Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Basic Administration Oracle Solaris 10 8/11 Information Library |
1. Oracle Solaris Management Tools (Road Map)
2. Working With the Solaris Management Console (Tasks)
3. Working With the Oracle Java Web Console (Tasks)
4. Managing User Accounts and Groups (Overview)
5. Managing User Accounts and Groups (Tasks)
Setting Up User Accounts (Task Map)
How to Customize User Initialization Files
How to Add a Group With the Solaris Management Console's Groups Tool
How to Add a User With the Solaris Management Console's Users Tool
Adding Groups and Users With Command-Line Tools
Adding a Group and User With the groupadd and useradd Commands
Adding a Group and User With the smgroup and smuser Commands
Setting Up Home Directories With the Solaris Management Console
How to Share a User's Home Directory
How to Mount a User's Home Directory
Maintaining User Accounts (Task Map)
How to Change a User's Password
6. Managing Client-Server Support (Overview)
7. Managing Diskless Clients (Tasks)
8. Introduction to Shutting Down and Booting a System
9. Shutting Down and Booting a System (Overview)
10. Shutting Down a System (Tasks)
11. Modifying Oracle Solaris Boot Behavior (Tasks)
12. Booting an Oracle Solaris System (Tasks)
13. Managing the Oracle Solaris Boot Archives (Tasks)
14. Troubleshooting Booting an Oracle Solaris System (Tasks)
15. x86: GRUB Based Booting (Reference)
16. x86: Booting a System That Does Not Implement GRUB (Tasks)
17. Working With the Oracle Solaris Auto Registration regadm Command (Tasks)
18. Managing Services (Overview)
20. Managing Software (Overview)
21. Managing Software With Oracle Solaris System Administration Tools (Tasks)
22. Managing Software by Using Oracle Solaris Package Commands (Tasks)
|
Unless you define a user name or UID number that conflicts with an existing one, you should never need to modify a user account's user name or UID number.
Use the following steps if two user accounts have duplicate user names or UID numbers:
If two user accounts have duplicate UID numbers, use the Users tool to remove one account and add it again with a different UID number. You cannot use the Users tool to modify a UID number of an existing user account.
If two user accounts have duplicate user names, use the Users tool to modify one of the accounts and change the user name.
If you do use the Users tool to change a user name, the home directory's ownership is changed, if a home directory exists for the user.
One part of a user account that you can change is a user's group memberships. To add or delete a user's secondary groups, select the Properties option from the Users tool's Action menu. Alternatively, you can use the Groups tool to directly modify a group's member list.
You can also modify the following parts of a user account:
Description (comment)
Login shell
Passwords and password options
Home directory and home directory access
Rights and roles
Occasionally, you might need to temporarily or permanently disable a user account. Disabling or locking a user account means that an invalid password, *LK*, is assigned to the user account, preventing future logins.
The easiest way to disable a user account is to lock the password for an account with Users tool.
You can also enter an expiration date in the account availability section of the User Properties screen. An expiration date enables you to set a limit on how long the account is active.
Other ways to disable a user account: set up password aging or change the user's password.
When you delete a user account with the Users tool, the software deletes the entries in the passwd and group files. In addition, the files in the user's home directory and mail directory are deleted also.
Use the following procedure to modify a group.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/sadm/bin/smc &
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
A list of categories is displayed.
For example, select scutters.
For example, change scutters to scutter.
All the users that were in the scutters group are now in the scutter group.
Use the following procedure to delete a group.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/sadm/bin/smc &
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
A list of categories is displayed.
For example, select scutter.
The group is removed from all the users who were a member of this group.
You can use the Users tool for password administration. This tool includes the following capabilities:
Specifying a normal password for a user account
Enabling users to create their own passwords during their first login
Disabling or locking a user account
Specifying expiration dates and password aging information
If you are using NIS + or the /etc files to store user account information, you can set up password aging on a user's password. Starting in the Solaris 9 12/02 release, password aging is also supported in the LDAP directory service.
Password aging enables you to force users to change their passwords periodically or to prevent a user from changing a password before a specified interval. If you want to prevent an intruder from gaining undetected access to the system by using an old and inactive account, you can also set a password expiration date when the account becomes disabled. You can set password aging attributes with the passwd command or the Solaris Management Console's Users tool.
For information about starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role.
Use the following procedure if you need to disable a user account.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/sadm/bin/smc &
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
A list of categories is displayed.
For example, select scutter2.
Use the following procedure when a user forgets her password.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/sadm/bin/smc &
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
A list of categories is displayed.
For example, select scutter1.
Use the following procedure to set password aging on a user account.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/sadm/bin/smc &
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
A list of categories is displayed.
For example, select scutter2.
For example, select Users Must Change Within to set a date when the user must change his or her password.
Use the following procedure to remove a user account.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/sadm/bin/smc &
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
A list of categories is displayed.
For example, select scutter4.
You are prompted to remove the user's home directory and mailbox contents.