The following features are new or have changed in this release:
Creating user accounts – User account creation has changed in the following ways:
User accounts are created as individual ZFS file systems, which enables users to have their own file system and their own ZFS dataset. Every home directory that is created with the useradd and roleadd commands places the user's home directory on /export/home as an individual ZFS file system.
Starting with Oracle Solaris 11.2, user names and group names can be up to 32 characters. The 8 character limitation no longer exists.
The useradd command relies on the automount service, svc:/system/filesystem/autofs, to mount home directories. This service should never be disabled. Each home directory entry for a user in the passwd database uses the format, /home/username, which is an autofs trigger that is resolved by the automounter through the auto_home map.
The optional server name specifies the host on which the home directory resides. Entries in this form depend on the automounter and are maintained in the auto_home map. The path /home/username is maintained in the passwd database. When a user subsequently references /home/username, the automounter mounts the specified directory on /home/username. You can disable the autofs service if you do not specify home directory path names that include a server name or localhost.
Modifying user accounts – The usermod command works with LDAP and files. All security attributes can be assigned to a user by using this mechanism. For example, an administrator can add a role to a user's account by using the usermod command.
# roleadd -K roleauth=user -P "Network Management" netmgt # usermod -R +netmgt jdoe
See usermod(1M) for additional examples.
Creating and managing groups – An administrator who has the solaris.group.manage authorization can create a group. At group creation, the system assigns the solaris.group.assign/groupname authorization to the administrator, which gives the administrator complete control over that group. The administrator can then modify or delete that groupname, as needed. See the groupadd(1M) and groupmod(1M) man pages.
Creating and managing roles – You can create roles locally and in an LDAP repository. To create a role and assign an initial password, you must be assigned the User Management rights profile. For instructions on creating a role, see Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.2 .
User Manager GUI – The User Manager GUI is part of the Visual Panels project and is accessible from the desktop. The GUI replaces some of the functionality of the Solaris Management Console. See Chapter 3, Managing User Accounts by Using the User Manager GUI, in Managing User Accounts and User Environments in Oracle Solaris 11.2 .