sp .ne 2 .mk .na \fB\fB-e\fR \fIexpire\fR\fR .ad .br .sp .6 .RS 4n Specify the expiration date for a login. After this date, no user will be able to access this login. The expire option argument is a date entered using one of the date formats included in the template file \fB/etc/datemsk\fR. See \fBgetdate\fR(3C). .sp If the date format that you choose includes spaces, it must be quoted. For example, you can enter \fB10/6/90\fR or \fBOctober 6, 1990\fR. A null value (\fB" "\fR) defeats the status of the expired date. This option is useful for creating temporary logins. .RE .sp .ne 2 .mk .na \fB\fB-f\fR \fIinactive\fR\fR .ad .br .sp .6 .RS 4n The maximum number of days allowed between uses of a login ID before that \fBID\fR is declared invalid. Normal values are positive integers. A value of \fB0\fR defeats the status. .RE .sp .ne 2 .mk .na \fB\fB-g\fR \fIgroup\fR\fR .ad .br .sp .6 .RS 4n An existing group's integer \fBID\fR or character-string name. Without the \fB-D\fR option, it defines the new user's primary group membership and defaults to the default group. You can reset this default value by invoking \fBuseradd\fR \fB-D\fR \fB-g\fR \fIgroup\fR. GIDs 0-99 are reserved for allocation by the Solaris Operating System. .RE .sp .ne 2 .mk .na \fB\fB-G\fR [+|-]\fIgroup\fR\fR .ad .br .sp .6 .RS 4n An existing group's integer \fBID\fR or character-string name. It defines the new user's supplementary group membership. Duplicates between \fIgroup\fR with the \fB-g\fR and \fB-G\fR options are ignored. No more than \fBNGROUPS_MAX\fR groups can be specified. GIDs 0-99 are reserved for allocation by the Solaris Operating System. .RE .sp .ne 2 .mk .na \fB\fB-K\fR \fIkey\fR[+|-]=\fIvalue\fR\fR .ad .br .sp .6 .RS 4n A \fIkey=value\fR pair to add to the user's attributes. Multiple \fB-K\fR options may be used to add multiple \fIkey=value\fR pairs. The generic \fB-K\fR option with the appropriate key may be used instead of the specific implied key options (\fB-A\fR, \fB-P\fR, \fB-R\fR, \fB-p\fR). See \fBuser_attr\fR(5) for a list of valid \fIkey=value\fR pairs. The "type" key is not a valid key for this option. Keys may not be repeated. .RE .sp .ne 2 .mk .na \fB\fB-k\fR \fIskel_dir\fR\fR .ad .br .sp .6 .RS 4n A directory that contains skeleton information (such as \fB.profile\fR) that can be copied into a new user's home directory. This directory must already exist. The system provides the \fB/etc/skel\fR directory that can be used for this purpose. .RE .sp .ne 2 .mk .na \fB\fB-m\fR\fR .ad .br .sp .6 .RS 4n Create the new user's home directory if it does not already exist. If the directory already exists, it must have read, write, and execute permissions by \fIgroup\fR, where \fIgroup\fR is the user's primary group. If the server name specified to the \fB-d\fR option is a remote host then the system will not attempt to create the home directory. .sp When the \fI-z\fR option is not passed and if the directory does not already exist and the parent directory is the mount point of a ZFS dataset, then a child of that dataset will be created and mounted at the specified location. The user is delegated permissions to create ZFS snapshots and promote them. The newly created dataset will inherit the encryption setting from its parent. If it is encrypted, the user is granted permission to change its wrapping key. .sp The newly created directory is created as multilevel dataset. .RE .sp .ne 2 .mk .na \fB\fB-l\fR \fInew_loginname\fR\fR .ad .br .sp .6 .RS 4n The new login name for a user or role. Only valid with usermod