System Administration Commands rolemod(1M)
NAME
rolemod - modify a role's login information on the system
SYNOPSIS
rolemod [-u uid [-o] [-g group] [-G group [, group...]
[-d dir [-m] [-s shell] [-c comment] [-l newname]
[-f inactive] [-e expire]
[-A authorization [, authorization]
[-P profile [, profile] [-K key=value] role
DESCRIPTION
The rolemod utility modifies a role's login information on
the system. It changes the definition of the specified login
and makes the appropriate login-related system file and file
system changes.
The system file entries created with this command have a
limit of 512 characters per line. Specifying long arguments
to several options may exceed this limit.
OPTIONS
The following options are supported:
-A authorization
One or more comma separated authorizations as deined in
authattr(4). Only role with grant rights to the author-
ization can assign it to an account. This replaces any
existing authorization setting. If no authorization list
is specified, the existing setting is removed.
-c comment
Specify a comment string. comment can be any text
string. It is generally a short description of the
login, and is currently used as the field for the user's
full name. This information is stored in the user's
/etc/passwd entry.
-d dir
Specify the new home directory of the role. It defaults
to basedir/login, where basedir is the base directory
for new login home directories, and login is the new
login.
SunOS 5.11 Last change: 10 Dec 2008 1
System Administration Commands rolemod(1M)
-e expire
Specify the expiration date for a role. After this date,
no role will be able to access this login. The expire
option argument is a date entered using one of the date
formats included in the template file /etc/datemsk. See
getdate(3C).
For example, you may enter 10/6/90 or October 6, 1990. A
value of `` '' defeats the status of the expired date.
-f inactive
Specify the maximum number of days allowed between uses
of a login ID before that login ID is declared invalid.
Normal values are positive integers. A value of 0
defeats the status.
-g group
Specify an existing group's integer ID or character-
string name. It redefines the role's primary group
membership.
-G group
Specify an existing group's integer ID or character
string name. It redefines the role's supplementary group
membership. Duplicates between group with the -g and -G
options are ignored. No more than NGROUPSUMAX groups
may be specified as defined in .
-K key=value
Replace existing or add to a role's key=value pair
attributes. Multiple -K options can be used to replace
or add multiple key=value pairs. However, keys must not
be repeated. The generic -K option with the appropriate
key may be used instead of the specific implied key
options (-A and -P). See userattr(4) for a list of
valid key=value pairs.
The keyword type can be specified with the value role or
the value normal. When using the value normal, the
account changes from a role user to a normal user; using
the value role keeps the account a role user.
SunOS 5.11 Last change: 10 Dec 2008 2
System Administration Commands rolemod(1M)
-l newlogname
Specify the new login name for the role. The newlogname
argument is a string no more than eight bytes consisting
of characters from the set of alphabetic characters,
numeric characters, period (.), underline (), and hypen
(-). The first character should be alphabetic and the
field should contain at least one lower case alphabetic
character. A warning message will be written if these
restrictions are not met. A future Solaris release may
refuse to accept login fields that do not meet these
requirements. The newlogname argument must contain at
least one character and must not contain a colon (:) or
NEWLINE (\n).
-m
Move the role's home directory to the new directory
specified with the -d option. If the directory already
exists, it must have permissions read/write/execute by
group, where group is the role's primary group.
-o
This option allows the specified UID to be duplicated
(non-unique).
-P profile
One or more comma-separated execution profiles defined
in authattr(4). This replaces any existing profile set-
ting. If no profile list is specified, the existing set-
ting is removed.
-s shell
Specify the full pathname of the program that is used as
the role's shell on login. The value of shell must be a
valid executable file.
-u uid
Specify a new UID for the role. It must be a non-
negative decimal integer less than MAXUID as defined in
. The UID associated with the role's home
directory is not modified with this option; a role will
not have access to their home directory until the UID is
SunOS 5.11 Last change: 10 Dec 2008 3
System Administration Commands rolemod(1M)
manually reassigned using chown(1).
OPERANDS
The following operands are supported:
login
An existing login name to be modified.
EXIT STATUS
In case of an error, rolemod prints an error message and
exits with one of the following values:
2
The command syntax was invalid. A usage message for the
rolemod command is displayed.
3
An invalid argument was provided to an option.
4
The uid given with the -u option is already in use.
5
The password files contain an error. pwconv(1M) can be
used to correct possible errors. See passwd(4).
6
The login to be modified does not exist, the group does
not exist, or the login shell does not exist.
8
The login to be modified is in use.
9
The newlogname is already in use.
SunOS 5.11 Last change: 10 Dec 2008 4
System Administration Commands rolemod(1M)
10
Cannot update the /etc/group or /etc/userattr file.
Other update requests will be implemented.
11
Insufficient space to move the home directory (-m
option). Other update requests will be implemented.
12
Unable to complete the move of the home directory to the
new home directory.
FILES
/etc/group
system file containing group definitions
/etc/datemsk
system file of date formats
/etc/passwd
system password file
/etc/shadow
system file containing users' and roles' encrypted pass-
words and related information
/etc/userattr
system file containing additional user and role attri-
butes
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 10 Dec 2008 5
System Administration Commands rolemod(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWcsu
Interface Stability Evolving
SEE ALSO
chown(1), passwd(1), users(1B), groupadd(1M), groupdel(1M),
groupmod(1M), logins(1M), pwconv(1M), roleadd(1M),
roledel(1M), useradd(1M), userdel(1M), usermod(1M),
getdate(3C), authattr(4), passwd(4), attributes(5)
SunOS 5.11 Last change: 10 Dec 2008 6
|
