JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
System Administration Guide: Basic Administration
search filter icon
search icon

Document Information


1.  Oracle Solaris Management Tools (Road Map)

2.  Working With the Solaris Management Console (Tasks)

3.  Working With the Oracle Java Web Console (Tasks)

4.  Managing User Accounts and Groups (Overview)

What's New or Changed in Managing Users and Groups?

Tools for User Account and Group Account Management

What Are User Accounts and Groups?

User Account Components

User (Login) Names

User ID Numbers

Using Large User IDs and Group IDs

UNIX Groups

User Passwords

Home Directories

Name Services

User's Work Environment

Guidelines for Using User Names, User IDs, and Group IDs

Where User Account and Group Information Is Stored

Fields in the passwd File

Default passwd File

Fields in the shadow File

Fields in the group File

Default group File

Tools for Managing User Accounts and Groups

Tasks for Solaris User and Group Management Tools

Managing Users and Resources With Projects

Customizing a User's Work Environment

Customizing the Bash Shell

Using Site Initialization Files

Avoiding Local System References

Shell Features

Shell Environment

The PATH Variable

Setting Path Guidelines

Setting a User's Default Path

Locale Variables

Default File Permissions (umask)

User and Site Initialization Files Examples

5.  Managing User Accounts and Groups (Tasks)

6.  Managing Client-Server Support (Overview)

7.  Managing Diskless Clients (Tasks)

8.  Introduction to Shutting Down and Booting a System

9.  Shutting Down and Booting a System (Overview)

10.  Shutting Down a System (Tasks)

11.  Modifying Oracle Solaris Boot Behavior (Tasks)

12.  Booting an Oracle Solaris System (Tasks)

13.  Managing the Oracle Solaris Boot Archives (Tasks)

14.  Troubleshooting Booting an Oracle Solaris System (Tasks)

15.  x86: GRUB Based Booting (Reference)

16.  x86: Booting a System That Does Not Implement GRUB (Tasks)

17.  Working With the Oracle Solaris Auto Registration regadm Command (Tasks)

18.  Managing Services (Overview)

19.  Managing Services (Tasks)

20.  Managing Software (Overview)

21.  Managing Software With Oracle Solaris System Administration Tools (Tasks)

22.  Managing Software by Using Oracle Solaris Package Commands (Tasks)

23.  Managing Patches

A.  SMF Services


Tools for Managing User Accounts and Groups

The following table lists the recommended tools for managing users and groups. These tools are included in the Solaris Management Console suite of tools. For information about starting and using the Solaris Management Console, see Chapter 2, Working With the Solaris Management Console (Tasks).

Table 4-8 Tools for Managing Users and Groups

Solaris Management Tool
Manage users accounts
User Templates
Create a set of attributes for a specific kind of user like students, engineers, or instructors
Manage RBAC rights
Administrative Roles
Manage RBAC administrative roles
Manage group information
Manage project information
Mailing Lists
Manage mailing lists

Use the Solaris Management Console online help for information on performing these tasks.

For information on the Solaris commands that can be used to manage user accounts and groups, see Table 1-5. These commands provide the same functionality as the Solaris management tools, including authentication and name service support.

Tasks for Solaris User and Group Management Tools

The Solaris user management tools enable you to manage user accounts and groups on a local system or in a name service environment.

This table describes the tasks that you can perform with the Users tool's User Accounts feature.

Table 4-9 Task Descriptions for User Accounts Tool

Add a user.
Adds a user to the local system or name service.
Create a user template.
Creates a template of predefined user attributes for creating users of the same group, such as students, contractors, or engineers.
Add a user with a user template.
Adds a user with a template so that user attributes are predefined.
Clone a user template.
Clones a user template if you would like to use a similar set of predefined user attributes. Then, change only some of the attributes as needed.
Set up user properties.
Sets up user properties in advance of adding users. Properties include specifying whether a user template is used when adding a user, and whether the home directory or mail box is deleted by default when removing a user.
Add multiple users.
Adds multiple users to the local system or name service by specifying a text file, typing each name, or automatically generating a series of user names.
View or change user properties.
Displays or changes user properties such as login shell, password, or password options.
Assign rights to users.
Assigns RBAC rights to users that will allow them to perform specific administration tasks.
Remove a user.
Removes the user from the local system or the name service. Optionally, you can also specify whether the user's home directory or mailbox is removed. The user is also removed from any groups or roles.

For information about adding a user to the local system or name service, see What Are User Accounts and Groups? and User Account Components.

Table 4-10 Task Descriptions for Rights Tool

Grant a right.
Grants a user a right to run a specific command or application that was previously only available to an administrator.
View or change existing rights properties.
Displays or changes existing rights.
Add an authorization.
Adds an authorization, which is a discrete right granted to a role or a user.
View or change an authorization.
Displays or changes existing authorizations.

For more information on granting rights to users, see Contents of Rights Profiles in System Administration Guide: Security Services.

Table 4-11 Task Descriptions for Administrative Roles Tool

Add an administrative role.
Adds a role that someone would use to perform a specific administrative task.
Assign rights to an administrative role.
Assigns specific rights to a role that enable someone to perform a task.
Change an administrative role.
Adds or removes rights from a role.

For more information on using administrative roles, see How to Plan Your RBAC Implementation in System Administration Guide: Security Services.

Table 4-12 Task Descriptions for Groups Tool

Add a group.
Adds a group to the local system or name service so that the group name is available before you add the user.
Add a user to a group.
Adds a user to a group if the user needs access to group-owned files.
Remove a user from a group.
Removes a user from a group if the user no longer requires group file access.

For information on adding users to groups, see UNIX Groups.

Table 4-13 Task Descriptions for Mailing Lists Tool

Create a mailing list.
Creates a mailing list, which is a list of user names for sending email messages.
Change a mailing list name.
Changes the mailing list after it is created.
Remove a mailing list.
Removes a mailing list if it is no longer used.

For information on creating mailing lists, see the Solaris Management Console online help.

Table 4-14 Task Descriptions for Projects Tool

Create or clone a project.
Creates a new project or clones an existing project if the existing project has attributes similar to what you need for the new project.
Modify or view project attributes.
Displays or changes existing project attributes.
Delete a project.
Removes a project if the project is no longer used.

Managing Users and Resources With Projects

Users and groups can be members of a project, an identifier that indicates a workload component that can be used as the basis of system usage or resource allocation charge-back. Projects are part of the Solaris resource management feature that is used to manage system resources.

Users need to be a member of a project to successfully log in to a system running the Solaris 9 release. By default, users are a member of the group.staff project when the Solaris 9 release is installed and no other project information is configured.

User project information is stored in the /etc/project file, which can be stored on the local system (files), the NIS name service, or the LDAP directory service. You can use the Solaris Management Console to manage project information.

The /etc/project file must exist for users to log in successfully, but requires no administration if you are not using projects.

For more information on using or setting up projects, see Chapter 2, Projects and Tasks (Overview), in System Administration Guide: Oracle Solaris Containers-Resource Management and Oracle Solaris Zones.