and rolemod. .RE .sp .ne 2 .mk .na \fB\fB-o\fR\fR .ad .br .sp .6 .RS 4n This option allows a \fBUID\fR to be duplicated (non-unique). .RE .sp .ne 2 .mk .na \fB\fB-P\fR [+|-]\fIprofile\fR\fR .ad .br .sp .6 .RS 4n One or more comma-separated execution profiles defined in \fBprof_attr\fR(5). .RE .sp .ne 2 .mk .na \fB\fB-p\fR \fIprojname\fR\fR .ad .br .sp .6 .RS 4n Name of the project with which the added user is associated. See the \fIprojname\fR field as defined in \fBproject\fR(5). .RE .sp .ne 2 .mk .na \fB\fB-q\fR \fIqualifier\fR\fR .ad .br .sp .6 .RS 4n The name of a host or netgroup which qualifies where the extended attributes (specified through the \fB-K\fR, \fB-P\fR, \fB-A\fR, and \fB-R\fR options) are applicable. The prefix \fB@\fR is required to indicate that the qualifier is a netgroup name. The \fB-q\fR option is only valid if the login account is maintained in the LDAP name service. .RE .sp .ne 2 .mk .na \fB\fB-R\fR [+|-]\fIrole\fR\fR .ad .br .sp .6 .RS 4n One or more comma-separated execution profiles defined in \fBuser_attr\fR(5). Roles cannot be assigned to other roles. .RE .sp .ne 2 .mk .na \fB\fB-s\fR \fIshell\fR\fR .ad .br .sp .6 .RS 4n Full pathname of the program used as the user's shell on login. If unspecified, it will default to any value previously configured with the \fB-D\fR \fB-s\fR option. If no default has been set with \fB-D\fR \fB-s\fR, then \fB/usr/bin/bash\fR will be used. The value of \fIshell\fR must be a valid executable file. .RE .sp .ne 2 .mk .na \fB\fB-z\fR \fIzfshome\fR\fR .ad .br .sp .6 .RS 4n Select if a new separate ZFS filesystem is created as the user/role home directory. The option can be set as the system wide default or set per user/role. .sp .ne 2 .mk .na \fByes\fR .ad .br .sp .6 .RS 4n User has their own ZFS filesystem with the \fBmount\fR, \fBcreate\fR, and \fBsnapshot\fR zfs allow delegations .RE .sp .ne 2 .mk .na \fBnodelegation\fR .ad .br .sp .6 .RS 4n User has their own ZFS filesystem but with no delegations .RE .sp .ne 2 .mk .na \fBno\fR .ad .br .sp .6 .RS 4n Users home is a simple directory .RE .RE .sp .ne 2 .mk .na \fB\fB-S\fR \fIrepository\fR\fR .ad .br .sp .6 .RS 4n The \fIrepository\fR specifies which name service will be updated. The valid repositories are \fBfiles\fR and \fBldap\fR. The default repository is \fBfiles\fR. When the repository is \fBfiles\fR, the authorizations, profiles, and roles can be present in other name service repositories and can be assigned to a user in the \fBfiles\fR repository. When the repository is \fBldap\fR, all the assignable attributes must be present in the \fBldap\fR repository, and both the LDAP server and client must be configured with \fBenableShadowUpdate\fR. See \fBldapclient\fR(8) for details. .RE .sp .ne 2 .mk .na \fB\fB-u\fR \fIuid\fR\fR .ad .br .sp .6 .RS 4n The \fBUID\fR of the new user. This \fBUID\fR must be a non-negative decimal integer below \fBMAXUID\fR as defined in \fB<sys/param.h>\fR. The \fBUID\fR defaults to the next available (unique) number above the highest number currently assigned. For example, if \fBUID\fRs 100, 105, and 200 are assigned, the next default \fBUID\fR number will be 201. \fBUID\fRs \fB0\fR-\fB99\fR are reserved for allocation by the Solaris Operating System. .RE .SH EXAMPLES .LP \fBExample 1\fR Creating a User .sp .LP The following command adds adds the user with the default configuration .sp .in +2 .nf # \fBuseradd jdoe\fR .fi .in -2 .sp .sp .LP This results in the system assigning the next available uid, the user will not have a home directory created for