usermgr - API for user and group administration
interface UserMgr User[] users ; Group[] groups ; string[] shells ; User defaultUser ; string[] scopes ; string[] roles ; string[] profiles ; string[] auths ; string[] defaultPrivs ; string[] limitPrivs ; string[] supplGroups ; string[] auditClasses ; string[] pamUserConfFiles ; User getUser(string username); User addUser(User user, secret password); User modifyUser(User user, UserChangeFields changeFields, secret password); deleteUser(string username); selectScope(ScopeType scope); setFilter(UserType usertype, string searchstring); boolean isSystemLabeled(); UserType getUserType(string username);
USERMGR(3rad) RAD Module Definitions USERMGR(3rad)
NAME
usermgr - API for user and group administration
SYNOPSIS
interface UserMgr
User[] users ;
Group[] groups ;
string[] shells ;
User defaultUser ;
string[] scopes ;
string[] roles ;
string[] profiles ;
string[] auths ;
string[] defaultPrivs ;
string[] limitPrivs ;
string[] supplGroups ;
string[] auditClasses ;
string[] pamUserConfFiles ;
User getUser(string username);
User addUser(User user,
secret password);
User modifyUser(User user,
UserChangeFields changeFields,
secret password);
deleteUser(string username);
selectScope(ScopeType scope);
setFilter(UserType usertype,
string searchstring);
boolean isSystemLabeled();
UserType getUserType(string username);
DESCRIPTION
API com.oracle.solaris.rad.usermgr
INTERFACES
interface UserMgr
Set of operations that can be performed on users and roles.
UserMgr Properties
User[] users (read-only) -- Lists users.
Lists the users present in the selected scope based on the
filter options.
Read Error: UserMgrError
o READERROR - when unable to read user after
Group[] groups (read-only) -- Lists groups.
Lists the groups present in the selected scope.
Read Error: UserMgrError
o READERROR - when unable to read the groups database.
string[] shells (read-only) -- Lists shells.
Lists the set of available shells that can be set as default
shell for users.
Read Error: UserMgrError
o READERROR - when unable to read the default shells.
User defaultUser (read-only) -- Lists user defaults.
Lists the default values for groups, basedir, project, shell,
skel, inactive, expire, auths, profiles, roles, limitPriv,
defaultPriv, lockAfterRetries used for creation of users and
roles.
Read Error: UserMgrError
o READERROR - when unable to read default user
properties.
string[] scopes (read-only) -- Lists scopes.
Lists the set of name service repositories that can be
administered.
Read Error: UserMgrError
o READERROR - when unable to read the name services that
can be managed.
string[] roles (read-only) -- Lists assigned roles.
Lists the roles assigned to a user.
Read Error: UserMgrError
o READERROR - when unable to read user roles
string[] profiles (read-only) -- Lists assigned profiles.
Lists the profiles assigned to a user.
Read Error: UserMgrError
o READERROR - when unable to read user profiles.
string[] auths (read-only) -- Lists assigned authorizations.
Lists the authorizations assigned to a user.
Read Error: UserMgrError
o READERROR - when unable to read user authorizations.
string[] defaultPrivs (read-only) -- Lists default privileges.
Lists the default privileges assigned to a user.
Read Error: UserMgrError
o READERROR - when unable to read user's default
privileges.
string[] limitPrivs (read-only) -- Lists limit privileges.
Lists the limit privileges assigned to a user.
Read Error: UserMgrError
o READERROR - when unable to read user's limit
privileges.
string[] supplGroups (read-only) -- Lists supplemental groups.
Lists the supplemental groups that the user is a member of.
Read Error: UserMgrError
o READERROR - when unable to read user's supplemental
groups.
string[] auditClasses (read-only) -- Lists Assigned Audit Classes.
Lists the audit classes that are assigned to the user.
Read Error: UserMgrError
o READERROR - when unable to read user's assigned audit
classes.
string[] pamUserConfFiles (read-only) -- Lists users PAM
configuration files.
Lists the per-user PAM configuration files.
Read Error: UserMgrError
o READERROR - when unable to read user specific PAM
configuration files.
UserMgr Methods
User getUser(string username)
gets User information for a given username.
Gets the user information for a given username from the name
service repository based on the filter options.
Arguments:
username -- Specifies the username for which the account
information is to be retrieved.
Result:
User
Error:
UserMgrError
o READERROR - when unable to read user
User addUser(User user, secret password)
Add user or role.
Adds a user or role to the selected name service repository
based on the filter options. Applies the properties set in the
user object as the account, password, security attributes. Sets
INVALIDDATA error when arguments are not valid. Sets PASSERROR
error when password update fails. Sets READERROR error when
unable to read user after successful addition of new user. Sets
USEREXISTS error user already exists with same username.
Arguments:
user -- user object which contains attributes of new user
account to be created.
password -- password to be set for the new user account.
Result:
User
Error:
UserMgrError
o INVALIDDATA - when arguments are not valid.
o INVALIDDATA - when arguments are not valid.
o READERROR - when unable to read user after adding new
user.
User modifyUser(User user, UserChangeFields changeFields,
secret password)
Modify user or role.
Modifies users or roles present in the selected scope based on
the filter options. Applies the changed fields in the user
object to the user or role attributes. Sets INVALIDDATA error
when arguments are not valid. Sets PASSERROR error when
password update fails. Sets READERROR error when unable to read
user after successful modification of user.
Arguments:
user -- user object which contains user attributes to be
modified.
changeFields -- Indicates which fields have been modified in
the user object by the client.
password (nullable) -- password to be set for the new user
account.
