Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Administration: Common Tasks Oracle Solaris 11 Information Library |
1. Locating Information About Oracle Solaris Commands
2. Managing User Accounts and Groups (Overview)
3. Managing User Accounts and Groups (Tasks)
Setting Up and Administering User Accounts (Task Map)
How to Customize User Initialization Files
How to Change Account Defaults For All Roles
How to Share Home Directories That Are Created as ZFS File Systems
4. Booting and Shutting Down an Oracle Solaris System
5. Working With Oracle Configuration Manager
6. Managing Services (Overview)
9. Managing System Information (Tasks)
10. Managing System Processes (Tasks)
11. Monitoring System Performance (Tasks)
12. Managing Software Packages (Tasks)
14. Scheduling System Tasks (Tasks)
15. Setting Up and Administering Printers by Using CUPS (Tasks)
16. Managing the System Console, Terminal Devices, and Power Services (Tasks)
17. Managing System Crash Information (Tasks)
18. Managing Core Files (Tasks)
19. Troubleshooting System and Software Problems (Tasks)
20. Troubleshooting Miscellaneous System and Software Problems (Tasks)
In Oracle Solaris 11, user accounts are created as Oracle Solaris ZFS file systems. As an administrator, when you create user accounts, you are creating more than a home directory. You are giving users their own file system and their own ZFS dataset. Every home directory that is created by using the useradd and roleadd commands places the home directory of the user on the /export/home file system as an individual ZFS file system. As a result, users have the ability to back up their home directories, create ZFS snapshots of their home directories, and replace files in their current home directory from the ZFS snapshots that they created.
The useradd command relies on the automount service, svc:/system/filesystem/autofs to mount a user's home directory, so this service should not be disabled. Each home directory entry for a user in the passwd database is of the form /home/username, which is an autofs trigger that is resolved by the automounter through the auto_home map.
The useradd command automatically creates entries in the auto_home map that correspond to the pathname that is specified by using the -d option. If the pathname includes a remote host specification, for example, foobar:/export/home/jdoe, then the home directory for jdoe must be created on the system foobar. The default pathname is localhost:/export/home/user.
Because this file system is a ZFS dataset, the user's home directory is created as a child ZFS dataset, with the ZFS permission to take snapshots delegated to the user. If a pathname is specified that does not correspond to a ZFS dataset, then a regular directory is created. If the -S ldap option is specified, then the auto_home map entry is updated on the LDAP server instead of the local auto_home map.
When setting up user accounts you can create a form similar to the following form to gather information about users before adding their accounts.
|
$ su - Password: #
Note - This method works whether root is a user account or a role.
# mkdir /shared-dir/skel/user-type
The name of a directory to store initialization files for a type of user.
For a detailed description on the ways to customize the user initialization files, see Customizing a User's Work Environment.
# chmod 744 /shared-dir/skel/user-type/.*
# ls -la /shared-dir/skel/*
In the following procedure, the administrator has customized a roles directory . The administrator changes the default home directory and skeleton directory for all roles.
# roleadd -D group=other,1 project=default,3 basedir=/home skel=/etc/skel shell=/bin/pfsh inactive=0 expire= auths= profiles=All limitpriv= defaultpriv= lock_after_retries=
# roleadd -D -b /export/home -k /etc/skel/roles # roleadd -D group=staff,10 project=default,3 basedir=/export/home skel=/etc/skel/roles shell=/bin/sh inactive=0 expire= auths= profiles= roles= limitpriv= defaultpriv= lock_after_retries=
Future uses of the roleadd command create home directories in /export/home, and populate the roles' environment from the /etc/skel/roles directory.
In Oracle Solaris 11, user accounts are created as Oracle Solaris ZFS file systems. Every home directory that is created by using the useradd and roleadd commands places the home directory of the user on the /export/home file system as an individual ZFS file system.
By default, the user is created locally. With the -S ldap option, the user is created in an existing LDAP repository.
# useradd -m username
Creates an account for the specified user.
Creates a local home directory on the system for the specified user.
Note - The account is locked until you assign the user a password.
$ passwd username New password: Type user password Re-enter new password: Retype password
For more command options, see the useradd(1M) and passwd(1) man pages.
See Also
After creating a user, if you want to add roles or assign roles to the user account, see How to Create a Role in Oracle Solaris Administration: Security Services for more information.
$ su - Password: #
Note - This method works whether root is a user account or a role.
# userdel -r username
Deletes the account of the specified user.
Removes the account from the system.
Because user home directories are now ZFS datasets, the preferred method for removing a local home directory for a deleted user is to specify the -r option with the userdel command.
# userdel username
You must manually delete the user's home directory on the remote server.
For a full list of command options, see the userdel(1M) man page.
Next Steps
Additional cleanup might be required if the user that you deleted had administrative responsibilities, for example creating cron jobs, or if the user had additional accounts in non-global zones.
# cat /etc/group
$ groupadd -g 18 exadata
Creates a new group definition on the system by adding the appropriate entry to the /etc/group file.
Assigns the group ID for the new group.
For more information, see the groupadd(1M) man page.
Example 3-1 Adding a Group and User With the groupadd and useradd Commands
The following example shows how to use the groupadd and useradd commands to add the group scutters and the user scutter1 to files on the local system.
# groupadd -g 102 scutters # useradd -u 1003 -g 102 -d /export/home/scutter1 -s /bin/csh \ -c "Scutter 1" -m -k /etc/skel scutter1 64 blocks
For more information, see the groupadd(1M) and useradd(1M) man pages.
An NFS or a Server Message Block (SMB) share of a ZFS file system is created and then the share is published.
The two-step process is as follows:
The file system share is created by using zfs set share command. At this time, specific share properties can be defined. If share properties are not defined, the default property values are used for the share.
The NFS or SMB share is published by setting the sharenfs or sharesmb property. The share is published permanently until the property is set to off.
Note that you must be the root user to perform the following procedure.
Before You Begin
Create a separate pool for the user home directories. For example:
# zpool create users mirror c1t1d0 c1t2d0 mirror c2t1d0 c2t2d0
Then, create a container for the home directories:
# zfs create /users/home
# zfs set share=name=users,path=/users/home,prot=nfs users/home name=users,path=/users/home,prot=nfs # zfs set sharenfs=on users/home
# zfs create users/home/username1 # zfs create users/home/username2 # zfs create users/home/username3
For example:
# zfs create users/home/alice # zfs create users/home/bob # zfs create users/home/carl
# zfs get -r sharenfs users/home
The -r option displays all of the descendent file systems.
See Also
For more information about creating and publishing shares, see Mounting ZFS File Systems in Oracle Solaris Administration: ZFS File Systems.
User accounts that are created as ZFS file systems do not typically need to be manually mounted. With ZFS, file systems are automounted when they are created and then mounted at boot time from the SMF local file system service.
When creating user accounts, make sure home directories are set up as they are in the name service, at /home/username. Then, make sure that the auto_home map indicates the NFS path to the user's home directory. For task-related information, see Task Overview for Autofs Administration in Oracle Solaris Administration: Network Services.
If you need to manually mount a user's home directory, use the zfs mount command. For example:
# zfs mount users/home/alice
Note - Make sure that the user's home directory is shared. For more information, see How to Share Home Directories That Are Created as ZFS File Systems.