Task |
Description |
For Instructions, Go To |
---|---|---|
1. Customize User Initialization Files |
Optional. Set up user initialization files (.cshrc, .profile, .login), so you can provide new users with consistent environments. | |
2. Add a Group |
Optional. To help administer users, add groups by using the Groups main window. | |
3. Add a User Account |
Add a user account by using Admintool's Users main window. | |
4. Share the User's Home Directory |
Share the user's home directory, so the directory can be remotely mounted from the user's system. | |
5. Mount the User's Home Directory |
Manually mount the user's home directory on the user's system by using the mount command. |
You might find it useful to create a form like the one below to gather information about users before adding their accounts.
If you are using role-based access control, you will also need to list any roles, profiles, or authorizations intended for the user account. See "Role-Based Access Control" in System Administration Guide, Volume 2 for more information.
Item |
Description |
User Name: |
|
UID: |
|
Primary Group: |
|
Secondary Groups: |
|
Comment: |
|
Default Shell: |
|
Password Status and Aging: |
|
Home Directory Server Name: |
|
Home Directory Path Name: |
|
Mounting Method: |
|
Permissions on Home Directory: |
|
Mail Server: |
|
Department Name: |
|
Department Administrator: |
|
Manager: |
|
Employee Name: |
|
Employee Title: |
|
Employee Status: |
|
Employee Number: |
|
Start Date: |
|
Add to These Mail Aliases: |
|
Desktop System Name: |
|
Become superuser on the system where the users' home directories are created and shared.
Create a skeleton directory for each type of user.
# mkdir /shared-dir/skel/user-type |
shared-dir |
The name of a directory that is available to other systems on the network. |
user-type |
The name of a directory to store initialization files for a type of user. |
Copy the default user initialization files into the directories you created for different types of users.
# cp /etc/skel/local.cshrc /shared-dir/skel/user-type/.cshrc # cp /etc/skel/local.login /shared-dir/skel/user-type/.login # cp /etc/skel/local.profile /shared-dir/skel/user-type/.profile |
If the account has profiles assigned to it, then the user has to launch a special version of the shell called a profile shell to use commands (with any security attributes) that are assigned to the profile. There are three profile shells corresponding to the types of shells: pfsh (Bourne shell), pfcsh (C shell), and pfksh (Korn shell).
Edit the user initialization files for each user type and customize them based on your site's needs.
See "Customizing a User's Work Environment" for a detailed description on the ways to customize the user initialization files.
Set the permissions for the user initialization files.
# chmod 744 /shared-dir/skel/user-type/.* |
Verify the permissions for the user initialization files are correct with the ls -la command.
The following example customizes the C-shell user initialization file in the /export/skel/enduser directory designated for a particular type of user.
# mkdir /export/skel/enduser # cp /etc/skel/local.cshrc /export/skel/enduser/.cshrc (Edit .cshrc file-see "Example--.cshrc File ") # chmod 744 /export/skel/enduser/.* |
Verify that the following prerequisites are met. To use Admintool, you must:
Have a bit-mapped display monitor. The Admintool software can be used only on a system with a console that has a bit-mapped screen such as a standard display monitor that comes with a Sun workstation.
Be running an X Window environment such as CDE.
Be a member of the sysadmin group (group 14).
If you want to perform administration tasks on a system with an ASCII terminal as the console, use Solaris commands instead. See useradd(1M) for more information.
Start Admintool.
$ admintool & |
The Users main window appears.
The Users main window enables you to manage user account information.
Start Admintool, if it's not already running.
See "How to Start Admintool" for more information on starting Admintool.
Choose Groups from the Browse menu.
The Groups window appears.
Select Add from the Edit menu.
The Add window has several fields. If you need information to complete a field, click the Help button to see field definitions for this window.
Type the name of the new group in the Group Name text box.
Type the group ID for the new group in the Group ID text box.
The group ID should be unique.
(Optional) Type user names in the Members List text box.
The list of users will be added to the group. User names must be separated by commas.
Click OK.
The list of groups displayed in the Groups window is updated to include the new group.
The following example adds a group named users that has a group ID of 101.
