5. useradd - administer a new user login on the system useradd

useradd - administer a new user login on the system useradd 


  • System Administration Commands					   useradd(1M)



NAME
       useradd - administer a new user login on	the system

SYNOPSIS
       useradd [-A authorization [,authorization...]]
	    [-b	base_dir | -d dir] [-c comment]	[-e expire]
	    [-f	inactive] [-g group] [-G group [,group]...]
	    [-K	key=value] [-m [-k skel_dir]] [-p projname]
	    [-P	profile	[,profile...]] [-R role	[,role...]]
	    [-s	shell] [-S repository] [-u uid [-o]] login


       useradd -D [-A authorization [,authorization...]]
	    [-b	base_dir] [-s shell [-k	skel_dir]] [-e expire]
	    [-f	inactive] [-g group] [-K key=value] [-p	projname]
	    [-P	profile	[,profile...]] [-R role	[,role...]]


DESCRIPTION
       useradd	adds a new user	to the passwd, shadow, and user_attr databases
       in the files and	ldap repositories. The -A and -P options  respectively
       assign  authorizations  and profiles to the user. The -R	option assigns
       roles to	a user.	The -p option associates a project with	a user.	The -K
       option  adds a key=value	pair to	user_attr entry	for the	user. Multiple
       key=value pairs may be added with multiple -K options.


       useradd also creates supplementary group	memberships for	the  user  (-G
       option)	and  creates  the  home	 directory (-m option) for the user if
       requested. The new login	remains	locked until the passwd(1) command  is
       executed.


       Specifying  useradd  -D with the	-s, -k,-g, -b, -f, -e, -A, -P, -p, -R,
       or -K option (or	any combination	of these  options)  sets  the  default
       values  for the respective fields. See the -D option, below. Subsequent
       useradd commands	without	the -D option use these	arguments.


       The system file entries created with this command have a	limit of  2048
       characters  per	line. Specifying long arguments	to several options can
       exceed this limit.


       useradd	requires  that	usernames  be  in  the	format	described   in
       passwd(4). A warning message is displayed if these restrictions are not
       met. See	passwd(4) for the requirements for usernames.


       An administrator	must be	granted	the User Management Profile to be able
       to  create  a  new user.	The authorizations required to set the various
       fields in passwd, shadow	and  user_attr	can  be	 found	in  passwd(4),
       shadow(4),  and	user_attr(4).  The  authorizations  required to	assign
       groups and projects can be found	in group(4) and	project(4).

OPTIONS
       The following options are supported:

       -A authorization

	   One or more comma-separated authorizations defined in auth_attr(4).
	   Only	 a  user or role who has grant rights to the authorization can
	   assign it to	an account.


       -b base_dir

	   The base directory for new  login  home  directories	 (see  the  -d
	   option  below.  When	 a new user account is being created, base_dir
	   must	already	exist unless the -m option or the -d  option  is  also
	   specified.


       -c comment

	   Any	text string. It	is generally a short description of the	login,
	   and is currently used as the	field for the user's full  name.  This
	   information is stored in the	user's passwd entry.


       -d dir |	server:dir

	   Specifies  the  home	 directory path	for the	new user. If no	server
	   name	is specified, the specified directory  is  maintained  in  the
	   passwd(4) database.

	   The	optional  server  name	specifies  the	host on	which the home
	   directory resides. Entries in this form depend on the  automounter,
	   and are maintained in the auto_home map. The	path /home/username is
	   maintained in the passwd(4) database. When  the  user  subsequently
	   references /home/username, the automounter will mount the specified
	   directory on	/home/username.


       -D

	   Display the default values for group,  base_dir,  skel_dir,	shell,
	   inactive,  expire,  proj,  projname	and key=value pairs. When used
	   with	the -g,	-b, -f,	-e, - A, -P, -p, -R, or	- K  options,  the  -D
	   option  sets	 the  default  values  for  the	 specified fields. The
	   default values are:

	   group

	       staff (GID of 10)


	   base_dir

	       /export/home


	   skel_dir

	       /etc/skel


	   shell

	       /usr/bin/bash


	   inactive

	       0


	   expire

	       null


	   auths

	       null


	   profiles

	       null


	   auth_profiles

	       null


	   proj

	       3


	   projname

	       default


	   key=value (pairs defined in user_attr(4)

	       not present


	   roles

	       null



       -e expire

	   Specify the expiration date for a login. After this date,  no  user
	   will	 be able to access this	login. The expire option argument is a
	   date	entered	using one of the date formats included in the template
	   file	/etc/datemsk. See getdate(3C).

