User and Group Commands
Different commands for users and groups are supported in Oracle Solaris.
The commands described in the following table are used for managing users, roles, and groups.
Table 1-3 Commands Used to Manage Users, Roles, and Groups
Man Page for Command | Description | For Additional Information |
---|---|---|
useradd(8) | Creates users locally or in an LDAP repository. | How to Add a User |
usermod(8) | Changes user properties locally or in an LDAP repository. If the user properties are security-relevant, such as role assignment, this task might be restricted to your security administrator or to the root role.
|
Creating a Role in Securing Users and Processes in Oracle Solaris 11.4 |
userdel(8) | Deletes a user from the system or from the LDAP repository. Can involve additional cleanup, such as cron job removal.
|
How to Delete a User |
Manages roles locally or in an LDAP repository. Roles cannot log in. Users assume an assigned role to perform administrative tasks. | Assigning Rights to Users in Securing Users and Processes in Oracle Solaris 11.4 | |
Manages groups locally or in an LDAP repository. | How to Add a Group |
The following table describes the commands that system administrators can use to obtain information about user accounts. This information is stored in various files within the /etc directory.
Table 1-4 Commands Used to Obtain Information About Users
Command Man Page Reference | Description |
---|---|
auths(1) | Lists and manages authorizations. |
getent(8) | Displays a list of entries from the administrative database. The information generally comes from one or more of the sources that are specified for the /etc/nsswitch.conf database.
|
logins(8) | Displays information about users, roles, and system logins. The output is controlled by the command options that are specified and can include user, role, system login, UID, passwd account field value, primary group, primary group ID, multiple group names, multiple group IDs, home directory, login shell, and password-aging parameters.
|
profiles(1) | Lists and manages rights profiles. |
roles(1) | Displays the roles that are assigned to a user. |
userattr(1) | Displays the first value that is found for attribute_name . If a user is not specified, the user is taken from the real user ID of the process. Attribute names are defined in the man pages.
|
prof_attr(5) | -- |
The groups
command lists the groups to which a user belongs. A user can have only one primary group at a time. However, through the newgrp
command, users can temporarily change their primary group.