Print this page
293 useradd/del/mod should be ZFS-aware
   1 '\" te
   2 .\" Copyright 1989 AT&T Copyright (c) 2004, 2009, Sun Microsystems, Inc. All Rights Reserved
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH USERMOD 1M "Feb 22, 2008"
   7 .SH NAME
   8 usermod \- modify a user's login information on the system
   9 .SH SYNOPSIS
  10 .LP
  11 .nf
  12 \fBusermod\fR [\fB-u\fR \fIuid\fR [\fB-o\fR]] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [, \fIgroup\fR...]]
  13      [\fB-d\fR \fIdir\fR [\fB-m\fR]] [\fB-s\fR \fIshell\fR] [\fB-c\fR \fIcomment\fR] [\fB-l\fR \fInew_name\fR]
  14      [\fB-f\fR \fIinactive\fR] [\fB-e\fR \fIexpire\fR]
  15      [\fB-A\fR \fIauthorization\fR [, \fIauthorization\fR]]
  16      [\fB-P\fR \fIprofile\fR [, \fIprofile\fR]] [\fB-R\fR \fIrole\fR [, \fIrole\fR]]
  17      [\fB-K\fR \fIkey=value\fR] \fIlogin\fR
  18 .fi
  19 
  20 .SH DESCRIPTION
  21 .sp
  22 .LP
  23 The \fBusermod\fR utility modifies a user's login definition on the system. It
  24 changes the definition of the specified login and makes the appropriate
  25 login-related system file and file system changes.
  26 .sp
  27 .LP
  28 The system file entries created with this command have a limit of 512
  29 characters per line. Specifying long arguments to several options might exceed
  30 this limit.
  31 .SH OPTIONS
  32 .sp
  33 .LP
  34 The following options are supported:
  35 .sp
  36 .ne 2
  37 .na
  38 \fB\fB-A\fR \fIauthorization\fR\fR
  39 .ad
  40 .sp .6
  41 .RS 4n
  42 One or more comma separated authorizations as defined in \fBauth_attr\fR(4).
  43 Only a user or role who has \fBgrant\fR rights to the \fBauthorization\fR can
  44 assign it to an account. This replaces any existing authorization setting. If
  45 no authorization list is specified, the existing setting is removed.
  46 .RE
  47 
  48 .sp
  49 .ne 2
  50 .na
  51 \fB\fB-c\fR \fIcomment\fR\fR
  52 .ad


 146 user.
 147 .sp
 148 As a \fBrole\fR account, no roles (\fB-R\fR or \fIroles=value\fR) can be
 149 present.
 150 .RE
 151 
 152 .sp
 153 .ne 2
 154 .na
 155 \fB\fB-l\fR \fInew_logname\fR\fR
 156 .ad
 157 .sp .6
 158 .RS 4n
 159 Specify the new login name for the user. See \fBpasswd\fR(4) for the
 160 requirements for usernames.
 161 .RE
 162 
 163 .sp
 164 .ne 2
 165 .na
 166 \fB\fB-m\fR\fR
 167 .ad
 168 .sp .6
 169 .RS 4n
 170 Move the user's home directory to the new directory specified with the \fB-d\fR
 171 option. If the directory already exists, it must have permissions
 172 read/write/execute by \fIgroup\fR, where \fIgroup\fR is the user's primary
 173 group.









 174 .RE
 175 
 176 .sp
 177 .ne 2
 178 .na
 179 \fB\fB-o\fR\fR
 180 .ad
 181 .sp .6
 182 .RS 4n
 183 This option allows the specified \fBUID\fR to be duplicated (non-unique).
 184 .RE
 185 
 186 .sp
 187 .ne 2
 188 .na
 189 \fB\fB-P\fR \fIprofile\fR\fR
 190 .ad
 191 .sp .6
 192 .RS 4n
 193 One or more comma-separated rights profiles defined in \fBprof_attr\fR(4). This


