Go to main content

Managing User Accounts and User Environments in Oracle® Solaris 11.3

Exit Print View

Updated: March 2017
 
 

Guidelines for Setting Up User Accounts

    Note the following guidelines for setting up user accounts by using the CLI:

  • In the Oracle Solaris OS, user accounts are created as Oracle Solaris ZFS file systems. As an administrator, when you create user accounts, you are giving users their own file system and their own ZFS dataset. Every home directory that is created by using the useradd and roleadd commands places the home directory of the user on the /export/home file system as an individual ZFS file system. As a result, users have the ability to back up their home directories, create ZFS snapshots of their home directories, and replace files in their current home directory from the ZFS snapshots that they created.

  • To set up user accounts, you must assume the root role or a role that has the appropriate rights profile, for example, the User Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  • When you create a user account with the useradd command, you must specify the –m option to create a home directory for the user.

    For example, the following command will create a home directory for the user jdoe:

    # useradd -m jdoe

    But, the following syntax will not create a home directory for the user:

    # useradd jdoe
    Note -  If you want the pam_zfs_key module to create an encrypted home directory for the user, do not specify the –m option with the useradd command. See the pam_zfs_key(5) and zfs_encrypt(1M) man pages.

  • The useradd command creates entries in the auto_home map only if the –d option is specified with hostname:/pathname. Otherwise, the path name that is specified is updated as the home directory for the user in the passwd database, and no auto_home map entry is created. Home directories that are specified in the auto_home automounter map are only mounted if the autofs service is enabled.

    For example, if you specify the –d option to create a user as follows, the user is created without an auto_home entry, and the passwd entry specifies /export/home/user1 as the user's home directory:

    # useradd -d /export/home/user1 user1

    If you use the –d option to create the user as follows, the user will have an auto_home entry, and the passwd database will contain /home/user1, indicating a dependency on the autofs service.

    # useradd -d localhost:/export/home/user1 user1

  • If the pathname of the home directory includes a remote host specification, for example, foobar:/export/home/jdoe, then the home directory for jdoe must be created on the system foobar. The default pathname is localhost:/export/home/username.

  • When the file system is a ZFS dataset, which is the case for all of Oracle Solaris 11, the user's home directory is created as a child ZFS dataset, with the ZFS permission to take snapshots delegated to the user. If a pathname is specified that does not correspond to a ZFS dataset, then a regular directory is created. If the –S ldap option is specified, then the auto_home map entry is updated on the LDAP server instead of the local auto_home map.

Copyright © 1998, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next