rolemod(1M)




NAME

     rolemod - modify a role's login information on the system


SYNOPSIS

     rolemod [ -u uid [-o]] [-g group] [ -G group [ ,  group...]]
     [  -d dir  [-m]]  [-s shell]  [-c comment]  [-l new_name] [-
     f inactive] [-e expire]  [-A  authorization   [,  authoriza-
     tion]] [-P profile  [, profile]] role


DESCRIPTION

     The rolemod utility modifies a role's login  information  on
     the system. It changes the definition of the specified login
     and makes the appropriate login-related system file and file
     system changes.

     The system file entries created with  this  command  have  a
     limit  of 512 characters per line. Specifying long arguments
     to several options may exceed this limit.


OPTIONS

     The following options are supported:

     -A  authorization
           One or more comma separated authorizations  as  deined
           in  auth_attr(4).   Only role with grant rights to the
           authorization  can  assign  it  to  an  account.  This
           replaces any existing authorization setting.

     -c comment
           Specify a comment string.  comment  can  be  any  text
           string.  It  is  generally  a short description of the
           login, and is currently used  as  the  field  for  the
           user's  full  name.  This information is stored in the
           user's  /etc/passwd entry.

     -d dir
           Specify  the  new  home  directory  of  the  role.  It
           defaults  to   base_dir/login,  where  base_dir is the
           base directory for new login home directories, and
            login is the new login.

     -e expire
           Specify the expiration date for a  role.   After  this
           date,  no  role will be able to access this login. The
           expire option argument is a date entered using one  of
           the   date  formats  included  in  the  template  file
           /etc/datemsk. See getdate(3C).

           For example, you may  enter  10/6/90  or   October  6,
           1990.  A  value  of  ``  ''  defeats the status of the
           expired date.

     -f inactive
           Specify the maximum number  of  days  allowed  between
           uses  of  a  login ID before that login ID is declared
           invalid.  Normal values are positive integers. A value
           of 0 defeats the status.

     -g group
           Specify an existing group's integer ID  or  character-
           string  name.  It  redefines  the role's primary group
           membership.

     -G group
           Specify an existing group's integer "ID" "," or  char-
           acter  string name. It redefines the role's supplemen-
           tary group membership. Duplicates between  group  with
           the  -g and
            -G options are ignored.  No  more  than  NGROUPS_UMAX
           groups may be specified as defined in  <param.h>.

     -l new_logname
           Specify  the  new  login  name  for  the  role.    The
           new_logname  argument  is  a string no more than eight
           bytes consisting of characters from the set of  alpha-
           betic  characters,  numeric  characters,  period  (.),
           underline (_), and  hypen  (-).  The  first  character
           should  be  alphabetic and the field should contain at
           least one lower case alphabetic character.
            A warning message will be written if  these  restric-
           tions  are  not  met.   A  future  Solaris release may
           refuse to accept login fields that do not  meet  these
           requirements.   The  new_logname argument must contain
           at least one character and must not  contain  a  colon
           (:) or NEWLINE (\n).

     -m    Move the role's home directory to  the  new  directory
           specified  with  the   -d  option.  If  the  directory
           already   exists,    it    must    have    permissions
           read/write/execute  by   group,  where   group  is the
           role's primary group.

     -o    This option allows the specified UID to be  duplicated
           (non-unique).

     -P profile
           One or more comma-separated execution profiles defined
           in  auth_attr(4).   This replaces any existing profile
           setting.

     -s shell
           Specify the full pathname of the program that is  used
           as the role's shell on login. The value of  shell must
           be a valid executable file.

     -u uid
           Specify a new UID for the role.  It  must  be  a  non-
           negative  decimal  integer less than MAXUID as defined
           in  <param.h>. The UID associated with the role's home
           directory  is  not   modified with this option; a role
           will not have access to their home directory until the
           UID is manually reassigned using chown(1M).


OPERANDS

     The following operands are supported:

      login
           An existing login name to be modified.


EXIT STATUS

     In case of an error,  rolemod prints an  error  message  and
     exits with one of the following values:

      2    The command syntax was invalid. A  usage  message  for
           the  rolemod command is displayed.

     3     An invalid argument was provided to an option.

     4     The  uid given with the  -u option is already in use.

     5     The password files contain an error. pwconv(1M) can be
           used to correct possible errors. See passwd(4).

     6     The login to be modified does  not  exist,  the  group
           does not exist, or the login shell does not exist.

     8     The login to be modified is in use.

     9     The  new_logname is already in use.

     10    Cannot update the  /etc/group or /etc/user_attr  file.
           Other update requests will be implemented.

     11    Insufficient space to  move  the  home  directory  (-m
           option).  Other update requests will be implemented.

     12    Unable to complete the move of the home  directory  to
           the new home directory.


FILES

     /etc/group
           system file containing group definitions

     /etc/datemsk
           system file of date formats

     /etc/passwd
           system password file

     /etc/shadow
           system file containing  users'  and  roles'  encrypted
           passwords and related information

     /etc/usr_attr
           system  file  containing  additional   user  and  role
           attributes


ATTRIBUTES

     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|


SEE ALSO

     passwd(1), users(1B), chown(1M), groupadd(1M), groupdel(1M),
     groupmod(1M),     logins(1M),    pwconv(1M),    roleadd(1M),
     roledel(1M),    useradd(1M),    userdel(1M),    usermod(1M),
     getdate(3C), auth_attr(4), passwd(4), attributes(5)


Man(1) output converted with man2html