Solaris man マニュアル
System Administration Commands                        useradd(1M)

NAME
     useradd - administer a new user login on the system

SYNOPSIS
     useradd [-c comment] [-d dir] [-e expire]  [-f inactive]  [-
     g group]  [  -G group  [  , group...]] [ -m [-k skel_dir]] [
     -u uid  [-o]]  [-s shell]  [-A  authorization   [,authoriza-
     tion...]]  [-P profile  [,profile...]] [-R role  [,role...]]
     [-p projname] [-K key=value] login

     useradd  -D  [-b base_dir]  [-e expire]   [-f inactive]   [-
     g group] [-A authorization  [,authorization...]] [-P profile
     [,profile...]]  [-R  role   [,role...]]  [-p  projname]  [-K
     key=value]

DESCRIPTION
     useradd adds a new user to the /etc/passwd  and  /etc/shadow
     and /etc/user_attr files. The -A and -P options respectively
     assign authorizations and  profiles  to  the  user.  The  -R
     option  assigns  roles to a user. The -p option associates a
     project with a user. The -K option adds a key=value pair  to
     /etc/user_attr  for  the user.  Multiple key=value pairs may
     be added with multiple -K options.

     useradd also creates supplementary group memberships for the
     user  (-G option) and creates the home directory (-m option)
     for the user if requested.  The  new  login  remains  locked
     until the passwd(1) command is executed.

     Specifying useradd -D with the -g, -b, -f, -e, -A,  -P,  -p,
     -R,  or -K option (or any combination of these options) sets
     the default values for the respective  fields.  See  the  -D
     option,  below.  Subsequent  useradd commands without the -D
     option use these arguments.

     The system file entries created with  this  command  have  a
     limit  of 512 characters per line. Specifying long arguments
     to several options can exceed this limit.

     The login (login) and role (role) fields accept a string  of
     no  more  than eight bytes consisting of characters from the
     set of alphabetic  characters,  numeric  characters,  period
     (.),  underscore  (_),  and hyphen (-).  The first character
     should be alphabetic and the field should contain  at  least
     one  lower case alphabetic character. A warning message will
     be written if these  restrictions  are  not  met.  A  future
     Solaris  release  may refuse to accept login and role fields
     that do not meet these requirements.

     The login and role fields must contain at least one  charac-
     ter and must not contain a colon (:)  or a newline (\n).



OPTIONS
     The following options are supported:

     -A authorization        One or more comma separated authori-
                             zations   defined  in  auth_attr(4).
                             Only a user or role  who  has  grant
                             rights   to  the  authorization  can
                             assign it to an account.



     -b base_dir             The default base directory  for  the
                             system  if  -d dir is not specified.
                             base_dir is  concatenated  with  the
                             account  name  to  define  the  home
                             directory. If the -m option  is  not
                             used, base_dir must exist.



     -c comment              Any text string. It is  generally  a
                             short  description of the login, and
                             is currently used as the  field  for
                             the  user's full name. This informa-
                             tion  is  stored   in   the   user's
                             /etc/passwd entry.



     -d dir                  The home directory of the new  user.
                             It            defaults            to
                             base_dir/account_name,         where
                             base_dir  is  the base directory for
                             new  login  home   directories   and
                             account_name is the new login name.



     -D                      Display  the  default   values   for
                             group,  base_dir,  skel_dir,  shell,
                             inactive,  expire,  proj,   projname
                             and  key=value pairs. When used with
                             the -g, -b, -f, -e, -A, -P, -p,  -R,
                             or  -K  options,  the -D option sets
                             the default values for the specified
                             fields. The default values are:


                             group           other (GID of 1)



                             base_dir        /home



                             skel_dir        /etc/skel



                             shell           /bin/sh



                             inactive        0



                             expire          null



                             auths           null



                             profiles        null



                             proj            3



                             projname        default



                             key=value    (panot presentned    in
                             user_attr(4)


                             roles           null



     -e expire               Specify the expiration  date  for  a
                             login. After this date, no user will
                             be able to access  this  login.  The
                             expire  option  argument  is  a date
                             entered using one of the  date  for-
                             mats  included  in the template file
                             /etc/datemsk. See getdate(3C).
                             If the date format that  you  choose
                             includes  spaces, it must be quoted.
                             For example, you can  enter  10/6/90
                             or  "October  6, 1990". A null value
                             (" ")  defeats  the  status  of  the
                             expired  date. This option is useful
                             for creating temporary logins.



     -f inactive             The maximum number of  days  allowed
                             between  uses  of  a login ID before
                             that ID is declared invalid.  Normal
                             values   are  positive  integers.  A
                             value of  0 defeats the status.



     -g group                An existing group's  integer  ID  or
                             character-string  name.  Without the
                             -D option, it defines the new user's
                             primary    group    membership   and
                             defaults to the default  group.  You
                             can  reset  this  default  value  by
                             invoking useradd -D -g group.