Result:
User
Error:
UserMgrError
o INVALIDDATA - when arguments are not valid.
o INVALIDDATA - when arguments are not valid.
o READERROR - when unable to read user after adding new
user.
deleteUser(string username)
Delete user.
Deletes user or role based on username present in the selected
scope based on the filter options. Sets READERROR error on
failure.
Arguments:
username -- username of account that needs to be deleted.
Error:
UserMgrError
o READERROR - when unable to read user
selectScope(ScopeType scope)
sets the name-service repository scope.
Sets the name-service repository scope. All subsequent
operations will use the specified scope.
Arguments:
scope -- Specifies the name-service scope to be used for
managing users.
setFilter(UserType usertype, string searchstring)
Sets the filter options.
Sets the filter options which are used for all the subsequent
operations. The options are user or role and search string. The
default search string is empty string ("").
Arguments:
usertype -- Specifies if users or roles will be managed.
searchstring -- Specifies the string to match against user or
role names to be managed.
boolean isSystemLabeled()
Checks if System is Labeled.
Checks if the Trusted Extensions feature is enabled on the
system. Returns true if successful and sets Sets READERROR
error on failure.
Result:
boolean
Error:
UserMgrError
o READERROR - when checking if Trusted Extensions is
enabled fails.
UserType getUserType(string username)
Gets the user type.
Checks if the user is role or normal user. Returns UserType set
to role or normal user. Sets READERROR error on failure.
Arguments:
username -- Specifies user name to check for user or role.
Result:
UserType
Error:
UserMgrError
o READERROR - when checking if Trusted Extensions is
enabled fails.
ENUMERATED TYPES
enum UserMgrErrorType -- User Manager api error types
INVALIDDATA (0)
USEREXISTS (1)
PERMDENIED (2)
READERROR (3)
LASTADMIN (4)
ROOTADMIN (5)
PASSERROR (6)
enum ScopeType -- Name service scope types
FILES (0)
LDAP (1)
enum UserType
NORMAL (0)
ROLE (1)
STRUCTURE TYPES
struct Group -- describes a Solaris group
Fully describes a Solaris group, contains group name, group id,
group members.
Fields:
string groupName -- Specifies the group name.
uinteger groupID -- Specifies the Gid of the group.
string[] groupMembers -- Specifies the members of the group.
struct User -- describes a Solaris user
Fully describes a Solaris user, contains account, home directory
and security attributes associated with a user. See man passwd(4),
shadow(4), userattr(4) for more info on fields.
Fields:
string username -- username for the account.
uinteger userID -- UID for the account.
uinteger groupID -- GID for the account.
string description (nullable) -- gecos info for the account.
string homeDirectory (nullable) -- homedirectory location for the
account.
string defaultShell (nullable) -- default shell for the account.
integer inactive -- Number of inactivity days allowed for the
account.
integer min -- Minimum number of days between password changes for
the account.
integer max -- Maximum cemunber of days the password is valid for
the account.
integer warn -- Number of days before password expires the user is
warned.
string expire (nullable) -- The date after which login will not be
allowed for the account. The date format is %y-%m-%d %H:%M:%S.
string lockAfterRetries (nullable) -- Specifies whether the account
is locked after failed logins execeeds the allowable limit.
string alwaysAuditFlags (nullable) -- Specifies per-user always
audit pre-selection flags.
string neverAuditFlags (nullable) -- Specifies per-user never-audit
pre-selection flags.
string type (nullable) -- specifies whether account is role or
user.
string defaultProj (nullable) -- specifies the default project for
the account.
string clearance (nullable) -- Specifies the max label at which the
user can operate.
string minLabel (nullable) -- Specifies the min labelthat the user
can login .
string roleAuth (nullable) -- Specifies whether the account user
role or user password for role authentication.
string idleCmd (nullable) -- Specifies when the desktop session for
the user gets locked.
string idleTime (nullable) -- Specifies the idle time before the
idlecmd is executed.
string accountStatus (nullable) -- Specifies the status of the
account.
string[] roles (nullable) -- Specifies the roles that have been
assigned to the account.
string[] profiles (nullable) -- Specifies the profiles that have
been assigned to the account.
string[] authProfiles (nullable) -- Specifies the authenticated
profiles that have been assigned to the account.
string[] auths (nullable) -- Specifies the authorizations that have
been assigned to the account.
string[] defaultPriv (nullable) -- Specifies the default set of
privileges assigned to user at login.
string[] limitPriv (nullable) -- Specifies the maximum set of
privileges the user or process started by the user can obtain.
string[] groups (nullable) -- Specifies the supplemental groups
that have been assigned to the account.
struct UserChangeFields -- Keeps track of all the fields that have been
changed in the user object.
Keeps track of all the fields that have been changed in the user
object. For every field that has been changed in the User object
the respective changeField will be set to true.
Fields:
boolean gidChanged
boolean descChanged
boolean homedirChanged
boolean defShellChanged
boolean profilesChanged
boolean authProfilesChanged
boolean rolesChanged
boolean authsChanged
boolean limitPrivChanged
boolean groupsChanged
boolean lockAfterRetriesChanged
boolean alwaysAuditChanged
boolean neverAuditChanged
boolean typeChanged
boolean defaultProjChanged
boolean minLabelChanged
boolean roleAuthChanged
boolean idleCmdChanged
boolean idleTimeChanged
boolean expireChanged
boolean minChanged
boolean maxChanged
boolean warnChanged
boolean uidChanged
struct UserMgrError
Fields:
UserMgrErrorType errorCode
Version: (1.0)
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Availability | system/management/rad/* |
+--------------------+-------------------------+
|Interface Stability | Private |
+--------------------+-------------------------+
SEE ALSO
rad(1M)
SunOS 5.11 2017-02-06 USERMGR(3rad)