Managing User and Group Accounts from the Command Line
Another way to manage user accounts is from the command line. Although using the command line is more complex than using the Admintool GUI interface, the command line provides a little more flexibility. Solaris supplies the user administration commands described in Table 13.4 for setting up and managing user accounts.
Adding User Accounts from the Command Line
You can add new user accounts on the local system by using the useradd command. This command adds an entry for the new user into the /etc/ passwd and /etc/shadow files, which are described in Chapter 16.
Just like Admintool, the useradd command also copies all the user initialization files found in the /etc/skel directory into the new user’s home directory. User initialization files are covered in the next section of this chapter.
I’ll begin by describing the useradd command. The syntax for the useradd command is as follows:
useradd [-u <uid>] [-o] [-g <gid>] [-G <gid,gid,…>] –m [-s <shell>] [-c <comment>] [-d <dir>] [-e <expiration>] [-f <inactive>] [-k <skeldir>] <loginname>
Table 13.5 describes these options:
| Option | Description |
|---|---|
| -u <uid> | Sets the unique UID for the user. |
| -o | This option allows a UID to be duplicated. The default is not to let you choose a UID that is already in use. |
| -g <gid> | Specifies a predefined GID or name for the user. This will be the user’s primary group. |
| -G <gid> | Defines the new user’s secondary group memberships. Multiple groups can be entered but must be separated by commas. |
| -m | Creates a new home directory if one does not already exist. |
| -s <shell> | Defines the full pathname for the shell program to be used as the user’s login shell. The default is /bin/sh if a shell is not specified. |
| -c <comment> | This is only a comment and is typically used to specify the user’s full name, location, and phone number. |
| -d <dir> | The home directory of the new user. It defaults to <base_dir>/ <account_name>, in which <base_dir> is the base directory for new login home directories and <account_name> is the new login name. |
| -e <expiration> | Sets an expiration date on the user account. Specifies the date on which the user can no longer log in and access the account. After the specified date, the account is locked. Use the following format to specify the date: mm/dd/yy. |
| -f <inactive> | Sets the number of inactive days allowed on a user account. If the account is not logged in to during the specified number of days, the account is locked. |
| -k <skeldir> | Specifies an alternate location for the user initialization template files. Files from this directory will be copied into the user’s home directory. The default location is /etc/skel. |
| loginname | Specify the user login name to be assigned to this account. See Table 13.3, User Name, for the proper convention. |
Many additional options are also available, although most are not used as often. Additional options to the useradd command apply specifically to RBAC and are described in Chapter 17, “Role-Based Access Control.” You can also refer to the online manual pages for a listing of all the options to the useradd command.
The following example creates a new login account for Bill Calkins. The login name will be bcalkins, the UID will be 3000, and the group will be other. I’m going to instruct the system to create a home directory named /export/home/bcalkins. The default shell will be /bin/sh, and the initialization files are to be copied from the /etc/skel directory:
useradd –u 3000 –g other –d /export/home/bcalkins –m –s /bin/sh –c "Bill Calkins, ext. 2345" bcalkins
Modifying User Accounts from the Command Line
Use the usermod command to modify existing user accounts from the command line. usermod can be used to modify most of the options that were used when the account was originally created.
The command syntax for usermod is as follows:
usermod [-u <uid>] –o [-g <gid>] [-G <gid,gid,…>] [-d <dir>] –m [-s <shell>] [-c <comment>] [-l <newloginname>] [-f <inactive>] [-e <expiration>] <loginname>
The options used with the usermod command are the same as those described for the useradd command, except for those listed in Table 13.6.
Additional options to the usermod command apply specifically to RBAC and are described in Chapter 17.
The following example changes the login name for user bcalkins to wcalkins. It also changes the home directory to /export/home/wcalkins and default shell to /bin/ksh.
usermod –d /export/home/wcalkins –m –s /bin/ksh –l wcalkins bcalkins
Note
Although the new home directory has been changed, existing files still must be manually moved from the old home directory to the new home directory.
Deleting User Accounts from the Command Line
Use the userdel command to delete a user’s login account from the system. Options can be specified to save or remove the user’s home directory. The syntax for the userdel command is as follows:
userdel [-r] <loginname> -r removes the user’s home directory from the local file system. If this option is not specified, only the login is removed; the home directory remains intact.
The following example removes the login account for bcalkins but does not remove the home directory:
userdel bcalkins
Adding Group Accounts from the Command Line
Use the groupadd command to add new group accounts on the local system. This command adds an entry to the /etc/group file. The syntax for the groupadd command is as follows:
groupadd [-g <gid>] –o <groupname>
Where:
-g <gid> assigns the group ID <gid> for the new group.
-o allows the GID to be duplicated. In other words, more than one groupname can share the same GID.
The following example adds a new group named acct with a GID of 1000 to the system:
groupadd –g 1000 acct
Modifying Group Accounts from the Command Line
Use the groupmod command to modify the definitions of a specified group. The syntax for the groupmod command is as follows:
groupmod [-g <gid>] –o [-n <name>] <groupname>
Where:
-g <gid> assigns the new group ID <gid> for the group.
-o allows the GID to be duplicated. In other words, more than one groupname can share the same GID.
-n <name> specifies a new name for the group.
The following example changes the acct group GID to 2000:
groupmod –g 2000 acct
Deleting Group Accounts from the Command Line
Use the groupdel command to delete a group account from the local system. The syntax for the groupdel command is as follows:
groupdel <groupname> The following example deletes the group named acct from the local system:
groupdel acct