them. .LP \fBExample 2\fR Creating a User with a specified uid and create a local home directory .sp .LP The following command adds adds the user and creates their home directory in the default location .sp .in +2 .nf # \fBuseradd -u 1001 -m jdoe\fR .fi .in -2 .sp .LP \fBExample 3\fR Creating a User with a local home directory that is not a ZFS filesystem .sp .LP The following command adds adds the user and creates their home directory in the default location .sp .in +2 .nf # \fBuseradd -z no -m jdoe\fR .fi .in -2 .sp .sp .LP This results in new user with a directory in the default location as their home directory. .LP \fBExample 4\fR Set the system default for the type of home directory .sp .LP The following command sets the system wide default to be a directory rather than a per-user ZFS file system as the default home directory type. .sp .in +2 .nf # \fBuseradd -D -z no\fR .fi .in -2 .sp .LP \fBExample 5\fR Assigning Privileges to a User .sp .LP The following command adds the privilege that affects high resolution times to a user's initial, inheritable set of privileges. .sp .in +2 .nf # \fBusermod -K defaultpriv=basic,proc_clock_highres jdoe\fR .fi .in -2 .sp .sp .LP This command results in the following entry in \fBuser_attr\fR: .sp .in +2 .nf jdoe::::type=normal;defaultpriv=basic,proc_clock_highres .fi .in -2 .sp .LP \fBExample 6\fR Removing a Privilege from a User's Limit Set .sp .LP The following command removes the privilege that allows the specified user to create hard links to directories and to unlink directories. .sp .in +2 .nf # \fBusermod -K limitpriv=all,!sys_linkdir jdoe\fR .fi .in -2 .sp .sp .LP This command results in the following entry in \fBuser_attr\fR: .sp .in +2 .nf jdoe::::type=normal;defaultpriv=basic,limitpriv=all,!sys_linkdir .fi .in -2 .sp .LP \fBExample 7\fR Removing a Privilege from a User's Basic Set .sp .LP The following command removes the privilege that allows the specified user to examine processes outside the user's session. .sp .in +2 .nf # \fBusermod -K defaultpriv=basic,!proc_session jdoe\fR .fi .in -2 .sp .sp .LP This command results in the following entry in \fBuser_attr\fR: .sp .in +2 .nf jdoe::::type=normal;defaultpriv=basic,!proc_session;limitpriv=all .fi .in -2 .sp .LP \fBExample 8\fR Assigning a Role to a User .sp .LP The following command assigns a role to a user. The role must have been created prior to running this command. .sp .in +2 .nf # \fBusermod -R mailadm jdoe\fR .fi .in -2 .sp .sp .LP This command results in the following entry in \fBuser_attr\fR: .sp .in +2 .nf jdoe::::type=normal;roles=mailadm;defaultpriv=basic;limitpriv=all .fi .in -2 .sp .LP \fBExample 9\fR Granting Several Rights to a User .sp .LP The following command grants the \fBsolaris.zone.manage\fR authorization, Project Management rights profile, sets limit privilege to basic and assigns the \fBmailadm\fR role to the user. .sp .in +2 .nf # \fBusermod -A 'solaris.zone.manage' -P 'Project Management' \e -K limitpriv=basic -R mailadm -S files jdoe_ldap\fR .fi .in -2 .sp .sp .LP This command results in the following entry in \fBuser_attr\fR: .sp .in +2 .nf jdoe_ldap::::auths=solaris.zone.manage;profiles=ProjectManagement; limitpriv=basic;roles=mailadm .fi .in -2 .sp .LP \fBExample 10\fR Granting an Authenticated Rights Profile to a User .sp .LP The following command adds an authenticated rights profile to a trusted user. .sp .in +2 .nf # \fBusermod -K auth_profiles+="Network Security" jdoe\fR .fi .in -2 .sp .LP \fBExample 11\fR Removing All Profiles from a User .sp .LP The following