rolemod(1M)
NAME
rolemod - modify a role's login information on the system
SYNOPSIS
rolemod [ -u uid [-o]] [-g group] [ -G group [ , group...]]
[ -d dir [-m]] [-s shell] [-c comment] [-l new_name] [-
f inactive] [-e expire] [-A authorization [, authoriza-
tion]] [-P profile [, profile]] role
DESCRIPTION
The rolemod utility modifies a role's login information on
the system. It changes the definition of the specified login
and makes the appropriate login-related system file and file
system changes.
The system file entries created with this command have a
limit of 512 characters per line. Specifying long arguments
to several options may exceed this limit.
OPTIONS
The following options are supported:
-A authorization
One or more comma separated authorizations as deined
in auth_attr(4). Only role with grant rights to the
authorization can assign it to an account. This
replaces any existing authorization setting.
-c comment
Specify a comment string. comment can be any text
string. It is generally a short description of the
login, and is currently used as the field for the
user's full name. This information is stored in the
user's /etc/passwd entry.
-d dir
Specify the new home directory of the role. It
defaults to base_dir/login, where base_dir is the
base directory for new login home directories, and
login is the new login.
-e expire
Specify the expiration date for a role. After this
date, no role will be able to access this login. The
expire option argument is a date entered using one of
the date formats included in the template file
/etc/datemsk. See getdate(3C).
For example, you may enter 10/6/90 or October 6,
1990. A value of `` '' defeats the status of the
expired date.
-f inactive
Specify the maximum number of days allowed between
uses of a login ID before that login ID is declared
invalid. Normal values are positive integers. A value
of 0 defeats the status.
-g group
Specify an existing group's integer ID or character-
string name. It redefines the role's primary group
membership.
-G group
Specify an existing group's integer "ID" "," or char-
acter string name. It redefines the role's supplemen-
tary group membership. Duplicates between group with
the -g and
-G options are ignored. No more than NGROUPS_UMAX
groups may be specified as defined in <param.h>.
-l new_logname
Specify the new login name for the role. The
new_logname argument is a string no more than eight
bytes consisting of characters from the set of alpha-
betic characters, numeric characters, period (.),
underline (_), and hypen (-). The first character
should be alphabetic and the field should contain at
least one lower case alphabetic character.
A warning message will be written if these restric-
tions are not met. A future Solaris release may
refuse to accept login fields that do not meet these
requirements. The new_logname argument must contain
at least one character and must not contain a colon
(:) or NEWLINE (\n).
-m Move the role's home directory to the new directory
specified with the -d option. If the directory
already exists, it must have permissions
read/write/execute by group, where group is the
role's primary group.
-o This option allows the specified UID to be duplicated
(non-unique).
-P profile
One or more comma-separated execution profiles defined
in auth_attr(4). This replaces any existing profile
setting.
-s shell
Specify the full pathname of the program that is used
as the role's shell on login. The value of shell must
be a valid executable file.
-u uid
Specify a new UID for the role. It must be a non-
negative decimal integer less than MAXUID as defined
in <param.h>. The UID associated with the role's home
directory is not modified with this option; a role
will not have access to their home directory until the
UID is manually reassigned using chown(1M).
OPERANDS
The following operands are supported:
login
An existing login name to be modified.
EXIT STATUS
In case of an error, rolemod prints an error message and
exits with one of the following values:
2 The command syntax was invalid. A usage message for
the rolemod command is displayed.
3 An invalid argument was provided to an option.
4 The uid given with the -u option is already in use.
5 The password files contain an error. pwconv(1M) can be
used to correct possible errors. See passwd(4).
6 The login to be modified does not exist, the group
does not exist, or the login shell does not exist.
8 The login to be modified is in use.
9 The new_logname is already in use.
10 Cannot update the /etc/group or /etc/user_attr file.
Other update requests will be implemented.
11 Insufficient space to move the home directory (-m
option). Other update requests will be implemented.
12 Unable to complete the move of the home directory to
the new home directory.
FILES
/etc/group
system file containing group definitions
/etc/datemsk
system file of date formats
/etc/passwd
system password file
/etc/shadow
system file containing users' and roles' encrypted
passwords and related information
/etc/usr_attr
system file containing additional user and role
attributes
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
SEE ALSO
passwd(1), users(1B), chown(1M), groupadd(1M), groupdel(1M),
groupmod(1M), logins(1M), pwconv(1M), roleadd(1M),
roledel(1M), useradd(1M), userdel(1M), usermod(1M),
getdate(3C), auth_attr(4), passwd(4), attributes(5)
Man(1) output converted with
man2html