 216 .RS 4n
 217 Specify the full pathname of the program that is used as the user's shell on
 218 login. The value of \fIshell\fR must be a valid executable file.
 219 .RE
 220 
 221 .sp
 222 .ne 2
 223 .na
 224 \fB\fB-u\fR \fIuid\fR\fR
 225 .ad
 226 .sp .6
 227 .RS 4n
 228 Specify a new \fBUID\fR for the user. It must be a non-negative decimal integer
 229 less than \fBMAXUID\fR as defined in \fB<param.h>\fR\&. The \fBUID\fR
 230 associated with the user's home directory is not modified with this option; a
 231 user will not have access to their home directory until the \fBUID\fR is
 232 manually reassigned using \fBchown\fR(1).
 233 .RE
 234 
 235 .SH OPERANDS
 236 .sp
 237 .LP
 238 The following operands are supported:
 239 .sp
 240 .ne 2
 241 .na
 242 \fB\fBlogin\fR\fR
 243 .ad
 244 .sp .6
 245 .RS 4n
 246 An existing login name to be modified.
 247 .RE
 248 
 249 .SH EXAMPLES
 250 .LP
 251 \fBExample 1 \fRAssigning Privileges to a User
 252 .sp
 253 .LP
 254 The following command adds the privilege that affects high resolution times to
 255 a user's initial, inheritable set of privileges.
 256 


 352 .fi
 353 .in -2
 354 
 355 .LP
 356 \fBExample 5 \fRRemoving All Profiles from a User
 357 .sp
 358 .LP
 359 The following command removes all profiles that were granted to a user
 360 directly. The user will still have any rights profiles that are granted by
 361 means of the \fBPROFS_GRANTED\fR key in \fBpolicy.conf\fR(4).
 362 
 363 .sp
 364 .in +2
 365 .nf
 366 # \fBusermod -P "" jdoe\fR
 367 .fi
 368 .in -2
 369 .sp
 370 
 371 .SH EXIT STATUS
 372 .sp
 373 .LP
 374 In case of an error, \fBusermod\fR prints an error message and exits with one
 375 of the following values:
 376 .sp
 377 .ne 2
 378 .na
 379 \fB\fB2\fR\fR
 380 .ad
 381 .sp .6
 382 .RS 4n
 383 The command syntax was invalid. A usage message for the \fBusermod\fR command
 384 is displayed.
 385 .RE
 386 
 387 .sp
 388 .ne 2
 389 .na
 390 \fB\fB3\fR\fR
 391 .ad
 392 .sp .6


 462 .na
 463 \fB\fB11\fR\fR
 464 .ad
 465 .sp .6
 466 .RS 4n
 467 Insufficient space to move the home directory (\fB-m\fR option). Other update
 468 requests will be implemented.
 469 .RE
 470 
 471 .sp
 472 .ne 2
 473 .na
 474 \fB\fB12\fR\fR
 475 .ad
 476 .sp .6
 477 .RS 4n
 478 Unable to complete the move of the home directory to the new home directory.
 479 .RE
 480 
 481 .SH FILES









 482 .sp
 483 .ne 2
 484 .na
 485 \fB\fB/etc/group\fR\fR
 486 .ad
 487 .sp .6
 488 .RS 4n
 489 system file containing group definitions
 490 .RE
 491 
 492 .sp
 493 .ne 2
 494 .na
 495 \fB\fB/etc/datemsk\fR\fR
 496 .ad
 497 .sp .6
 498 .RS 4n
 499 system file of date formats
 500 .RE
 501 


