Go to main content

Managing User Accounts and User Environments in Oracle® Solaris 11.4

Exit Print View

Updated: August 2021

Using the Interactive useradm Command

The interactive mode of useradm is activated only by using the add or modify subcommand and with only the –S, –q, or –R options, used singly or in combination.

  • –S specifies the naming service repository to use. The choices are files to store account information locally or ldap to have the information managed by LDAP.

  • –q specifies the hostname or netgroup to use for the attributes maintained in the user_attr LDAP container. This option applies only to existing accounts that are maintained by the LDAP name service.

  • –R specifies the URI to connect to a remote RAD server.

All the following sample commands open the useradm interactive window.

  • Creating a new user account jdoe. The information is stored locally.

    $ useradm add -S files jdoe
  • Modifying user jsmith's attribute settings stored in LDAP.

    $ useradm modify -S ldap jsmith
  • Modifying user jack's account information in LDAP so that the attributes are applicable only when the user is using the system with the host name system1.

    $ usermod modify -S ldap -q system1 jack

Likewise, the following commands connect to a remote server and run useradm interactively. Ensure that the rad:remote SMF service is enabled.

  • Starting the useradm application locally while specifying a remote RAD server.

    $ useradm modify -S ldap -R ssh://login-name@server johnsmith@example.com
  • Starting the useradm application directly on the remote server.

    $ ssh joe@server -t useradm modify jane
  • Using two systems to manage user accounts remotely.

    $ ssh -t jane@server1 useradm modify -R rads://jean@server2?auth=pam mary

    In this example, the application is started on one server to modify a user on another server. The user account to log in to the server specified with –R option – jean in this example – is used to manage mary's account settings. Ensure that jean is assigned either the User Security rights profile or has the solaris.auth.delegate authorization on server2.