Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Basic Administration Oracle Solaris 11 Express 11/10 |
1. Managing User Accounts and Groups (Overview)
2. Managing User Accounts and Groups (Tasks)
Setting Up and Administering User Accounts (Task Map)
3. Introduction to Shutting Down and Booting a System
4. Shutting Down and Booting a System (Overview)
5. Shutting Down a System (Tasks)
6. Modifying Oracle Solaris Boot Behavior (Tasks)
7. Booting an Oracle Solaris System (Tasks)
8. Troubleshooting Booting an Oracle Solaris System (Tasks)
9. Managing the Oracle Solaris Boot Archives (Tasks)
10. x86: GRUB Based Booting (Reference)
You can create a form such as the following to gather information about users before adding their accounts.
|
$ su - Password: #
Note - This method works whether root is a user or a role.
# mkdir /shared-dir/skel/user-type
The name of a directory to store initialization files for a type of user.
For a detailed description on the ways to customize the user initialization files, see Customizing a User's Work Environment.
# chmod 744 /shared-dir/skel/user-type/.*
# ls -la /shared-dir/skel/*
# useradd -D group=staff,10 project=default,3 basedir=/home skel=/etc/skel shell=/bin/sh inactive=0 expire= auths= profiles= roles= limitpriv= defaultpriv= lock_after_retries=
# useradd -D -b /export/home
For the command options, see the roleadd(1M) man page.
# useradd -D group=staff,10 project=default,3 basedir=/export/home skel=/etc/skel shell=/bin/sh inactive=0 expire= auths= profiles= roles= limitpriv= defaultpriv= lock_after_retries=
Example 2-1 Changing the Account Defaults for All Roles
In this example, the administrator has customized a roles directory . The administrator changes the default home directory and skeleton directory for all roles. The
# roleadd -D group=other,1 project=default,3 basedir=/home skel=/etc/skel shell=/bin/pfsh inactive=0 expire= auths= profiles=All limitpriv= defaultpriv= lock_after_retries= # roleadd -D -b /export/home -k /etc/skel/roles # roleadd -D group=staff,10 project=default,3 basedir=/export/home skel=/etc/skel/roles shell=/bin/sh inactive=0 expire= auths= profiles= roles= limitpriv= defaultpriv= lock_after_retries=
Future uses of the roleadd command create home directories in /export/home, and populate the roles' environment from the /etc/skel/roles directory.
Use the defaults that you modified in How to Set Account Defaults.
# useradd -m username
Creates an account for the specified user.
Creates a local home directory on the system for the specified user.
Note - The account is locked until you assign the user a password.
$ passwd username New password: Type user password Re-enter new password: Retype password
For more command options, see the useradd(1M) and passwd(1) man pages.
$ su - Password: #
Note - This method works whether root is a user or a role.
# userdel -r username
Deletes the account of the specified user.
Removes the account from the system.
# userdel username
You must manually delete the user's home directory on the remote server.
For a full list of command options, see the userdel(1M) man page.
Use the defaults that you modified in Example 2-1.
# roleadd -m rolename
Administers a new role on the system.
Creates the new role's home directory, if one does not already exist.
The account is locked until you assign the role a password.
$ passwd rolename New password: Type role password Re-enter new password: Retype password
For more command options, see the roleadd(1M) and passwd(1) man pages.
Example 2-2 Creating a Role That Mounts a Remote Home Directory
In this example, a central server contains the home directories of users and roles. The administrator creates a role, but does not specify the home directory.
# roleadd -D group=other,1 project=default,3 basedir=/export/home skel=/etc/skel/roles shell=/bin/pfsh inactive=0 expire= auths= profiles=All limitpriv= defaultpriv= lock_after_retries=
# roleadd audcontrol
Because no home directory was specified, no local home directory exists.
# ls /export/home jdoe/ kdoe/ ldoe/
# cat /etc/group root::0: other::1:root bin::2:root,daemon sys::3:root,bin,adm adm::4:root,daemon uucp::5:root mail::6:root tty::7:root,adm lp::8:root,adm nuucp::9:root staff::10: daemon::12:root sysadmin::14: ... unknown::96: nobody::60001: noaccess::60002: nogroup::65534: pkg5srv::97:
$ groupadd -g 18 exadata
Creates a new group definition on the system by adding the appropriate entry to the /etc/group file.
Assigns the group ID for the new group.
For more information, see the groupadd(1M) man page.
Example 2-3 Adding a Group and User With the groupadd and useradd Commands
The following example shows how to use the groupadd and useradd commands to add the group scutters and the user scutter1 to files on the local system. These commands cannot be used to manage users in a name service environment.
# groupadd -g 102 scutters # useradd -u 1003 -g 102 -d /export/home/scutter1 -s /bin/csh \ -c "Scutter 1" -m -k /etc/skel scutter1 64 blocks
For more information, see the groupadd(1M) and useradd(1M) man pages.
The following procedure shows how to share a user's home directory. Prior to this task, the user's home directory was created as a ZFS file system, as follows:
# zfs create -p -o mountpoint=/export/home/ripley rpool/export/home/username
# share - /export/home/username rw ""
User accounts that are created as ZFS file systems do not typically need to be manually mounted. With ZFS, file systems are automounted when they are created and then mounted at boot time from the SMF local file system service.
When creating user accounts, make sure that home directories are set up as they are in the name service, at /home/username. Then, make sure that the auto_home map indicates the NFS path to the user's home directory. For task-related information, see Task Overview for Autofs Administration in System Administration Guide: Network Services.
If you need to manually mount a user's home directory, use the zfs mount command. For example:
# zfs mount tank/home/username
Note - Make sure that the user's home directory is shared. For more information, see How to Share a User's Home Directory.