smuser(1M)
NAME
smuser - manage user entries
SYNOPSIS
/usr/sadm/bin/smuser subcommand [ auth_args] --
[subcommand_args]
DESCRIPTION
The smuser command manages one or more user entries in the
local /etc filesystem or a NIS or NIS+ target name service.
subcommands
smuser subcommands are:
add Adds a new user entry to the appropriate files. You
can use a template and input file instead of supplying
the additional command line options. If you use a tem-
plate and command line options, the command line
options take precedence and override any conflicting
template values. To add an entry, the administrator
must have the solaris.admin.usermgr.write authoriza-
tion.
delete
Deletes one or more user entries from the appropriate
files. To delete an entry, the administrator must have
the solaris.admin.usermgr.write authorization. Note:
You cannot delete the system accounts with IDs less
than 100, or 60001, 60002, or 65534.
list Lists one more user entries from the appropriate
files. To list entries, the administrator must have
the solaris.admin.usermgr.read authorization.
modify
Modifies a user entry in the appropriate files. To
modify an entry, the administrator must have the
solaris.admin.usermgr.write authorization.
OPTIONS
The smuser authentication arguments, auth_args, are derived
from the smc(1M) arg set and are the same regardless of
which subcommand you use. The smuser command requires the
Solaris Management Console to be initialized for the command
to succeed (see smc(1M)). After rebooting the Solaris
Management Console server, the first Solaris Management Con-
sole connection might time out, so you might need to retry
the command.
The subcommand-specific options, subcommand_args, must come
after the auth_args and must be separated from them by the
-- option.
auth_args
The valid auth_args are -D, -H, -l, -p, -r, and -u; they are
all optional. If no auth_args are specified, certain
defaults will be assumed and the user may be prompted for
additional information, such as a password for authentica-
tion purposes. These letter options can also be specified by
their equivalent option words preceded by a double dash. For
example, you can use either -D or --domain with the domain
argument.
-D | --domain domain
Specifies the default domain that you want to manage.
The syntax of domain is type:/host_name/domain_name,
where type is nis, nisplus, dns, ldap, or file;
host_name is the name of the machine that serves the
domain; and domain_name is the name of the domain you
want to manage. (Note: Do not use nis+ for nisplus.)
If you do not specify this option, the Solaris Manage-
ment Console assumes the file default domain on what-
ever server you choose to manage, meaning that changes
are local to the server. Toolboxes can change the
domain on a tool-by-tool basis; this option specifies
the domain for all other tools.
-H | --hostname host_name:port
Specifies the host_name and port to which you want to
connect. If you do not specify a port, the system con-
nects to the default port, 898. If you do not specify
host_name:port, the Solaris Management Console con-
nects to the local host on port 898. You may still
have to choose a toolbox to load into the console. To
override this behavior, use the smc(1M) -B option, or
set your console preferences to load a "home toolbox"
by default.
-l | --rolepassword role_password
Specifies the password for the role_name. If you
specify a role_name but do not specify a
role_password, the system prompts you to supply a
role_password. Passwords specified on the command line
can be seen by any user on the system, hence this
option is considered insecure.
-p | --password password
Specifies the password for the user_name. If you do
not specify a password, the system prompts you for
one. Passwords specified on the command line can be
seen by any user on the system, hence this option is
considered insecure.
-r | --rolename role_name
Specifies a role name for authentication. If you do
not specify this option, no role is assumed.
-u | --username user_name
Specifies the user name for authentication. If you do
not specify this option, the user identity running the
console process is assumed.
-- This option is required and must always follow the
preceding options. If you do not enter the preceding
options, you must still enter the -- option.
subcommand_args
Note: Descriptions and other arg options that contain white
spaces must be enclosed in double quotes.
o For subcommand add:
-c comment
(Optional) Includes a short description of the
login, which is typically the user's name. Con-
sists of a string of up to 256 printable charac-
ters, excluding the colon (:).
-d dir
(Optional) Specifies the home directory of the
new user, limited to 1024 characters.
-e ddmmyyyy
(Optional) Specifies the expiration date for a
login. After this date, no user can access this
login. This option is useful for creating tem-
porary logins. Specify a null value (" ") to
indicate that the login is always valid. The
administrator must have the
solaris.admin.usermgr.pswd authorization.
-f inactive
(Optional) Specifies the maximum number of days
allowed between uses of a login ID before that
ID is declared invalid. Normal values are posi-
tive integers. Enter zero to indicate that the
login account is always active.