 513 .ne 2
 514 .na
 515 \fB\fB/etc/shadow\fR\fR
 516 .ad
 517 .sp .6
 518 .RS 4n
 519 system file containing users' encrypted passwords and related information
 520 .RE
 521 
 522 .sp
 523 .ne 2
 524 .na
 525 \fB\fB/etc/user_attr\fR\fR
 526 .ad
 527 .sp .6
 528 .RS 4n
 529 system file containing additional user and role attributes
 530 .RE
 531 
 532 .SH ATTRIBUTES
 533 .sp
 534 .LP
 535 See \fBattributes\fR(5) for descriptions of the following attributes:
 536 .sp
 537 
 538 .sp
 539 .TS
 540 box;
 541 c | c
 542 l | l .
 543 ATTRIBUTE TYPE  ATTRIBUTE VALUE
 544 _
 545 Interface Stability     Committed
 546 .TE
 547 
 548 .SH SEE ALSO
 549 .sp
 550 .LP
 551 \fBchown\fR(1), \fBpasswd\fR(1), \fBusers\fR(1B), \fBgroupadd\fR(1M),
 552 \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBlogins\fR(1M), \fBpwconv\fR(1M),
 553 \fBroleadd\fR(1M), \fBroledel\fR(1M), \fBrolemod\fR(1M), \fBuseradd\fR(1M),
 554 \fBuserdel\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4),
 555 \fBpolicy.conf\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4),
 556 \fBattributes\fR(5)
 557 .SH NOTES
 558 .sp
 559 .LP
 560 The \fBusermod\fR utility modifies \fBpasswd\fR definitions only in the local
 561 \fB/etc/passwd\fR and \fB/etc/shadow\fR files. If a network nameservice such as
 562 \fBNIS\fR or \fBNIS+\fR is being used to supplement the local files with
 563 additional entries, \fBusermod\fR cannot change information supplied by the
 564 network nameservice. However \fBusermod\fR will verify the uniqueness of user
 565 name and user \fBID\fR against the external nameservice.
 566 .sp
 567 .LP
 568 The \fBusermod\fR utility uses the \fB/etc/datemsk\fR file, available with
 569 SUNWaccr, for date formatting.
   1 '\" te
   2 .\" Copyright 1989 AT&T Copyright (c) 2004, 2009, Sun Microsystems, Inc. All Rights Reserved
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH USERMOD 1M "Feb 22, 2008"
   7 .SH NAME
   8 usermod \- modify a user's login information on the system
   9 .SH SYNOPSIS
  10 .LP
  11 .nf
  12 \fBusermod\fR [\fB-u\fR \fIuid\fR [\fB-o\fR]] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [, \fIgroup\fR...]]
  13      [\fB-d\fR \fIdir\fR [\fB-m\fR [\fB-z|-Z\fR]]] [\fB-s\fR \fIshell\fR] [\fB-c\fR \fIcomment\fR] [\fB-l\fR \fInew_name\fR]
  14      [\fB-f\fR \fIinactive\fR] [\fB-e\fR \fIexpire\fR]
  15      [\fB-A\fR \fIauthorization\fR [, \fIauthorization\fR]]
  16      [\fB-P\fR \fIprofile\fR [, \fIprofile\fR]] [\fB-R\fR \fIrole\fR [, \fIrole\fR]]
  17      [\fB-K\fR \fIkey=value\fR] \fIlogin\fR
  18 .fi
  19 
  20 .SH DESCRIPTION

  21 .LP
  22 The \fBusermod\fR utility modifies a user's login definition on the system. It
  23 changes the definition of the specified login and makes the appropriate
  24 login-related system file and file system changes.
  25 .sp
  26 .LP
  27 The system file entries created with this command have a limit of 512
  28 characters per line. Specifying long arguments to several options might exceed
  29 this limit.
  30 .SH OPTIONS

  31 .LP
  32 The following options are supported:
  33 .sp
  34 .ne 2
  35 .na
  36 \fB\fB-A\fR \fIauthorization\fR\fR
  37 .ad
  38 .sp .6
  39 .RS 4n
  40 One or more comma separated authorizations as defined in \fBauth_attr\fR(4).
  41 Only a user or role who has \fBgrant\fR rights to the \fBauthorization\fR can
  42 assign it to an account. This replaces any existing authorization setting. If
  43 no authorization list is specified, the existing setting is removed.
  44 .RE
  45 
  46 .sp
  47 .ne 2
  48 .na
  49 \fB\fB-c\fR \fIcomment\fR\fR
  50 .ad


