smgroup(1M)
NAME
smgroup - manage group entries
SYNOPSIS
/usr/sadm/bin/smgroup subcommand [ auth_args] --
[subcommand_args]
DESCRIPTION
The smgroup command manages one or more group definitions in
the group database for the appropriate files in the local
/etc files name service or a NIS or NIS+ name service.
The following smgroup subcommands are supported
add Adds a new group entry. To add an entry, the adminis-
trator must have the solaris.admin.usermgr.write
authorization.
delete
Deletes a group entry. You can delete only one entry
at a time. To delete an entry, the administrator must
have the solaris.admin.usermgr.write authorization.
Note: You cannot delete the system groups with IDs
less than 100, or the groups 60001, 60002, or 65534.
list Lists one or more group entries in the form of a
three-column list, containing the group name, group
ID, and group members, separated by colons (:). To
list entries, the administrator must have the
solaris.admin.usermgr.read authorization.
modify
Modifies a group entry. To modify an entry, the
administrator must have the
solaris.admin.usermgr.write authorization.
OPTIONS
The smgroup authentication arguments, auth_args, are derived
from the smc(1M) arg set and are the same regardless of
which subcommand you use. The smgroup command requires the
Solaris Management Console to be initialized for the command
to succeed (see smc(1M)). After rebooting the Solaris
Management Console server, the first Solaris Management Con-
sole connection might time out, so you might need to retry
the command.
The subcommand-specific options, subcommand_args, must come
after the auth_args and must be separated from them by the
-- option.
auth_args
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are
all optional. If no auth_args are specified, certain
defaults will be assumed and the user may be prompted for
additional information, such as a password for authentica-
tion purposes. These letter options can also be specified by
their equivalent option words preceded by a double dash. For
example, you can use either -D or --domain.
The following auth_args are supported:
-D | --domain domain
Specifies the default domain that you want to manage.
The syntax of domain is type:/host_name/domain_name,
where type is nis, nisplus, dns, ldap or file;
host_name is the name of the machine that serves the
domain; and domain_name is the name of the domain you
want to manage. (Note: Do not use nis+ for nisplus.)
If you do not specify this option, the Solaris Manage-
ment Console assumes the file default domain on what-
ever server you choose to manage, meaning that changes
are local to the server. Toolboxes can change the
domain on a tool-by-tool basis; this option specifies
the domain for all other tools.
-H | --hostname host_name:port
Specifies the host_name and port to which you want to
connect. If you do not specify a port, the system con-
nects to the default port, 898. If you do not specify
host_name:port, the Solaris Management Console con-
nects to the local host on port 898. You may still
have to choose a toolbox to load into the console. To
override this behavior, use the smc(1M) -B option, or
set your console preferences to load a "home toolbox"
by default.
-l | --rolepassword role_password
Specifies the password for the role_name. If you
specify a role_name but do not specify a
role_password, the system prompts you to supply a
role_password. Passwords specified on the command line
can be seen by any user on the system, hence this
option is considered insecure.
-p | --password password
Specifies the password for the user_name. If you do
not specify a password, the system prompts you for
one. Passwords specified on the command line can be
seen by any user on the system, hence this option is
considered insecure.
-r | --rolename role_name
Specifies a role name for authentication. If you do
not specify this option, no role is assumed.
-u | --username user_name
Specifies the user name for authentication. If you do
not specify this option, the user identity running the
console process is assumed.
-- This option is required and must always follow the
preceding options. If you do not enter the preceding
options, you must still enter the -- option.
subcommand_args
Descriptions and other argument options that contain white
spaces must be enclosed in double quotes.
The add subcommand supports the following subcommand_args:
-g gid
(Optional) Specifies the group ID for the new group.
The group ID must be a non-negative decimal integer
with a maximum value of 2MB (2,147,483,647). Group IDs
0-99 are reserved for the system and should be used
with care. If you do not specify a gid, the system
automatically assigns the next available gid. To max-
imize interoperability and compatibility, administra-
tors are recommended to assign groups using the range
of GIDs below 60000 where possible.
-h (Optional) Displays the command's usage statement.
-m group_member1 -m group_member2 . . .
(Optional) Specifies the new members to add to the
group.
-n group_name
Specifies the name of the new group. The group name
must be unique within a domain, contain 2-32
alphanumeric characters, begin with a letter, and con-
tain at least one lowercase letter.
The delete subcommand supports the following
subcommand_args:
-h (Optional) Displays the command's usage statement.
-n group_name
Specifies the name of the group you want to delete.
The list subcommand supports the following subcommand_args
-h (Optional) Displays the command's usage statement.
-n group_name
(Optional) Specifies the name of the group you want to
list. If you do not specify a group name, all groups
are listed.
The modify subcommand supports the following
subcommand_args
-h (Optional) Displays the command's usage statement.
-m group_member1 -m group_member2 . . .
(Optional) Specifies the new members to add to the
group. Note that group_member overwrites the existing
member list in the group file.
-n group_name
Specifies the name of the group you want to modify.
-N new_group
(Optional) Specifies the new group name. The group
name must be unique within a domain, contain 2-32
alphanumeric characters, begin with a letter, and con-
tain at least one lowercase letter.
EXAMPLES
Example 1: Creating a Test Group
The following creates the test_group group entry with a
group ID of 123 and adds test_member1 and test_member2 to
the group:
./smgroup add -H myhost -p mypasswd -u root -- -n test_group \
-m test_member1 -m test_member2 -g 123
Example 2: Deleting a Group
The following deletes test_group:
./smgroup delete -H myhost -p mypasswd -u root -- -n test_group
Example 3: Displaying All Groups
The following displays all groups in a three-column list
showing the group name, group ID, and group members:
./smgroup list -H myhost -p mypasswd -u root --
Example 4: Displaying a Group
The following displays the group_1 data in a three-column
list showing the group name, group ID, and group members:
./smgroup list -H myhost -p mypasswd -u root -- -n group_1
Example 5: Renaming a Group
The following renames a group from finance to accounting:
./smgroup modify -H myhost -p mypasswd -u root -- \
-n finance -N accounting
ENVIRONMENT VARIABLES
See environ(5) for a description of the JAVA_HOME environ-
ment variable, which affects the execution of the smgroup
command. If this environment variable is not specified, the
/usr/java location is used. See smc(1M).
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 Invalid command syntax. A usage message displays.
2 An error occurred while executing the command. An
error message displays.
FILES
The following files are used by the smgroup command:
/etc/group
Group file. See group(4).
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWmga |
|_____________________________|_____________________________|
SEE ALSO
smc(1M), group(4), attributes(5), environ(5)
Man(1) output converted with
man2html