-F full_name
(Optional) Specifies the full, descriptive name
of the user. The full_name must be unique within
a domain and can contain alphanumeric characters
and spaces. If you use spaces, you must enclose
the full_name in double quotes.
-g group
(Optional) Specifies the new user's primary
group membership in the system group database
with an existing group's integer ID.
-G group1 -G group2 . . .
(Optional) Specifies the new user's supplemen-
tary group membership in the system group data-
base with the character string names of one or
more existing groups. Duplicates of groups
specified with the -g and -G options are
ignored.
-h (Optional) Displays the command's usage state-
ment.
-n login
Specifies the new user's login name. The login
name must be unique within a domain, contain
2-32 alphanumeric characters, begin with a
letter, and contain at least one lowercase
letter.
-P password
(Optional) Specifies up to an eight-character
password assigned to the user account. Note:
When you specify a password, you type the pass-
word in plain text. Specifying a password using
this method introduces a security gap while the
command is running. To set the password, the
administrator must have the
solaris.admin.usermgr.pswd authorization.
-s shell
(Optional) Specifies the full pathname (limited
to 1024 characters) of the program used as the
user's shell on login. Valid entries are a
user-defined shell, /bin/csh (C shell), bin/ksh
(Korn shell), and the default, /bin/sh (Bourne
shell).
-t template
(Optional) Specifies a template, created using
the User Manager tool, that contains a set of
pre-defined user attributes. You may have
entered a name service server in the template.
However, when a user is actually added with this
template, if a name service is unavailable, the
user's local server will be used for both the
Home Directory Server and Mail Server.
-u uid
(Optional) Specifies the user ID of the user you
want to add. If you do not specify this option,
the system assigns the next available unique
user ID greater than 100.
-x autohome=Y|N
(Optional) Sets the home directory to automount
if set to Y. The user's home directory path in
the password entry is set to /home/login name.
-x mail=mail_server
(Optional) Specifies the host name of the user's
mail server, and creates a mail file on the
server. Users created in a local scope must have
a mail server created on their local machines.
-x perm=home_perm
(Optional) Sets the permissions on the user's
home directory. perm is interpreted as an octal
number, and the default is 0775.
-x pwmax=days
(Optional) Specifies the maximum number of days
that the user's password is valid. The adminis-
trator must have the solaris.admin.usermgr.pswd
authorization.
-x pwmin=days
(Optional) Specifies the minimum number of days
between user password changes. The administrator
must have the solaris.admin.usermgr.pswd author-
ization.
-x pwwarn=days
(Optional) Specifies the number of days relative
to pwmax that the user is warned about password
expiration prior to the password expiring. The
administrator must have the
solaris.admin.usermgr.pswd authorization.
-x serv=homedir_server
(Optional) Specifies the name of the server
where the user's home directory resides. Users
created in a local scope must have their home
directory server created on their local
machines.
o For subcommand delete:
-h (Optional) Displays the command's usage state-
ment.
-n login1
Specifies the login name of the user you want to
delete.
-n login2 . . .
(Optional) Specifies the additional login
name(s) of the user(s) you want to delete.
o For subcommand list:
-h (Optional) Displays the command's usage state-
ment.
-l Displays the output for each user in a block of
key:value pairs (for example, user name:root)
followed by a blank line to delimit each user
block. Each key:value pair is displayed on a
separate line. The keys are: autohome setup,
comment, days to warn, full name,home directory,
home directory permissions, login shell, mail
server, max days change, max days inactive, min
days change, password expires, password type,
primary group, rights, roles, secondary groups,
server, user ID (UID), and user name.
-n login1
Specifies the login name of the user you want to
list.
-n login2 . . .
(Optional) Specifies the additional login
name(s) of the user(s) you want to list.
o For subcommand modify:
-a addrole1 -a addrole2 . . .
(Optional) Specifies the role(s) to add to the
user account. To assign a role to a user, the
administrator must have the solaris.role.assign
authorization or must have the
solaris.role.delegate authorization and be a
member of each of the roles specified.
-c comment
(Optional) Describes the changes you made to the
user account. Consists of a string of up to 256
printable characters, excluding the colon (:).
-d description
(Optional) Specifies the user's home directory,
limited to 1024 characters.
-e ddmmyyyy
(Optional) Specifies the expiration date for a
login in a format appropriate to the locale.
After this date, no user can access this login.
This option is useful for creating temporary
logins. Specify a null value (" ") to indicate
that the login is always valid.
