Setting Up User Accounts by Using the CLI

About Setting Up User Accounts

Oracle Solaris typically creates a user account home directory as an individual ZFS file system and a ZFS dataset that are mounted under the /export/home file system. As a result, you can back up each home directory, create a ZFS snapshot of it, and replace its contents from a snapshot.

To administer a user account, you must have the appropriate rights profile such as the User Management rights profile. The tasks in this guide assumes that you have these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

If you are setting up user accounts by using LDAP, you would need to specify LDAP as the repository for user information. Then you can assign user attributes to the user accounts. For more information, see How to Assign Default User Attributes for LDAP Accounts.

For security, you can label processes and files that would control user access to sensitive files. See Chapter 6, Labeling Processes for Data Loss Protection in Securing Users and Processes in Oracle Solaris 11.4.

Gathering User Information

When setting up user accounts, you would need to gather the following information about each user.

User Name
Role Name
Profiles or Authorization
UID
Primary Group
Secondary Groups
Default Shell
Password Status and Aging
Home Directory Path Name
Mounting Method
Permissions on Home Directory
Mail Server
Add to These Email Aliases
Desktop System Name

Identifying Users by Packages

To find all the users that were delivered by a package (do not represent humans) on this system, you must specify the --l option. Note that this search excludes user packages created manually by the useradd command.

:$ pkg search -lo username, pkg.name user::

Caution:

Do not try to change the users' output with the pkg search command.

How to Customize User Initialization Files

The following task describes how to set up customized initialization files for the users on your system.

Become an administrator or a user with the User Management rights profile.
```
$ su -
Password:
#
```
For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.
Create a skeleton directory for each type of user.
# mkdir /shared-dir/skel/user-type

shared-dir is the name of a directory that is available to other systems on the network

user-type is the name of a directory to store initialization files for a type of user
Copy the default user initialization files into the directories that you created for different types of users.
Customize the user initialization files for each user type.
For an overview, see About the User Work Environment.
Set the permissions for the user initialization files.
# chmod 744 /shared-dir/skel/user-type/.*
Verify that the permissions for the user initialization files are correct.
# ls -la /shared-dir/skel/*

How to Change Account Defaults for All Roles

In the following procedure, the administrator customizes a roles directory . The administrator then changes the default home directory and skeleton directory for all roles.

Become an administrator or a user with the User Management rights profile.
See Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.4.

Create a custom roles directory.

For example:

# roleadd -D
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/pfsh inactive=0
expire= auths= profiles=All limitpriv=
defaultpriv= lock_after_retries=

Change the default home directory and skeleton directory for all roles.
For example:
```
# roleadd -D -b /export/home -k /etc/skel/roles
# roleadd -D
group=staff,10 project=default,3 basedir=/export/home
skel=/etc/skel/roles shell=/bin/sh inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
```
Further use of the roleadd command will now create home directories in the /export/home directory and will populate the roles' environment from the /etc/skel/roles directory.