System Administration Commands useradd(1M)
NAME
useradd - administer a new user login on the system
SYNOPSIS
useradd [-c comment] [-d dir] [-e expire] [-f inactive] [-
g group] [ -G group [ , group...]] [ -m [-k skel_dir]] [
-u uid [-o]] [-s shell] [-A authorization [,authoriza-
tion...]] [-P profile [,profile...]] [-R role [,role...]]
[-p projname] [-K key=value] login
useradd -D [-b base_dir] [-e expire] [-f inactive] [-
g group] [-A authorization [,authorization...]] [-P profile
[,profile...]] [-R role [,role...]] [-p projname] [-K
key=value]
DESCRIPTION
useradd adds a new user to the /etc/passwd and /etc/shadow
and /etc/user_attr files. The -A and -P options respectively
assign authorizations and profiles to the user. The -R
option assigns roles to a user. The -p option associates a
project with a user. The -K option adds a key=value pair to
/etc/user_attr for the user. Multiple key=value pairs may
be added with multiple -K options.
useradd also creates supplementary group memberships for the
user (-G option) and creates the home directory (-m option)
for the user if requested. The new login remains locked
until the passwd(1) command is executed.
Specifying useradd -D with the -g, -b, -f, -e, -A, -P, -p,
-R, or -K option (or any combination of these options) sets
the default values for the respective fields. See the -D
option, below. Subsequent useradd commands without the -D
option use these arguments.
The system file entries created with this command have a
limit of 512 characters per line. Specifying long arguments
to several options can exceed this limit.
The login (login) and role (role) fields accept a string of
no more than eight bytes consisting of characters from the
set of alphabetic characters, numeric characters, period
(.), underscore (_), and hyphen (-). The first character
should be alphabetic and the field should contain at least
one lower case alphabetic character. A warning message will
be written if these restrictions are not met. A future
Solaris release may refuse to accept login and role fields
that do not meet these requirements.
The login and role fields must contain at least one charac-
ter and must not contain a colon (:) or a newline (\n).
OPTIONS
The following options are supported:
-A authorization One or more comma separated authori-
zations defined in auth_attr(4).
Only a user or role who has grant
rights to the authorization can
assign it to an account.
-b base_dir The default base directory for the
system if -d dir is not specified.
base_dir is concatenated with the
account name to define the home
directory. If the -m option is not
used, base_dir must exist.
-c comment Any text string. It is generally a
short description of the login, and
is currently used as the field for
the user's full name. This informa-
tion is stored in the user's
/etc/passwd entry.
-d dir The home directory of the new user.
It defaults to
base_dir/account_name, where
base_dir is the base directory for
new login home directories and
account_name is the new login name.
-D Display the default values for
group, base_dir, skel_dir, shell,
inactive, expire, proj, projname
and key=value pairs. When used with
the -g, -b, -f, -e, -A, -P, -p, -R,
or -K options, the -D option sets
the default values for the specified
fields. The default values are:
group other (GID of 1)
base_dir /home
skel_dir /etc/skel
shell /bin/sh
inactive 0
expire null
auths null
profiles null
proj 3
projname default
key=value (panot presentned in
user_attr(4)
roles null
-e expire Specify the expiration date for a
login. After this date, no user will
be able to access this login. The
expire option argument is a date
entered using one of the date for-
mats included in the template file
/etc/datemsk. See getdate(3C).
If the date format that you choose
includes spaces, it must be quoted.
For example, you can enter 10/6/90
or "October 6, 1990". A null value
(" ") defeats the status of the
expired date. This option is useful
for creating temporary logins.
-f inactive The maximum number of days allowed
between uses of a login ID before
that ID is declared invalid. Normal
values are positive integers. A
value of 0 defeats the status.
-g group An existing group's integer ID or
character-string name. Without the
-D option, it defines the new user's
primary group membership and
defaults to the default group. You
can reset this default value by
invoking useradd -D -g group.
-G group An existing group's integer ID or
character-string name. It defines
the new user's supplementary group
membership. Duplicates between group
with the -g and -G options are
ignored. No more than NGROUPS_MAX
groups can be specified.
-K key=value A key=value pair to add to the
user's attributes. Multiple -K
options may be used to add multiple
key=value pairs. The generic -K
option with the appropriate key may
be used instead of the specific
implied key options (-A, -P, -R,
-p). See user_attr(4) for a list of
valid key=value pairs. The "type"
key is not a valid key for this
option. Keys may not be repeated.
-k skel_dir A directory that contains skeleton
information (such as .profile) that
can be copied into a new user's home
directory. This directory must
already exist. The system provides
the /etc/skel directory that can be
used for this purpose.
-m Create the new user's home directory
if it does not already exist. If the
directory already exists, it must
have read, write, and execute per-
missions by group, where group is
the user's primary group.
-o This option allows a UID to be
duplicated (non-unique).
-P profile One or more comma-separated execu-
tion profiles defined in
prof_attr(4).
-p projname Name of the project with which the
added user is associated. See the
projname field as defined in pro-
ject(4).
-R role One or more comma-separated execu-
tion profiles defined in
user_attr(4). Roles cannot be
assigned to other roles.
-s shell Full pathname of the program used as
the user's shell on login. It
defaults to an empty field causing
the system to use /bin/sh as the
default. The value of shell must be
a valid executable file.
-u uid The UID of the new user. This UID
must be a non-negative decimal
integer below MAXUID as defined in
<sys/param.h>. The UID defaults to
the next available (unique) number
above the highest number currently
assigned. For example, if UIDs 100,
105, and 200 are assigned, the next
default UID number will be 201.
(UIDs from 0-99 are reserved for
possible use in future applica-
tions.)
FILES
/etc/datemsk
/etc/passwd
/etc/shadow
/etc/group
/etc/skel
/usr/include/limits.h
/etc/user_attr
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| ____________________________|_____________________________|_
| Availability | SUNWcsu |
| ____________________________|_____________________________|_
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
passwd(1), profiles(1), roles(1), users(1B), groupadd(1M),
groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M),
userdel(1M), usermod(1M), getdate(3C), auth_attr(4),
passwd(4), prof_attr(4), project(4), user_attr(4), attri-
butes(5)
DIAGNOSTICS
In case of an error, useradd prints an error message and
exits with a non-zero status.
The following indicates that login specified is already in
use:
UX: useradd: ERROR: login is already in use. Choose another.
The following indicates that the uid specified with the -u
option is not unique:
UX: useradd: ERROR: uid uid is already in use. Choose another.
The following indicates that the group specified with the -g
option is already in use:
UX: useradd: ERROR: group group does not exist. Choose another.
The following indicates that the uid specified with the -u
option is in the range of reserved UIDs (from 0-99):
UX: useradd: WARNING: uid uid is reserved.
The following indicates that the uid specified with the -u
option exceeds MAXUID as defined in <sys/param.h>:
UX: useradd: ERROR: uid uid is too big. Choose another.
The following indicates that the /etc/passwd or /etc/shadow
files do not exist:
UX: useradd: ERROR: Cannot update system files - login cannot be created.
NOTES
The useradd utility adds definitions to only the local
/etc/group, etc/passwd, /etc/passwd, /etc/shadow,
/etc/project, and /etc/user_attr files. If a network name
service such as NIS or NIS+ is being used to supplement the
local /etc/passwd file with additional entries, useradd can-
not change information supplied by the network name service.
However useradd will verify the uniqueness of the user name
(or role) and user id and the existence of any group names
specified against the external name service.
|
|