|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
System Administration Commands roleadd(1M)
NAME
roleadd - administer a new role account on the system
SYNOPSIS
roleadd [-c comment] [-d dir] [-e expire] [-f inactive] [-
g group] [ -G group [ , group...]] [ -m [-k skel_dir]] [
-u uid [-o]] [-s shell] [-A authorization [,authoriza-
tion...]] [-K key=value] role
roleadd -D [-b base_dir] [-e expire] [-f inactive] [-
g group] [-A authorization [,authorization...]] [-P profile
[,profile...] [-K key=value]]
DESCRIPTION
roleadd adds a role entry to the /etc/passwd and /etc/shadow
and /etc/user_attr files. The -A and -P options respectively
assign authorizations and profiles to the role. Roles cannot
be assigned to other roles. The -K option adds a key=value
pair to /etc/user_attr for a role. Multiple key=value pairs
can be added with multiple -K options.
roleadd also creates supplementary group memberships for the
role (-G option) and creates the home directory (-m option)
for the role if requested. The new role account remains
locked until the passwd(1) command is executed.
Specifying roleadd -D with the -g, -b, -f, -e, or -K option
(or any combination of these option) sets the default values
for the respective fields. See the -D option. Subsequent
roleadd commands without the -D option use these arguments.
The system file entries created with this command have a
limit of 512 characters per line. Specifying long arguments
to several options can exceed this limit.
The role (role) field accepts a string of no more than eight
bytes consisting of characters from the set of alphabetic
characters, numeric characters, period (.), underscore (_),
and hyphen (-). The first character should be alphabetic and
the field should contain at least one lower case alphabetic
character. A warning message is written if these restric-
tions are not met. A future Solaris release might refuse to
accept role fields that do not meet these requirements.
The role field must contain at least one character and must
not contain a colon (:) or a newline (\n).
OPTIONS
The following options are supported:
-A authorization
SunOS 5.10 Last change: 21 Feb 2006 1
System Administration Commands roleadd(1M)
One or more comma separated authorizations defined in
auth_attr(4). Only a user or role who has grant rights
to the authorization can assign it to an account
-b base_dir
The default base directory for the system if -d dir is
not specified. base_dir is concatenated with the account
name to define the home directory. If the -m option is
not used, base_dir must exist.
-c comment
Any text string. It is generally a short description of
the role. This information is stored in the role's
/etc/passwd entry.
-d dir
The home directory of the new role. It defaults to
base_dir/account_name, where base_dir is the base direc-
tory for new login home directories and account_name is
the new role name.
-D
Display the default values for group, base_dir,
skel_dir, shell, inactive, expire
and key=value pairs. When used with the -g, -b, -f, or
-K, options, the -D option sets the default values for
the specified fields. The default values are:
group other (GID of 1)
base_dir /home
skel_dir /etc/skel
SunOS 5.10 Last change: 21 Feb 2006 2
System Administration Commands roleadd(1M)
shell /bin/pfsh
inactive 0
expire Null
auths Null
profiles Null
key=value (pairsnotfpresent user_attr(4)
-e expire
Specify the expiration date for a role. After this date,
no user is able to access this role. The expire option
argument is a date entered using one of the date formats
included in the template file /etc/datemsk. See
getdate(3C).
If the date format that you choose includes spaces, it
must be quoted. For example, you can enter 10/6/90 or
October 6, 1990. A null value (" ") defeats the status
of the expired date. This option is useful for creating
temporary roles.
-f inactive
The maximum number of days allowed between uses of a
role ID before that ID is declared invalid. Normal
values are positive integers. A value of 0 defeats the
status.
-g group
An existing group's integer ID or character-string name.
SunOS 5.10 Last change: 21 Feb 2006 3
System Administration Commands roleadd(1M)
Without the -D option, it defines the new role's primary
group membership and defaults to the default group. You
can reset this default value by invoking roleadd -D -g
group.
-G group
An existing group's integer ID or character-string name.
It defines the new role's supplementary group member-
ship. Duplicates between group with the -g and -G
options are ignored. No more than NGROUPS_MAX groups can
be specified.
-k skel_dir
A directory that contains skeleton information (such as
.profile) that can be copied into a new role's home
directory. This directory must already exist. The system
provides the /etc/skel directory that can be used for
this purpose.
-K key=value
A key=value pair to add to the role's attributes. Multi-
ple -K options can be used to add multiple key=value
pairs. The generic -K option with the appropriate key
can be used instead of the specific implied key options
(-A and -P). See user_attr(4) for a list of valid
key=value pairs. The "type" key is not a valid key for
this option. Keys can not be repeated.
-m
Create the new role's home directory if it does not
already exist. If the directory already exists, it must
have read, write, and execute permissions by group,
where group is the role's primary group.
-o
This option allows a UID to be duplicated (non-unique).
SunOS 5.10 Last change: 21 Feb 2006 4
System Administration Commands roleadd(1M)
-P profile
One or more comma-separated execution profiles defined
in prof_attr(4).
-s shell
Full pathname of the program used as the user's shell on
login. It defaults to an empty field causing the system
to use /bin/pfsh as the default. The value of shell must
be a valid executable file.
-u uid
The UID of the new role. This UID must be a non-negative
decimal integer below MAXUID as defined in
<sys/param.h>. The UID defaults to the next available
(unique) number above the highest number currently
assigned. For example, if UIDs 100, 105, and 200 are
assigned, the next default UID number is 201. (UIDs from
0-99 are reserved for possible use in future applica-
tions.)
FILES
/etc/datemsk
/etc/passwd
/etc/shadow
/etc/group
/etc/skel
/usr/include/limits.h
/etc/user_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.10 Last change: 21 Feb 2006 5
System Administration Commands roleadd(1M)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
passwd(1), pfsh(1), profiles(1), roles(1), users(1B),
groupadd(1M), groupdel(1M), groupmod(1M), grpck(1M),
logins(1M), pwck(1M), userdel(1M), usermod(1M), getdate(3C),
auth_attr(4), passwd(4), prof_attr(4), user_attr(4), attri-
butes(5)
DIAGNOSTICS
In case of an error, roleadd prints an error message and
exits with a non-zero status.
The following indicates that login specified is already in
use:
UX: roleadd: ERROR: login is already in use. Choose another.
The following indicates that the uid specified with the -u
option is not unique:
UX: roleadd: ERROR: uid uid is already in use. Choose another.
The following indicates that the group specified with the -g
option is already in use:
UX: roleadd: ERROR: group group does not exist. Choose another.
The following indicates that the uid specified with the -u
option is in the range of reserved UIDs (from 0-99):
UX: roleadd: WARNING: uid uid is reserved.
The following indicates that the uid specified with the -u
option exceeds MAXUID as defined in <sys/param.h>:
UX: roleadd: ERROR: uid uid is too big. Choose another.
The following indicates that the /etc/passwd or /etc/shadow
files do not exist:
UX: roleadd: ERROR: Cannot update system files - login cannot be created.
NOTES
SunOS 5.10 Last change: 21 Feb 2006 6
System Administration Commands roleadd(1M)
If a network nameservice such as NIS or NIS+ is being used
to supplement the local /etc/passwd file with additional
entries, roleadd cannot change information supplied by the
network nameservice.
SunOS 5.10 Last change: 21 Feb 2006 7
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:26:31 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5209 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2884 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2492 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2408 hits)
(Suse Linux 10.1)
|
Man Pages 
