The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

roleadd (1)
  • >> roleadd (1) ( Solaris man: Команды и прикладные программы пользовательского уровня )
  •  

    NAME

    roleadd - administer a new role account on the system
     
    

    SYNOPSIS

    roleadd [-c comment] [-d dir] [-e expire] [-f inactive] 
        [-g group] [-G group [, group...]] [-m [-k skel_dir]] 
        [-u uid [-o]] [-s shell] 
        [-A authorization [,authorization...]] [-K key=value] role
    

    roleadd -D [-b base_dir] [-e expire] [-f inactive] 
        [-g group] [-A authorization [,authorization...]] 
        [-P profile [,profile...] [-K key=value]]
    

     

    DESCRIPTION

    roleadd adds a role entry to the /etc/passwd and /etc/shadow and /etc/user_attr files. The -A and -P options respectively assign authorizations and profiles to the role. Roles cannot be assigned to other roles. The -K option adds a key=value pair to /etc/user_attr for a role. Multiple key=value pairs can be added with multiple -K options.

    roleadd also creates supplementary group memberships for the role (-G option) and creates the home directory (-m option) for the role if requested. The new role account remains locked until the passwd(1) command is executed.

    Specifying roleadd -D with the -g, -b, -f, -e, or -K option (or any combination of these option) sets the default values for the respective fields. See the -D option. Subsequent roleadd commands without the -D option use these arguments.

    The system file entries created with this command have a limit of 512 characters per line. Specifying long arguments to several options can exceed this limit.

    The role (role) field accepts a string of no more than eight bytes consisting of characters from the set of alphabetic characters, numeric characters, period (.), underscore (_), and hyphen (-). The first character should be alphabetic and the field should contain at least one lower case alphabetic character. A warning message is written if these restrictions are not met. A future Solaris release might refuse to accept role fields that do not meet these requirements.

    The role field must contain at least one character and must not contain a colon (:) or a newline (\n).  

    OPTIONS

    The following options are supported:

    -A authorization

    One or more comma separated authorizations defined in auth_attr(4). Only a user or role who has grant rights to the authorization can assign it to an account

    -b base_dir

    The default base directory for the system if -d dir is not specified. base_dir is concatenated with the account name to define the home directory. If the -m option is not used, base_dir must exist.

    -c comment

    Any text string. It is generally a short description of the role. This information is stored in the role's /etc/passwd entry.

    -d dir

    The home directory of the new role. It defaults to base_dir/account_name, where base_dir is the base directory for new login home directories and account_name is the new role name.

    -D

    Display the default values for group, base_dir, skel_dir, shell, inactive, expire and key=value pairs. When used with the -g, -b, -f, or -K, options, the -D option sets the default values for the specified fields. The default values are:

    group

    other (GID of 1)

    base_dir

    /home

    skel_dir

    /etc/skel

    shell

    /bin/pfsh

    inactive

    0

    expire

    Null

    auths

    Null

    profiles

    Null

    key=value (pairs defined in user_attr(4)

    not present

    -e expire

    Specify the expiration date for a role. After this date, no user is able to access this role. The expire option argument is a date entered using one of the date formats included in the template file /etc/datemsk. See getdate(3C).

    If the date format that you choose includes spaces, it must be quoted. For example, you can enter 10/6/90 or October 6, 1990. A null value (" ") defeats the status of the expired date. This option is useful for creating temporary roles.

    -f inactive

    The maximum number of days allowed between uses of a role ID before that ID is declared invalid. Normal values are positive integers. A value of 0 defeats the status.

    -g group

    An existing group's integer ID or character-string name. Without the -D option, it defines the new role's primary group membership and defaults to the default group. You can reset this default value by invoking roleadd -D -g group.

    -G group

    An existing group's integer ID or character-string name. It defines the new role's supplementary group membership. Duplicates between group with the -g and -G options are ignored. No more than NGROUPS_MAX groups can be specified.

    -k skel_dir

    A directory that contains skeleton information (such as .profile) that can be copied into a new role's home directory. This directory must already exist. The system provides the /etc/skel directory that can be used for this purpose.

    -K key=value

    A key=value pair to add to the role's attributes. Multiple -K options can be used to add multiple key=value pairs. The generic -K option with the appropriate key can be used instead of the specific implied key options (-A and -P). See user_attr(4) for a list of valid key=value pairs. The "type" key is not a valid key for this option. Keys can not be repeated.

    -m

    Create the new role's home directory if it does not already exist. If the directory already exists, it must have read, write, and execute permissions by group, where group is the role's primary group.

    -o

    This option allows a UID to be duplicated (non-unique).

    -P profile

    One or more comma-separated execution profiles defined in prof_attr(4).

    -s shell

    Full pathname of the program used as the user's shell on login. It defaults to an empty field causing the system to use /bin/pfsh as the default. The value of shell must be a valid executable file.

    -u uid

    The UID of the new role. This UID must be a non-negative decimal integer below MAXUID as defined in <sys/param.h>. The UID defaults to the next available (unique) number above the highest number currently assigned. For example, if UIDs 100, 105, and 200 are assigned, the next default UID number is 201. (UIDs from 0-99 are reserved for possible use in future applications.)

     

    FILES

    /etc/datemsk

    /etc/passwd

    /etc/shadow

    /etc/group

    /etc/skel

    /usr/include/limits.h

    /etc/user_attr  

    ATTRIBUTES

    See attributes(5) for descriptions of the following attributes:

    ATTRIBUTE TYPEATTRIBUTE VALUE

    AvailabilitySUNWcsu

    Interface Stability

     

    SEE ALSO

    passwd(1), pfsh(1), profiles(1), roles(1), users(1B), groupadd(1M), groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M), userdel(1M), usermod(1M), getdate(3C), auth_attr(4), passwd(4), prof_attr(4), user_attr(4), attributes(5)  

    DIAGNOSTICS

    In case of an error, roleadd prints an error message and exits with a non-zero status.

    The following indicates that login specified is already in use:

    UX: roleadd: ERROR: login is already in use. Choose another.
    

    The following indicates that the uid specified with the -u option is not unique:

    UX: roleadd: ERROR: uid uid is already in use. Choose another. 
    

    The following indicates that the group specified with the -g option is already in use:

    UX: roleadd: ERROR: group group does not exist. Choose another. 
    

    The following indicates that the uid specified with the -u option is in the range of reserved UIDs (from 0-99):

    UX: roleadd: WARNING: uid uid is reserved.
    

    The following indicates that the uid specified with the -u option exceeds MAXUID as defined in <sys/param.h>:

    UX: roleadd: ERROR: uid uid is too big. Choose another.
    

    The following indicates that the /etc/passwd or /etc/shadow files do not exist:

    UX: roleadd: ERROR: Cannot update system files - login cannot be created.
    

     

    NOTES

    If a network nameservice such as NIS or NIS+ is being used to supplement the local /etc/passwd file with additional entries, roleadd cannot change information supplied by the network nameservice.


     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    OPTIONS
    FILES
    ATTRIBUTES
    SEE ALSO
    DIAGNOSTICS
    NOTES


    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей
    Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру