Setting Up User Accounts

Gathering User Information

You can create a form such as the following to gather information about users before adding their accounts.

Item	Description
User Name:
Role Name:
Profiles or Authorizations:
UID:
Primary Group:
Secondary Groups:
Comment:
Default Shell:
Password Status and Aging:
Home Directory Path Name:
Mounting Method:
Permissions on Home Directory:
Mail Server:
Department Name:
Department Administrator:
Manager:
Employee Name:
Employee Title:
Employee Status:
Employee Number:
Start Date:
Add to These Mail Aliases:
Desktop System Name:

How to Customize User Initialization Files

Become the root user.
```
$ su -
Password: 
#
```
Note - This method works whether root is a user or a role.
Create a skeleton directory for each type of user.
```
# mkdir /shared-dir/skel/user-type
```
shared-dir

The name of a directory that is available to other systems on the network.

user-type

The name of a directory to store initialization files for a type of user.
Copy the default user initialization files into the directories that you created for different types of users.
Edit the user initialization files for each user type and customize them based on your site's needs.
For a detailed description on the ways to customize the user initialization files, see Customizing a User's Work Environment.
Set the permissions for the user initialization files.
```
# chmod 744 /shared-dir/skel/user-type/.*
```
Verify that the permissions for the user initialization files are correct.
```
# ls -la /shared-dir/skel/*
```

How to Set Account Defaults

Become the root user..

List the user defaults.

# useradd -D
group=staff,10  project=default,3  basedir=/home  
skel=/etc/skel  shell=/bin/sh  inactive=0  
expire=  auths=  profiles=  roles=  limitpriv=  
defaultpriv=  lock_after_retries=

Change the default home directory.
```
# useradd -D -b /export/home
```
For the command options, see the roleadd(1M) man page.

List the new user defaults.

# useradd -D
group=staff,10  project=default,3  basedir=/export/home  
skel=/etc/skel  shell=/bin/sh  inactive=0  
expire=  auths=  profiles=  roles=  limitpriv=  
defaultpriv=  lock_after_retries=

Example 2-1 Changing the Account Defaults for All Roles

In this example, the administrator has customized a roles directory . The administrator changes the default home directory and skeleton directory for all roles. The

# roleadd -D
group=other,1  project=default,3  basedir=/home  
skel=/etc/skel  shell=/bin/pfsh  inactive=0  
expire=  auths=  profiles=All  limitpriv=  
defaultpriv=  lock_after_retries=
# roleadd -D -b /export/home -k /etc/skel/roles
# roleadd -D
group=staff,10  project=default,3  basedir=/export/home  
skel=/etc/skel/roles  shell=/bin/sh  inactive=0  
expire=  auths=  profiles=  roles=  limitpriv=  
defaultpriv=  lock_after_retries=

Future uses of the roleadd command create home directories in /export/home, and populate the roles' environment from the /etc/skel/roles directory.

How to Add a User

Become the root user.
Create a local user.
Use the defaults that you modified in How to Set Account Defaults.
```
# useradd -m username
```
useradd

Creates an account for the specified user.

-m

Creates a local home directory on the system for the specified user.

Note - The account is locked until you assign the user a password.
Assign the user a password.
```
$ passwd username
New password: Type user password
Re-enter new password: Retype password
```
For more command options, see the useradd(1M) and passwd(1) man pages.

How to Delete a User

Become the root user.
```
$ su -
Password: 
#
```
Note - This method works whether root is a user or a role.
Archive the user's home directory.
Run one of the following commands:
- If the user has a local home directory, delete the user and the home directory.
```
# userdel -r username
```
  usesrdel
  
  Deletes the account of the specified user.
  
  -r
  
  Removes the account from the system.
- Otherwise, delete the user only.
```
# userdel username
```
  You must manually delete the user's home directory on the remote server.
For a full list of command options, see the userdel(1M) man page.

How to Add a Role

Become the root user.
Create a local role.
Use the defaults that you modified in Example 2-1.
```
# roleadd -m rolename
```
roleadd

Administers a new role on the system.

-m

Creates the new role's home directory, if one does not already exist.

The account is locked until you assign the role a password.
Assign the role a password.
```
$ passwd rolename
New password: Type role password
Re-enter new password: Retype password
```
For more command options, see the roleadd(1M) and passwd(1) man pages.

Example 2-2 Creating a Role That Mounts a Remote Home Directory

In this example, a central server contains the home directories of users and roles. The administrator creates a role, but does not specify the home directory.

# roleadd -D
group=other,1  project=default,3  basedir=/export/home
skel=/etc/skel/roles  shell=/bin/pfsh  inactive=0 
expire=  auths=  profiles=All  limitpriv=
defaultpriv=  lock_after_retries=

# roleadd audcontrol

Because no home directory was specified, no local home directory exists.

# ls /export/home
jdoe/ kdoe/ ldoe/

How to Add a Group

Become the root user.

List the existing groups.

# cat /etc/group
root::0:
other::1:root
bin::2:root,daemon
sys::3:root,bin,adm
adm::4:root,daemon
uucp::5:root
mail::6:root
tty::7:root,adm
lp::8:root,adm
nuucp::9:root
staff::10:
daemon::12:root
sysadmin::14:
...
unknown::96:
nobody::60001:
noaccess::60002:
nogroup::65534:
pkg5srv::97:

Create a new group.
```
$ groupadd -g 18 exadata
```
groupadd

Creates a new group definition on the system by adding the appropriate entry to the /etc/group file.

-g

Assigns the group ID for the new group.

For more information, see the groupadd(1M) man page.

Example 2-3 Adding a Group and User With the groupadd and useradd Commands

The following example shows how to use the groupadd and useradd commands to add the group scutters and the user scutter1 to files on the local system. These commands cannot be used to manage users in a name service environment.

# groupadd -g 102 scutters
# useradd -u 1003 -g 102 -d /export/home/scutter1 -s /bin/csh \ -c "Scutter 1" -m -k /etc/skel scutter1
64 blocks

For more information, see the groupadd(1M) and useradd(1M) man pages.

How to Share a User's Home Directory

The following procedure shows how to share a user's home directory. Prior to this task, the user's home directory was created as a ZFS file system, as follows:

# zfs create -p -o mountpoint=/export/home/ripley rpool/export/home/username

Become the root user.
Enable the sharenfs property on the file system that is to be shared.
```
# share
- /export/home/username rw ""
```

Manually Mounting a User's Home Directory.

User accounts that are created as ZFS file systems do not typically need to be manually mounted. With ZFS, file systems are automounted when they are created and then mounted at boot time from the SMF local file system service.

When creating user accounts, make sure that home directories are set up as they are in the name service, at /home/username. Then, make sure that the auto_home map indicates the NFS path to the user's home directory. For task-related information, see Task Overview for Autofs Administration in System Administration Guide: Network Services.

If you need to manually mount a user's home directory, use the zfs mount command. For example:

# zfs mount tank/home/username

Note - Make sure that the user's home directory is shared. For more information, see How to Share a User's Home Directory.

Skip Navigation Links
Exit Print View
	System Administration Guide: Basic Administration Oracle Solaris 11 Express 11/10