	   If  the  date  format  that	you choose includes spaces, it must be
	   quoted. For example,	you can	enter 10/6/90 or October  6,  1990.  A
	   null	 value	("  ")	defeats	 the  status of	the expired date. This
	   option is useful for	creating temporary logins.


       -f inactive

	   The maximum number of days allowed  between	uses  of  a  login  ID
	   before  that	 ID  is	 declared  invalid. Normal values are positive
	   integers. A value of	0 defeats the status.


       -g group

	   An existing group's integer ID or  character-string	name.  Without
	   the	-D  option, it defines the new user's primary group membership
	   and defaults	to the default group. You can reset this default value
	   by invoking useradd -D -g group. GIDs 0-99 are reserved for alloca-
	   tion	by the Solaris Operating System.


       -G group

	   An existing group's integer ID or character-string name. It defines
	   the	new  user's supplementary group	membership. Duplicates between
	   group with the  -g  and  -G	options	 are  ignored.	No  more  than
	   NGROUPS_MAX	groups	can  be	 specified. GIDs 0-99 are reserved for
	   allocation by the Solaris Operating System.


       -K key=value

	   A key=value pair to add  to	the  user's  attributes.  Multiple  -K
	   options may be used to add multiple key=value pairs.	The generic -K
	   option with the appropriate key may be used instead of the specific
	   implied  key	 options (-A, -P, -R, -p). See user_attr(4) for	a list
	   of valid key=value pairs. The "type"	key is not  a  valid  key  for
	   this	option.	Keys may not be	repeated.


       -k skel_dir

	   A  directory	 that contains skeleton	information (such as .profile)
	   that	can be copied into a new user's	home directory.	This directory
	   must	 already  exist.  The  system provides the /etc/skel directory
	   that	can be used for	this purpose.


       -m

	   Create the new user's home directory	if it does not already	exist.
	   If the directory already exists, it must have read, write, and exe-
	   cute	permissions by group, where group is the user's	primary	group.
	   If the server name specified	to the -d option is a remote host then
	   the system will not attempt to create the home directory.

	   If the directory does not already  exist and	the  parent  directory
	   is  the  mount point	of a ZFS dataset, then a child of that dataset
	   will	be created and mounted at the specified	location. The user  is
	   delegated permissions to create ZFS snapshots and promote them. The
	   newly created dataset will inherit the encryption setting from  its
	   parent.  If	it  is	encrypted,  the	 user is granted permission to
	   change its wrapping key.


       -o

	   This	option allows a	UID to be duplicated (non-unique).


       -P profile

	   One	or  more  comma-separated  execution   profiles	  defined   in
	   prof_attr(4).


       -p projname

	   Name	 of  the  project with which the added user is associated. See
	   the projname	field as defined in project(4).


       -R role

	   One	or  more  comma-separated  execution   profiles	  defined   in
	   user_attr(4). Roles cannot be assigned to other roles.


       -s shell

	   Full	 pathname of the program used as the user's shell on login. If
	   unspecified,	it will	default	to  any	 value	previously  configured
	   with	 the  -D  -s   option. If no default has been set with	-D -s,
	   then	/usr/bin/bash will be used. The	value of shell must be a valid
	   executable file.


       -S repository

	   The	valid  repositories are	files, ldap . The repository specifies
	   which name service will  be	updated.  The  default	repository  is
	   files. When the repository is files , the authorizations, profiles,
	   and roles can be present in other name service repositories and can
	   be  assigned	to a user in the files repository. When	the repository
	   is ldap, both the LDAP server and client must  be  configured  with
	   EnableShadowUpdate=true.  Also,  all	the assignable attributes must
	   be present in the ldap repository.


