What You Can Do With Solaris User Management Tools
The Solaris user management tools enable you to manage user accounts on a local system or in a name service environment.
This table describes the tasks you can do with Users Tool's User Accounts feature.
Table 3–5 User Account Management Tasks|
Task |
Description |
Background Information |
|---|---|---|
|
Add a user |
You can add a user to the local system or name service. |
What Are User Accounts and Groups? and Guidelines for Managing User Accounts |
|
Create a user Template |
You can create a template of pre-defined user attributes for creating users of the same group, such a users, contractors, or engineers. |
Same as above |
|
Add a user with a user template |
You can add a user with a template so that user attributes are pre-defined. |
Same as above |
|
Clone a user template |
Clone a user template if you would like to use a similar set of pre-defined user attributes. Then, change only some of the attributes as needed. |
Same as above |
|
Set up user properties |
You can set up user properties in advance of adding users such as whether a user template is used when adding a user and whether the home directory or mail box is deleted by default when removing a user. |
Same as above |
|
Add multiple users |
You can add multiple users to the local system or name service by specifying a text file, typing each name, or automatically generating a series of user names. |
Same as above |
|
View or change user properties |
You can view or change user properties like login shell, password, or password options. |
Same as above |
|
Assign rights to users |
You can assign rights to users that will allow them to perform specific administration tasks. |
Same as above |
|
Remove a user |
You can remove the user from the local system or the name service and optionally specify whether the user's home directory or mail is removed. The user is also removed from any groups or roles. |
Same as above |
Table 3–6 User Rights Management Tasks
|
Task |
Description |
Background Information |
|---|---|---|
|
Grant a right |
You can grant a user a right to run a specific command or application that was previously only available to an administrator. |
“RBAC Rights Profiles” in System Administration Guide: Security Services |
|
View or change existing rights Properties |
You can view or change existing rights. |
Same as above |
|
Add an authorization |
You can add an authorization, which is a discrete right granted to a role or a user. |
“RBAC Authorizations” in System Administration Guide: Security Services |
|
View or change an authorization |
You can view or change existing authorizations. |
Same as above |
Table 3–7 User Role Management Tasks
|
Task |
Description |
Background Information |
|---|---|---|
|
Add an administrative role |
You can add a role that someone would use to perform a specific administrative task. |
“RBAC Roles” in System Administration Guide: Security Services |
|
Assign rights to an administrative role |
You can assign specific rights to a role that enable someone to perform a task. |
Same as above |
|
Change an administrative role |
You can add or remove rights from a role. |
Same as above |
Table 3–8 Group Management Tasks
|
Task |
Description |
|
|---|---|---|
|
Add a group |
Add a group to the local system or name service so that the group name is available before you add the user. | |
|
Add a user to a group |
Add a user to a group if the user needs access to group-owned files. |
Same as above |
|
Remove a user from a group |
You can remove a user from a group if the user no longer requires group file access. |
Same as above |
Table 3–9 Project Management Tasks
|
Task |
Description |
Background Information |
|---|---|---|
|
Create or clone a project |
You can create a new project or clone an existing project if it has attributes similar to what you need for the new project. |
Solaris Management Console online help |
|
Modify or view project attributes |
You can view or change existing project attributes. |
Solaris Management Console online help |
|
Delete a project |
You can remove a project if it is no longer used. |
Solaris Management Console online help |
Table 3–10 Mailing List Management Tasks
|
Task |
Description |
Background Information |
|---|---|---|
|
Create a mailing list |
You can create a mailing list, which is a list of names for sending email messages. |
Solaris Management Console online help |
|
Change a mailing list name |
You can make changes to the mailing list after it is created. |
Solaris Management Console online help |
|
Remove a mailing list |
You can remove a mailing list if it is no longer used. |
Solaris Management Console online help |
Managing Home Directories With the Solaris Management Console
Keep the following in mind when using the Solaris Management Console tools to manage user home directories:
-
If you use the Users Tool's Add User Wizard to add a user account and you specify the user's home directory as /export/home/username, the home directory is automatically setup to be automounted, and the following entry is added to the passwd file:
/home/username
-
The only way you can use Users Tool to set up a user account that does not automount the home directory is to set up a user account template that disables this feature. Then, you can add users with this template. There is no way to disable this feature with the Add User Wizard.
-
You can use the smuser add command with the -x autohome=N option to add a user without automounting the user's home directory. However, there is no option to the smuser delete command to remove the home directory after the user is added. You would have to remove the user and the user's home directory with the Users Tool.
Modify User Accounts
Unless you define a user name or UID number that conflicts with an existing one, you should never need to modify a user account's login name or UID number. Use the following steps if two user accounts have duplicate user names or UID numbers:
-
If two user accounts have duplicate UID numbers, use the Users Tool to remove one account and re-add it with a different UID number. You cannot use the Users Tool to modify a UID number of an existing user account.
-
If two user accounts have duplicate user names, use the Users Tool to modify one of the accounts and change the user name.
If you do use the Users Tool to change a user name, the home directory's ownership is changed, if a home directory exists for the user.
One part of a user account that you can change is a user's group memberships. Select Properties from Users Tool's Action menu to add or delete a user's secondary groups. Alternatively, you can use the Groups Tool to directly modify a group's member list.
You can also modify the following parts of a user account:
-
Description (comment)
-
Login shell
-
Passwords and password options
-
Home directory and home directory access
-
Rights and roles
Delete User Accounts
When you delete a user account with the Users Tool, the software deletes the entries in the passwd and group files. In addition, you can delete the files in the user's home directory and mail directory.
Add Customized User Initialization Files
Although you cannot create customized user initialization files with the Users Tool, you can populate a user's home directory with user initialization files located in a specified “skeleton” directory. You can do this by creating a user template with the User Templates tool and specifying a skeleton directory from which to copy user initialization files.
You can customize the user initialization templates in the /etc/skel directory and then copy them to users' home directories.
Administer Passwords
You can use Users Tool for password administration, which includes the following capabilities:
-
Specifying a normal password for a user account
-
Enabling users to create their own passwords during their first login
-
Disabling or locking a user account
-
Specifying expiration dates and password aging information.
Note –
Password aging is not supported by the NIS name service.
Disable User Accounts
Occasionally, you might need to temporarily or permanently disable a login account. Disabling or locking a user account means that an invalid password, *LK*, is assigned to the user account, preventing future logins.
The easiest way to disable a user account is to lock the password for an account with Users Tool.
You can also enter an expiration date in the account availability section of the User Properties screen to set a limit on how long the account is active.
Other ways to disable a user account is to set up password aging or to change the user's password.
- © 2010, Oracle Corporation and/or its affiliates