-f inactive
(Optional) Specifies the maximum number of days
allowed between uses of a login ID before the ID
is declared invalid. Normal values are positive
integers. Specify zero to indicate that the
login account is always active.
-F full_name
(Optional) Specifies the full, descriptive name
of the user. The full_name must be unique within
a domain and can contain alphanumeric characters
and spaces. If you use spaces, you must enclose
the full_name in double quotes.
-g group
(Optional) Specifies the new user's primary
group membership in the system group database
with an existing group's integer ID.
-G group1 -G group2 . . .
(Optional) Specifies the new user's supplemen-
tary group membership in the system group data-
base with the character string names of one or
more existing groups. Duplicates of groups
specified with the -g and -G options are
ignored.
-h (Optional) Displays the command's usage state-
ment.
-n name
Specifies the user's current login name.
-N new_name
(Optional) Specifies the user's new login name.
The login name must be unique within a domain,
contain 2-32 alphanumeric characters, begin with
a letter, and contain at least one lowercase
letter.
-p addprof1 -p addprof2 . . .
(Optional) Specifies the profile(s) to add to
the user account. To assign a profile to a user,
the administrator must have the
solaris.profmgr.assign or
solaris.profmgr.delegate authorization.
-P password
(Optional) Specifies up to an eight-character
password assigned to the user account.
When you specify a password, you type the pass-
word in plain text. Specifying a password using
this method introduces a security gap while the
command is running.
-q delprof1 -q delprof2 . . .
(Optional) Specifies the profile(s) to delete
from the user account.
-r delrole1 -r delrole2 . . .
(Optional) Specifies the role(s) to delete from
the user account.
-s shell
(Optional) Specifies the full pathname (limited
to 1024 characters) of the program used as the
user's shell on login. Valid entries are a
user-defined shell, /bin/csh (C shell), bin/ksh
(Korn shell), and the default, /bin/sh (Bourne
shell).l)
-x autohome=Y|N
(Optional) Sets up the home directory to auto-
mount if set to Y. The user's home directory
path in the password entry is set to /home/login
name.
-x pwmax=days
(Optional) Specifies the maximum number of days
that the user's password is valid.
-x pwmin=days
(Optional) Specifies the minimum number of days
between password changes.
-x pwwarn=days
(Optional) Specifies the number of days relative
to pwmax that the user is warned about password
expiration before the password expires.
EXAMPLES
Example 1: Creating a new user account
The following creates a new user account on the local file
system. The account name is user1, and the full name is Joe
Smith. The comment field verifies that the account is for
Joe Smith. The system will assign the next available user ID
greater than 100 to this account. There is no password set
for this account, so when Joe Smith logs in for the first
time, he will be prompted to enter a password.
./smuser add -H myhost -p mypasswd -u root -- -F "Joe Smith" \
-n user1 -c "Joe's account"
Example 2: Deleting a user account
The following deletes the user1 account from the local file
system:
./smuser delete -H myhost -p mypasswd -u root -- -n user1
Example 3: Listing all user accounts
The following lists all user accounts on the local file sys-
tem in summary form:
./smuser list -H myhost -p mypasswd -u root --
Example 4: Modifying a user account
The following modifies the user1 account to default to a
Korn shell, and assigns the account to the qa_group secon-
dary group.
./smuser modify -H myhost -p mypasswd -u root -- -n user1 \
-s /bin/ksh -G qa_group
ENVIRONMENT VARIABLES
See environ(5) for a description of the JAVA_HOME environ-
ment variable, which affects the execution of the smuser
command. If this environment variable is not specified, the
/usr/java location is used. See smc(1M).
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 Invalid command syntax. A usage message displays.
2 An error occurred while executing the command. An
error message displays.
FILES
The following files are used by the smuser command:
/etc/aliases
Mail aliases. See aliases(4).
/etc/auto_home
Automatic mount points. See automount(1M).
/etc/group
Group file. See group(4).
/etc/passwd
Password file. See passwd(4).
/etc/security/policy.conf
Configuration file for security policy. See
policy.conf(4).
/etc/shadow
Shadow password file. See shadow(4).
/etc/user_attr
Extended user attribute database. See user_attr(4).
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWmga |
|_____________________________|_____________________________|
SEE ALSO
automount(1M), smc(1M), aliases(4), group(4), passwd(4),
policy.conf(4), shadow(4), user_attr(4), attributes(5),
environ(5)
Man(1) output converted with
man2html