 144 user.
 145 .sp
 146 As a \fBrole\fR account, no roles (\fB-R\fR or \fIroles=value\fR) can be
 147 present.
 148 .RE
 149 
 150 .sp
 151 .ne 2
 152 .na
 153 \fB\fB-l\fR \fInew_logname\fR\fR
 154 .ad
 155 .sp .6
 156 .RS 4n
 157 Specify the new login name for the user. See \fBpasswd\fR(4) for the
 158 requirements for usernames.
 159 .RE
 160 
 161 .sp
 162 .ne 2
 163 .na
 164 \fB\fB-m\fR\fR [\fB-z|-Z\fR]
 165 .ad
 166 .sp .6
 167 .RS 4n
 168 Move the user's home directory to the new directory specified with the \fB-d\fR
 169 option. If the directory already exists, it must have permissions
 170 read/write/execute by \fIgroup\fR, where \fIgroup\fR is the user's primary
 171 group.
 172 CHANGE_ZFS_FS option in /etc/default/useradd file determines if ZFS filesystem
 173 will be created or destroyed during this action. If this option is set to yes
 174 and parent directory of user's home directory is ZFS filesystem mount point, a
 175 new ZFS filesystem is created. If old user's home directory is a ZFS file system
 176 and CHANGE_ZFS_FS is set to yes, the filesystem will be destroyed.
 177 \fB-z\fB and \fB-Z\fR options allow overwrite default behavior. If \fB-z\fR
 178 option is specified, \fBusermod\fR tries to create new file system and destroy the
 179 old one. If \fB-Z\fR option is specified, new filesystem is not created and the old
 180 one is not destroyed.
 181 .RE
 182 
 183 .sp
 184 .ne 2
 185 .na
 186 \fB\fB-o\fR\fR
 187 .ad
 188 .sp .6
 189 .RS 4n
 190 This option allows the specified \fBUID\fR to be duplicated (non-unique).
 191 .RE
 192 
 193 .sp
 194 .ne 2
 195 .na
 196 \fB\fB-P\fR \fIprofile\fR\fR
 197 .ad
 198 .sp .6
 199 .RS 4n
 200 One or more comma-separated rights profiles defined in \fBprof_attr\fR(4). This


 223 .RS 4n
 224 Specify the full pathname of the program that is used as the user's shell on
 225 login. The value of \fIshell\fR must be a valid executable file.
 226 .RE
 227 
 228 .sp
 229 .ne 2
 230 .na
 231 \fB\fB-u\fR \fIuid\fR\fR
 232 .ad
 233 .sp .6
 234 .RS 4n
 235 Specify a new \fBUID\fR for the user. It must be a non-negative decimal integer
 236 less than \fBMAXUID\fR as defined in \fB<param.h>\fR\&. The \fBUID\fR
 237 associated with the user's home directory is not modified with this option; a
 238 user will not have access to their home directory until the \fBUID\fR is
 239 manually reassigned using \fBchown\fR(1).
 240 .RE
 241 
 242 .SH OPERANDS

 243 .LP
 244 The following operands are supported:
 245 .sp
 246 .ne 2
 247 .na
 248 \fB\fBlogin\fR\fR
 249 .ad
 250 .sp .6
 251 .RS 4n
 252 An existing login name to be modified.
 253 .RE
 254 
 255 .SH EXAMPLES
 256 .LP
 257 \fBExample 1 \fRAssigning Privileges to a User
 258 .sp
 259 .LP
 260 The following command adds the privilege that affects high resolution times to
 261 a user's initial, inheritable set of privileges.
 262 


 358 .fi
 359 .in -2
 360 
 361 .LP
 362 \fBExample 5 \fRRemoving All Profiles from a User
 363 .sp
 364 .LP
 365 The following command removes all profiles that were granted to a user
 366 directly. The user will still have any rights profiles that are granted by
 367 means of the \fBPROFS_GRANTED\fR key in \fBpolicy.conf\fR(4).
 368 
 369 .sp
 370 .in +2
 371 .nf
 372 # \fBusermod -P "" jdoe\fR
 373 .fi
 374 .in -2
 375 .sp
 376 
 377 .SH EXIT STATUS