(Optional) Fill out the user information data sheet on "User Information Data Sheet".
Start Admintool, if it's not already running.
See "How to Start Admintool" for more information.
Choose Add from the Edit menu.
The Add User window is displayed.
Fill in the Add User window.
If you need information to complete a field, click the Help button to see field definitions for this window.
Click OK.
The list of user accounts displayed in the Users main window is updated to include the new user account.
If you created a user's home directory, you must share the directory so the user's system can remotely mount it. See "How to Share a User's Home Directory" for detailed instructions.
If disk space is limited, you can set up a disk quota for the user in the file system containing the user's home directory. See "Managing Quotas (Tasks)" in System Administration Guide, Volume 2 for information on setting disk quotas.
The following example adds the user kryten to the system.
Become superuser on the system that contains the home directory.
Verify that the mountd daemon is running.
# ps -ef | grep mountd root 176 1 0 May 02 ? 0:19 /usr/lib/nfs/mountd |
The /usr/lib/nfs/mountd line shows whether the mountd daemon is running.
If the mountd daemon is not running, start it.
# /etc/init.d/nfs.server start |
List the file systems that are shared on the system.
# share |
Determine your next step based on whether the file system containing the user's home directory is already shared.
If the File System Containing the User's Home Directory Is ... |
Then ... |
---|---|
Already shared |
Go to the verification step below. |
Not shared |
Go to Step 6 |
Edit the /etc/dfs/dfstab file and add the following line.
share -F nfs /file-system |
file-system |
Is the file system containing the user's home directory that you need to share. By convention, the file system is /export/home. |
Share the file systems listed in the /etc/dfs/dfstab file.
# shareall -F nfs |
This command executes all the share commands in the /etc/dfs/dfstab file, so you do not have to wait to reboot the system.
Verify that a user's home directory is shared, as follows:
# share |
If the user's home directory is not located on the user's system, you have to mount the user's home directory from the system where it is located. See "How to Mount a User's Home Directory" for detailed instructions.
# ps -ef | grep mountd # /etc/init.d/nfs.server start # share # vi /etc/dfs/dfstab (The line share -F nfs /export/home is added.) # shareall -F nfs # share - /usr/dist ro "" - /export/home/user-name rw "" |
Make sure that the user's home directory is shared. See "How to Share a User's Home Directory" for more information.
Log in as superuser on the user's system.
Edit the /etc/vfstab file and create an entry for the user's home directory.
system-name:/export/home/user-name - /export/home/user-name nfs - yes rw |
system-name |
The name of the system where the home directory is located. |
/export/home/user-name |
The name of the user's home directory that will be shared. By convention, /export/home contains user's home directories; however, this could be a different file system. |
- |
Required placeholders in the entry. |
/export/home/user-name |
The name of the directory where the user's home directory will be mounted. |
See Chapter 36, Mounting and Unmounting File Systems (Tasks) for more information about adding an entry to the /etc/vfstab file.
Create the mount point for the user's home directory.
# mkdir -p /export/home/user-name |
Mount the user's home directory.
# mountall |
All entries in the current vfstab file (whose mount at boot fields are set to yes) are mounted.
Use the mount command to verify that the home directory is mounted.
# vi /etc/vfstab (The line venus:/export/home/ripley - /export/home/ripley nfs - yes rw is added.) # mkdir -p /export/home/ripley # mountall # mount / on /dev/dsk/c0t0d0s0 read/write/setuid/intr/largefiles/onerror=panic on Fri ... /usr on /dev/dsk/c0t0d0s6 read/write/setuid/intr/largefiles/onerror=panic on Fri ... /proc on /proc read/write/setuid on Fri Sep 10 16:09:48 1999 /dev/fd on fd read/write/setuid on Fri Sep 10 16:09:51 1999 /etc/mnttab on mnttab read/write/setuid on Fri Sep 10 16:10:06 1999 /var/run on swap read/write/setuid on Fri Sep 10 16:10:06 1999 /tmp on swap read/write/setuid on Fri Sep 10 16:10:09 1999 /export/home/ripley on venus:/export/home/ripley /read/write/remote on ... |