       -u uid

	   The UID of the new user. This UID must be  a	 non-negative  decimal
	   integer  below MAXUID as defined in <sys/param.h>. The UID defaults
	   to the next available (unique) number above the highest number cur-
	   rently  assigned.  For  example,  if	 UIDs  100,  105,  and 200 are
	   assigned, the next default UID number will be 201.  UIDs  0-99  are
	   reserved for	allocation by the Solaris Operating System.


EXIT STATUS
       In  case	of an error, useradd command prints an error message and exits
       with one	of the following values. If the	error occurred because LDAP is
       misconfigured, the following values are preceded	by "LDAP configuration
       problem":

       1     No	permission for attempted operation.


       2     The command syntax	was invalid. A usage message for  the  usermod
	     command is	displayed.


       3     An	invalid	argument was provided to an option.


       4     The gid or	uid given with the -u option is	already	in use.


       5     The password and shadow files are not consistent with each	other.
	     pwconv(1M)	might be  of  use  to  correct	possible  errors.  See
	     passwd(4) and shadow(4).


       6     The  login	to be modified does not	exist, the gid or the uid does
	     not exist.


       7     The group,	passwd,	or shadow file is missing.


       9     A group or	user name is already in	use.


       10    Cannot update the passwd, shadow, or user_attr file.


       11    Insufficient space	to move	the home directory (-m option).


       12    Unable to create, remove, or move the new home directory.


       13    Requested login is	already	in use.


       14    Unexpected	failure.


       16    Unable to update the group	database.


       17    Unable to update the project database.


       18    Insufficient authorization.


       19    Does not have role.


       20    Does not have profile.


       21    Does not have privilege.


       22    Does not have label.


       23    Does not have group.


       24    System not	running	Trusted	Extensions.


       25    Does not have project.


       26    Unable to update auto_home.


FILES
       /etc/datemsk


       /etc/passwd


       /etc/shadow


       /etc/group


       /etc/skel


       /usr/include/limits.h


       /etc/user_attr

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:




       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |system/core-os		   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       auths(1), passwd(1), profiles(1), roles(1), groupadd(1M), groupdel(1M),
       groupmod(1M),   grpck(1M),  logins(1M),	pwck(1M),  userdel(1M),	 user-
       mod(1M),	getdate(3C), auth_attr(4), group(4), passwd(4),	 prof_attr(4),
       project(4), user_attr(4), attributes(5)


       Working With Oracle Solaris 11.3	Directory and	      Naming Services:
       LDAP, Managing User Accounts and	User Environments  in  Oracle  Solaris
       11.3

DIAGNOSTICS
       In case of an error, useradd displays an	error message and exits	with a
       non-zero	status.


       The following indicates that login specified is already in use:

	 UX: useradd: ERROR: login is already in use. Choose another.




       The following indicates that the	uid specified with the	-u  option  is
       not unique:

	 UX: useradd: ERROR: uid uid is	already	in use.	Choose another.




       The following indicates that the	group specified	with the -g option has
       not yet been created:

	 UX: useradd: ERROR: group group does not exist. Choose	another.




       The following indicates that the	uid specified with the -u option is in
       the range of reserved UIDs (from	0-99):

	 UX: useradd: WARNING: uid uid is reserved.




       The  following  indicates  that	the  uid  specified with the -u	option
       exceeds MAXUID as defined in <sys/param.h>:

	 UX: useradd: ERROR: uid uid is	too big. Choose	another.




       The following indicates that the	/etc/passwd or	/etc/shadow  files  do
       not exist:

	 UX: useradd: ERROR: Cannot update system files	- login	cannot be created.




       The  following  indicates  that the user	executing the command does not
       have sufficient authorization to	perform	the operation:

	 UX: roleadd: ERROR: Permission	denied.




       The following indicates that an invalid directory was  specified	 in  a
       useradd command:

	 UX: invalid_directory is not a	valid directory. Choose	another.



NOTES
       The  useradd  utility  adds  definitions	 to the	passwd,	shadow,	group,
       project , and user_attr databases in the	scope (default or  specified).
       It  will	 verify	 the uniqueness	of the user name (or role) and user id
       and the existence of any	group names  specified	against	 the  external
       name service.



SunOS 5.11			  27 Feb 2014			   useradd(1M)
solaris manpages 2041
Log in to reply
 

© Lightnetics 2024