 378 .LP
 379 In case of an error, \fBusermod\fR prints an error message and exits with one
 380 of the following values:
 381 .sp
 382 .ne 2
 383 .na
 384 \fB\fB2\fR\fR
 385 .ad
 386 .sp .6
 387 .RS 4n
 388 The command syntax was invalid. A usage message for the \fBusermod\fR command
 389 is displayed.
 390 .RE
 391 
 392 .sp
 393 .ne 2
 394 .na
 395 \fB\fB3\fR\fR
 396 .ad
 397 .sp .6


 467 .na
 468 \fB\fB11\fR\fR
 469 .ad
 470 .sp .6
 471 .RS 4n
 472 Insufficient space to move the home directory (\fB-m\fR option). Other update
 473 requests will be implemented.
 474 .RE
 475 
 476 .sp
 477 .ne 2
 478 .na
 479 \fB\fB12\fR\fR
 480 .ad
 481 .sp .6
 482 .RS 4n
 483 Unable to complete the move of the home directory to the new home directory.
 484 .RE
 485 
 486 .SH FILES
 487 .ne 2
 488 .na
 489 \fB\fB/etc/default/useradd\fR\fR
 490 .ad
 491 .sp .6
 492 .RS 4n
 493 useradd, usermod and userdel configuration file
 494 .RE
 495 
 496 .sp
 497 .ne 2
 498 .na
 499 \fB\fB/etc/group\fR\fR
 500 .ad
 501 .sp .6
 502 .RS 4n
 503 system file containing group definitions
 504 .RE
 505 
 506 .sp
 507 .ne 2
 508 .na
 509 \fB\fB/etc/datemsk\fR\fR
 510 .ad
 511 .sp .6
 512 .RS 4n
 513 system file of date formats
 514 .RE
 515 


 527 .ne 2
 528 .na
 529 \fB\fB/etc/shadow\fR\fR
 530 .ad
 531 .sp .6
 532 .RS 4n
 533 system file containing users' encrypted passwords and related information
 534 .RE
 535 
 536 .sp
 537 .ne 2
 538 .na
 539 \fB\fB/etc/user_attr\fR\fR
 540 .ad
 541 .sp .6
 542 .RS 4n
 543 system file containing additional user and role attributes
 544 .RE
 545 
 546 .SH ATTRIBUTES

 547 .LP
 548 See \fBattributes\fR(5) for descriptions of the following attributes:
 549 .sp
 550 
 551 .sp
 552 .TS
 553 box;
 554 c | c
 555 l | l .
 556 ATTRIBUTE TYPE  ATTRIBUTE VALUE
 557 _
 558 Interface Stability     Committed
 559 .TE
 560 
 561 .SH SEE ALSO

 562 .LP
 563 \fBchown\fR(1), \fBpasswd\fR(1), \fBusers\fR(1B), \fBgroupadd\fR(1M),
 564 \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBlogins\fR(1M), \fBpwconv\fR(1M),
 565 \fBroleadd\fR(1M), \fBroledel\fR(1M), \fBrolemod\fR(1M), \fBuseradd\fR(1M),
 566 \fBuserdel\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4),
 567 \fBpolicy.conf\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4),
 568 \fBattributes\fR(5)
 569 .SH NOTES

 570 .LP
 571 The \fBusermod\fR utility modifies \fBpasswd\fR definitions only in the local
 572 \fB/etc/passwd\fR and \fB/etc/shadow\fR files. If a network nameservice such as
 573 \fBNIS\fR or \fBNIS+\fR is being used to supplement the local files with
 574 additional entries, \fBusermod\fR cannot change information supplied by the
 575 network nameservice. However \fBusermod\fR will verify the uniqueness of user
 576 name and user \fBID\fR against the external nameservice.
 577 .sp
 578 .LP
 579 The \fBusermod\fR utility uses the \fB/etc/datemsk\fR file, available with
 580 SUNWaccr, for date formatting.