|
System Administration Commands | roleadd(1M) |
| roleadd - administer a new role account on the system |
SYNOPSIS
| roleadd [-c comment] [-d dir] [-e expire] [-f inactive] [-g group] [ -G group [ , group ...] ] [ -m [-k skel_dir] ] [ -u uid [-o] ] [-s shell] [-A authorization [,authorization...] ] role |
| roleadd -D [-b base_dir] [-e expire] [-f inactive] [-g group] [-A authorization [,authorization...] ] [-P profile [,profile...] ] |
|
roleadd adds a role entry to the /etc/passwd and /etc/shadow and /etc/user_attr files. The -A and -P options
respectively assign authorizations and profiles to the role. Roles cannot
be assigned to other roles.
roleadd also creates supplementary group memberships
for the role (-G option) and creates the home directory
(-m option) for the role if requested. The new role account
remains locked until the passwd(1)
command is executed.
Specifying roleadd -D with the -g, -b, -f, or -e
option (or any combination of these option) sets the default values for
the respective fields. See the -D option. Subsequent roleadd commands without the -D option use these
arguments.
The system file entries created with this command have a limit of
512 characters per line. Specifying long arguments to several options can
exceed this limit.
The role (role) field accepts a string of no more
than eight bytes consisting of characters from the set of alphabetic characters,
numeric characters, period (.), underscore (_), and hyphen (-). The first character should
be alphabetic and the field should contain at least one lower case alphabetic
character. A warning message will be written if these restrictions are not
met. A future Solaris release may refuse to accept role fields that do not
meet these requirements.
The role field must contain at least one character
and must not contain a colon (:) or a newline (\n).
|
|
The following options are supported:
- -b base_dir
- The default base directory
for the system if -d dir is not
specified. base_dir is concatenated with the
account name to define the home directory. If the -m option
is not used, base_dir must exist.
- -c comment
- Any text string. It is generally a short description of
the role. This information is stored in the role's /etc/passwd entry.
- -d dir
- The home directory of the new role. It defaults to base_dir/account_name, where base_dir is the base directory for new login home directories
and account_name is the new role name.
- -D
- Display the
default values for group, base_dir, skel_dir, shell, inactive, and expire. When used with the -g, -b,
or -f, options, the -D option sets the
default values for the specified fields. The default values are:
- group
-
other (GID of 1)
- base_dir
-
/home
- skel_dir
-
/etc/skel
- shell
-
/bin/sh
- inactive
-
0
- expire
- Null
- auths
- Null
- profiles
- Null
- -e expire
- Specify the expiration date for a role. After this date,
no user will be able to access this role. The expire option argument is
a date entered using one of the date formats included in the template file /etc/datemsk. See getdate(3C).
If the date format that you choose includes spaces, it must be quoted.
For example, you can enter 10/6/90 or "October
6, 1990". A null value (" ") defeats the status
of the expired date. This option is useful for creating temporary roles.
- -f inactive
- The maximum number of days allowed between uses of a role
ID before that ID is declared invalid. Normal values are positive integers.
A value of 0 defeats the status.
- -g group
- An existing group's integer ID or character-string name.
Without the -D option, it defines the new role's primary
group membership and defaults to the default group. You can reset this default
value by invoking roleadd -D -g group.
- -G group
- An existing group's integer ID or character-string
name. It defines the new role's supplementary group membership. Duplicates
between group with the -g and -G options are ignored. No more than NGROUPS_MAX groups can be specified.
- -k skel_dir
- A directory that contains skeleton information (such as .profile) that can be copied into a new role's home directory.
This directory must already exist. The system provides the /etc/skel directory that can be used for this purpose.
- -m
- Create the
new role's home directory if it does not already exist. If the directory
already exists, it must have read, write, and execute permissions by group, where group is the role's
primary group.
- -o
- This option
allows a UID to be duplicated (non-unique).
- -s shell
- Full pathname of the program used as the user's shell on
login. It defaults to an empty field causing the system to use /bin/sh as the default. The value of shell
must be a valid executable file.
- -u uid
- The UID of the new role. This UID must be a non-negative decimal integer below MAXUID as defined in <sys/param.h>. The UID defaults to the next available (unique) number above the highest
number currently assigned. For example, if UIDs 100,
105, and 200 are assigned, the next default UID number
will be 201. (UIDs from 0-99 are reserved for possible use in future applications.)
|
|
/etc/datemsk
/etc/passwd
/etc/shadow
/etc/group
/etc/skel
/usr/include/limits.h
/etc/user_attr
|
|
See attributes(5)
for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Availability | SUNWcsu |
|
|
passwd(1)profiles(1)roles(1), users(1B), groupadd(1M), groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M), userdel(1M), usermod(1M), getdate(3C), auth_attr(4), passwd(4), prof_attr(4), user_attr(4), attributes(5)
|
|
In case of an error, roleadd prints an error message
and exits with a non-zero status.
The following indicates that login specified is
already in use:
|
UX: roleadd: ERROR: login is already in use. Choose another.
|
The following indicates that the uid specified
with the -u option is not unique:
|
UX: roleadd: ERROR: uid uid is already in use. Choose another.
|
The following indicates that the group
specified with the -g option is already in use:
|
UX: roleadd: ERROR: group group does not exist. Choose another.
|
The following indicates that the uid specified
with the -u option is in the range of reserved UIDs (from 0-99):
|
UX: roleadd: WARNING: uid uid is reserved.
|
The following indicates that the uid specified
with the -u option exceeds MAXUID as defined in <sys/param.h>:
|
UX: roleadd: ERROR: uid uid is too big. Choose another.
|
The following indicates that the /etc/passwd
or /etc/shadow files do not exist:
|
UX: roleadd: ERROR: Cannot update system files - login cannot be created.
|
|
|
If a network nameservice such as NIS
or NIS+ is being used to supplement the
local /etc/passwd file with additional entries, roleadd cannot change information supplied by the network nameservice.
|
| |