     -G group                An existing group's  integer  ID  or
                             character-string  name.  It  defines
                             the new user's  supplementary  group
                             membership. Duplicates between group
                             with  the  -g  and  -G  options  are
                             ignored.  No  more  than NGROUPS_MAX
                             groups can be specified.



     -K key=value            A  key=value  pair  to  add  to  the
                             user's   attributes.   Multiple   -K
                             options may be used to add  multiple
                             key=value  pairs.   The  generic  -K
                             option with the appropriate key  may
                             be  used  instead  of  the  specific
                             implied key  options  (-A,  -P,  -R,
                             -p).  See user_attr(4) for a list of
                             valid key=value pairs.   The  "type"
                             key  is  not  a  valid  key for this
                             option. Keys may not be repeated.



     -k skel_dir             A directory that  contains  skeleton
                             information  (such as .profile) that
                             can be copied into a new user's home
                             directory.   This   directory   must
                             already exist. The  system  provides
                             the  /etc/skel directory that can be
                             used for this purpose.



     -m                      Create the new user's home directory
                             if it does not already exist. If the
                             directory already  exists,  it  must
                             have  read,  write, and execute per-
                             missions by group,  where  group  is
                             the user's primary group.



     -o                      This  option  allows  a  UID  to  be
                             duplicated (non-unique).



     -P profile              One or more  comma-separated  execu-
                             tion     profiles     defined     in
                             prof_attr(4).



     -p projname             Name of the project with  which  the
                             added  user  is associated.  See the
                             projname field as  defined  in  pro-
                             ject(4).



     -R role                 One or more  comma-separated  execu-
                             tion     profiles     defined     in
                             user_attr(4).    Roles   cannot   be
                             assigned to other roles.



     -s shell                Full pathname of the program used as
                             the   user's  shell  on  login.   It
                             defaults to an empty  field  causing
                             the  system  to  use  /bin/sh as the
                             default. The value of shell must  be
                             a valid executable file.



     -u uid                  The UID of the new  user.  This  UID
                             must   be   a  non-negative  decimal
                             integer below MAXUID as  defined  in
                             <sys/param.h>.  The  UID defaults to
                             the next available  (unique)  number
                             above  the  highest number currently
                             assigned. For example, if UIDs  100,
                             105,  and 200 are assigned, the next
                             default  UID  number  will  be  201.
                             (UIDs  from  0-99  are  reserved for
                             possible  use  in  future   applica-
                             tions.)



FILES
     /etc/datemsk

     /etc/passwd

     /etc/shadow

     /etc/group

     /etc/skel

     /usr/include/limits.h

     /etc/user_attr

ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:

     ____________________________________________________________
   |        ATTRIBUTE TYPE       |        ATTRIBUTE VALUE      |
   | ____________________________|_____________________________|_
   |  Availability               |  SUNWcsu                    |
   | ____________________________|_____________________________|_
   |  Interface Stability        |  Evolving                   |
   |_____________________________|_____________________________|


SEE ALSO
     passwd(1), profiles(1), roles(1),  users(1B),  groupadd(1M),
     groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M),
     userdel(1M),   usermod(1M),    getdate(3C),    auth_attr(4),
     passwd(4),  prof_attr(4),  project(4),  user_attr(4), attri-
     butes(5)

DIAGNOSTICS

    In case of an error, useradd prints  an  error  message  and
     exits with a non-zero status.

     The following indicates that login specified is  already  in
     use:

     UX: useradd: ERROR: login is already in use. Choose another.

     The following indicates that the uid specified with  the  -u
     option is not unique:

     UX: useradd: ERROR: uid uid is already in use. Choose another.

     The following indicates that the group specified with the -g
     option is already in use:

     UX: useradd: ERROR: group group does not exist. Choose another.

     The following indicates that the uid specified with  the  -u
     option is in the range of reserved UIDs (from 0-99):

     UX: useradd: WARNING: uid uid is reserved.

     The following indicates that the uid specified with  the  -u
     option exceeds MAXUID as defined in <sys/param.h>:

     UX: useradd: ERROR: uid uid is too big. Choose another.

     The following indicates that the /etc/passwd or  /etc/shadow
     files do not exist:

     UX: useradd: ERROR: Cannot update system files - login cannot be created.

NOTES
     The useradd utility  adds  definitions  to  only  the  local
     /etc/group,     etc/passwd,     /etc/passwd,    /etc/shadow,
     /etc/project, and /etc/user_attr files. If  a  network  name
     service  such as NIS or NIS+ is being used to supplement the
     local /etc/passwd file with additional entries, useradd can-
     not change information supplied by the network name service.
     However useradd will verify the uniqueness of the user  name
     (or  role)  and user id and the existence of any group names
     specified against the external name service.