command removes all profiles that were granted to a user directly. The user will still have any rights profiles that are granted by means of the \fBPROFS_GRANTED\fR key in \fBpolicy.conf\fR(5). .sp .in +2 .nf # \fBusermod -P "" jdoe\fR .fi .in -2 .sp .LP \fBExample 12\fR Set the root account to be a role .sp .LP Set the root account to be a role and assign the role to a user. .sp .in +2 .nf # \fBusermod -K type=role root\fR .fi .in -2 .sp .sp .in +2 .nf # \fBusermod -R +root jdoe\fR .fi .in -2 .sp .sp .LP This will change the root account to be a role and add the root role to any existing role assignments for the user jdoe. .LP \fBExample 13\fR Set the root account to be a direct login account .sp .LP Change the root account from being a role to a direct login account. .sp .in +2 .nf # \fBrolemod -K type=normal root\fR .fi .in -2 .sp .sp .LP This will change the root account to no longer be a role, so direct login to it on the console will be allowed. .LP \fBExample 14\fR Deleting a User .sp .LP Delete the user and remove their home directory. .sp .in +2 .nf # \fBuserdel -r jdoe\fR .fi .in -2 .sp .sp .LP This will remove the user entry from the passwd, shadow, group and user_attr databases, and will delete the users home directory and all of its content. .SH EXIT STATUS .sp .LP In case of an error, these commands print an error message and exit with one of the following values: .sp .ne 2 .mk .na \fB\fB1\fR\fR .ad .RS 6n .rt No permission for attempted operation. .RE .sp .ne 2 .mk .na \fB\fB2\fR\fR .ad .RS 6n .rt The command syntax was invalid. A usage message for the \fBusermod\fR command is displayed. .RE .sp .ne 2 .mk .na \fB\fB3\fR\fR .ad .RS 6n .rt An invalid argument was provided to an option. .RE .sp .ne 2 .mk .na \fB\fB4\fR\fR .ad .RS 6n .rt The \fIgid\fR or \fIuid\fR given with the \fB-u\fR option is already in use. .RE .sp .ne 2 .mk .na \fB\fB5\fR\fR .ad .RS 6n .rt The \fBpassword\fR and \fBshadow\fR files are not consistent with each other. \fBpwconv\fR(8) might be of use to correct possible errors. See \fBpasswd\fR(5) and \fBshadow\fR(5). .RE .sp .ne 2 .mk .na \fB\fB6\fR\fR .ad .RS 6n .rt The login to be modified does not exist, the \fIgid\fR or the \fIuid\fR does not exist. .RE .sp .ne 2 .mk .na \fB\fB7\fR\fR .ad .RS 6n .rt The \fBgroup\fR, \fBpasswd\fR, or \fBshadow\fR file is missing. .RE .sp .ne 2 .mk .na \fB\fB9\fR\fR .ad .RS 6n .rt A group or user name is already in use. .RE .sp .ne 2 .mk .na \fB\fB10\fR\fR .ad .RS 6n .rt Cannot update the \fBpasswd\fR, \fBshadow\fR, or \fBuser_attr\fR file. .RE .sp .ne 2 .mk .na \fB\fB11\fR\fR .ad .RS 6n .rt Insufficient space to move the home directory (\fB-m\fR option). .RE .sp .ne 2 .mk .na \fB\fB12\fR\fR .ad .RS 6n .rt Unable to create, remove, or move the new home directory. .RE .sp .ne 2 .mk .na \fB\fB13\fR\fR .ad .RS 6n .rt Requested login is already in use. .RE .sp .ne 2 .mk .na \fB\fB14\fR\fR .ad .RS 6n .rt Unexpected failure. .RE .sp .ne 2 .mk .na \fB\fB16\fR\fR .ad .RS 6n .rt Unable to update the group database. .RE .sp .ne 2 .mk .na \fB\fB17\fR\fR .ad .RS 6n .rt Unable to update the project database. .RE .sp .ne 2 .mk .na \fB\fB18\fR\fR .ad .RS 6n .rt Insufficient authorization. .RE .sp .ne 2 .mk .na \fB\fB19\fR\fR .ad .RS 6n .rt Does not have role. .RE .sp .ne 2 .mk .na \fB\fB20\fR\fR .ad .RS 6n .rt Does not have profile. .RE .sp .ne 2 .mk .na \fB\fB21\fR\fR .ad .RS 6n .rt Does not have privilege. .RE .sp .ne 2 .mk .na \fB\fB22\fR\fR .ad .RS 6n .rt Does not have label. .RE .sp .ne 2 .mk .na \fB\fB23\fR\fR .ad .RS 6n .rt Does