JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Managing User Accounts and User Environments in Oracle Solaris 11.1     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information


1.  Managing User Accounts and User Environments (Overview)

What's New or Changed in Managing User Accounts and User Environments?

Security Changes That Impact User Account Management

Introducing the User Manager GUI

Administrative Editor (pfedit)

/var/user/$USER Subdirectory

groupadd Command Changes

Failed Login Count Notification

What Are User Accounts and Groups?

User Account Components

User (Login) Names

User ID Numbers

Using Large User IDs and Group IDs

UNIX Groups

User Passwords

Home Directories

Naming Services

User's Work Environment

Guidelines for Assigning User Names, User IDs, and Group IDs

Where User Account and Group Information Is Stored

Fields in the passwd File

Default passwd File

Fields in the shadow File

Fields in the group File

Default group File

Commands for Obtaining User Account Information

Commands That Are Used for Managing Users, Roles, and Groups

Customizing a User's Work Environment

Using Site Initialization Files

Avoiding Local System References

Shell Features

Bash and ksh93 Shell History

Bash and ksh93 Shell Environment Variables

Customizing the Bash Shell

MANPATH Environment Variable

PATH Environment Variable

Setting Path Guidelines

Locale Variables

Default File Permissions (umask)

Customizing a User Initialization File

2.  Managing User Accounts by Using the Command-Line Interface (Tasks)

3.  Managing User Accounts by Using the User Manager GUI (Tasks)


What's New or Changed in Managing User Accounts and User Environments?

The following features are new or changed in this release:

Security Changes That Impact User Account Management

The following feat ures have changed in this release:

For more information, see Part III, Roles, Rights Profiles, and Privileges, in Oracle Solaris 11.1 Administration: Security Services.

Introducing the User Manager GUI

You can now set up and manage users, roles, and groups with the Oracle Solaris User Manager graphical user interface (GUI). The User Manager GUI is available in the desktop and is part of the Visual Panels project. The User Manager GUI replaces the Solaris Management Console GUI in this release. The tasks that you can perform with the User Manager GUI are essentially the same as those that can be performed by using the CLI, for example, the useradd, usermod, userdel, roleadd, rolemod, roledel commands.

For instructions on using the User Manager GUI, see Chapter 3, Managing User Accounts by Using the User Manager GUI (Tasks) and the online help.

Administrative Editor (pfedit)

An administrative editor (pfedit) can be used to edit system files in this release. If defined by the system administrator, the value of this editor is $EDITOR. If the editor is undefined, the editor defaults to the vi command.

Start the editor as follows:

$ pfedit system-filename

To edit system files by using the pfedit command, you or your role must have the solaris.admin.edit/system-filename authorization for the specific file that you are editing. Assigning this auth-sysfilename to an existing rights profile simplifies procedures that contain a mixture of Service Management Facility (SMF) commands and regular file edits. For example, if you are assigned the solaris.admin.edit/etc/security/audit_warn authorization, you can edit the audit_warn file.

The pfedit command can be used to edit most configuration files that are in the /etc directory, its subdirectories, and also application configuration files, for example, GNOME and Firefox files. The pfedit command cannot be used to edit system files that give a user power over a wide swath of a system, for example the ./etc/security/policy.conf file. You must have root access to edit such files. See the pfedit(1M) man page and Chapter 3, Controlling Access to Systems (Tasks), in Oracle Solaris 11.1 Administration: Security Services.

/var/user/$USER Subdirectory

Whenever a user logs in and successfully authenticates by using the pam_unix_cred module, a /var/user/$USER directory is explicitly created, if the directory does not already exist. This directory enables applications to store persistent data that is associated with a particular user on the host system. The /var/user/$USER directory is created upon initial credential establishment, as well during a secondary authentication when changing users by using the su, ssh, rlogin, and telnet commands. The /var/user/$USER directory does not require any administration. However, users should be aware of how the directory is created, its function, and that it is visible in the /var directory.

groupadd Command Changes

An administrator who has the authorization can create a group. At group creation, the system assigns the to the administrator, which gives the administrator complete control over that group. The administrator can then modify or delete that group, as needed. For more information, see the groupadd(1M) and groupmod(1M) man pages.

Failed Login Count Notification

The system now notifies users of failed authentication attempts, even if the user account is not configured to enforce failed logins. Users who fail to authenticate correctly, will see a message similar to following upon successful authentication:

Warning: 2 failed authentication attempts since last successful
authentication. The latest at Thu May 24 12:02 2012.

To suppress such notifications, create a ~/.hushlogin file.