not have group. .RE .sp .ne 2 .mk .na \fB\fB24\fR\fR .ad .RS 6n .rt System not running Trusted Extensions. .RE .sp .ne 2 .mk .na \fB\fB25\fR\fR .ad .RS 6n .rt Does not have project. .RE .sp .ne 2 .mk .na \fB\fB26\fR\fR .ad .RS 6n .rt Unable to update \fBauto_home\fR. .RE .SH FILES .sp .LP \fB/etc/datemsk\fR .sp .LP \fB/etc/passwd\fR .sp .LP \fB/etc/shadow\fR .sp .LP \fB/etc/group\fR .sp .LP \fB/etc/skel\fR .sp .LP \fB/usr/include/limits.h\fR .sp .LP \fB/etc/user_attr\fR .SH ATTRIBUTES .sp .LP See \fBattributes\fR(7) for descriptions of the following attributes: .sp .TS tab( ) box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Availability system/core-os _ Interface Stability Committed .TE .sp .SH SEE ALSO .sp .LP \fBauths\fR(1), \fBpasswd\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), \fBgetdate\fR(3C), \fBauth_attr\fR(5), \fBgroup\fR(5), \fBpasswd\fR(5), \fBprof_attr\fR(5), \fBproject\fR(5), \fBshadow\fR(5), \fBuser_attr\fR(5), \fBattributes\fR(7), \fBlabels\fR(7), \fBrbac\fR(7), \fBgroupadd\fR(8), \fBgroupdel\fR(8), \fBgroupmod\fR(8), \fBgrpck\fR(8), \fBlogins\fR(8), \fBpwck\fR(8), \fBpwconv\fR(8), \fBroledel\fR(8), \fBuserdel\fR(8) .sp .LP \fIManaging User Accounts and User Environments in Oracle Solaris 11.4\fR .sp .LP \fIWorking With Oracle Solaris 11.4 Directory and Naming Services: LDAP\fR .SH DIAGNOSTICS .sp .LP In case of an error, \fBuseradd\fR displays an error message and exits with a non-zero status. If the error occurred because LDAP is misconfigured, the error message is preceded by "LDAP configuration problem". .sp .LP The following indicates that \fBlogin\fR specified is already in use: .sp .in +2 .nf UX: useradd: ERROR: login is already in use. Choose another. .fi .in -2 .sp .sp .LP The following indicates that the \fIuid\fR specified with the \fB-u\fR option is not unique: .sp .in +2 .nf UX: useradd: ERROR: uid \fIuid\fR is already in use. Choose another. .fi .in -2 .sp .sp .LP The following indicates that the \fIgroup\fR specified with the \fB-g\fR option has not yet been created: .sp .in +2 .nf UX: useradd: ERROR: group \fIgroup\fR does not exist. Choose another. .fi .in -2 .sp .sp .LP The following indicates that the \fIuid\fR specified with the \fB-u\fR option is in the range of reserved \fBUID\fRs (from \fB0\fR-\fB99\fR): .sp .in +2 .nf UX: useradd: WARNING: uid \fIuid\fR is reserved. .fi .in -2 .sp .sp .LP The following indicates that the \fIuid\fR specified with the \fB-u\fR option exceeds \fBMAXUID\fR as defined in \fB<sys/param.h>\fR: .sp .in +2 .nf UX: useradd: ERROR: uid \fIuid\fR is too big. Choose another. .fi .in -2 .sp .sp .LP The following indicates that the \fB/etc/passwd\fR or \fB/etc/shadow\fR files do not exist: .sp .in +2 .nf UX: useradd: ERROR: Cannot update system files - login cannot be created. .fi .in -2 .sp .sp .LP The following indicates that the user executing the command does not have sufficient authorization to perform the operation: .sp .in +2 .nf UX: useradd: ERROR: Permission denied. .fi .in -2 .sp .sp .LP The following indicates that an invalid directory was specified in a \fBuseradd\fR command: .sp .in +2 .nf UX: \fIinvalid_directory\fR is not a valid directory. Choose another. .fi .in -2 .sp .SH NOTES .sp .LP These utilities add or modify definitions in the \fBpasswd\fR, \fBshadow\fR, \fBgroup\fR, \fBproject\fR, and \fBuser_attr\fR databases in the scope (default or specified). They will verify the uniqueness of the user name (or role) and user id and the existence of any group names specified against the external name service.