Maintenance Commands useradd(1M) NAME useradd, roleadd - administer a new user or role account on the system | SYNOPSIS useradd [ -c comment ] [ -d dir ] [ -e expire ] [ -f inactive ] [ -g group ] [ -G group [, group...]] [ -m [ -k skel_dir ]] [ -u uid [ -o]] [ -s shell ] [ -A authorization [, authorization ...]] | [ -P profile [, profile ...]] | [ -R role [, role ...]] login | useradd -D [ -b base_dir ] [ -e expire ] [ -f inactive ] [ -g group ] [ -A authorization [, authorization ...]] | [ -P profile [, profile ...]] | [ -R role [, role ...]] | roleadd [ -c comment ] [ -d dir ] [ -e expire ] | [ -f inactive ] [ -g group ] [ -G group [, group ...]] | [ -m [ -k skel_dir ]] | [ -u uid [ -o]] [ -s shell ] | [ -A authorization [, authorization ...]] | [ -P profile [, profile ...]] role | roleadd -D [ -b base_dir ] [ -e expire ] [ -f inactive ] | [ -g group ] [ -A authorization [, authorization ...]] | [ -P profile [, profile ...]] | DESCRIPTION useradd adds a new user or role entry to the /etc/passwd, | /etc/shadow, and /etc/user_attr files. The -A and -P options | respectively assign authorizations and profiles to the user or | role. The -R option assigns roles to a user; note that roles | cannot be assigned to other roles. | It also creates supplementary group memberships (-G option) for | the user or role and creates the home directory (-m option) | for the user or role if requested. The new account remains locked | until the passwd(1) command is executed. Specifying useradd -D with the -g, -b, -f, -e, -A, -P, or | -R (useradd only) options (or any combination of these) sets | the default values for the respective fields. See the -D option below. Subsequent useradd and roleadd commands without the -D option use these | arguments. The system file entries created with this command have a limit of 512 characters per line. Specifying long arguments to several options may exceed this limit. The login field (login) and role field (role) accept | a string of no more than eight bytes | consisting of characters from the set of alphabetic charac- ters, numeric characters, period (.), underscore (_), and hypen (-). The first character should be alphabetic and the field should contain at least one lower case alphabetic character. A warning message will be written if these res- trictions are not met. A future Solaris release may refuse to accept login and role fields that do not meet these requirements. | Both fields must contain at least one character and must | not contain a colon (:) or a newline (\n). OPTIONS -c comment Any text string. It is generally a short description of the login or role, and is currently used | as the field for the user's full name. This information is stored in the user's /etc/passwd entry. -d dir The home directory of the new user or role. It defaults | to base_dir/account_name, where base_dir is the base | directory for new login home directories and account_name is the new login or role name. | -e expire Specify the expiration date for a login or role. After | this date, no user or role will be able to access this | login. expire is a date entered in any format you like (except a Julian date). If the date format that you choose includes spaces, it must be quoted. For example, you may enter 10/6/90 or "October 6, 1990". A null value (" ") defeats the status of the expired date. This option is useful for creating temporary logins or roles. | -f inactive The maximum number of days allowed between uses of a login or role ID before that ID is declared | invalid. Normal values are positive integers. A value of 0 defeats the status. -g group An existing group's integer ID or character- string name. Without the -D option, it defines the new user's or role's primary group membership and | defaults to the default group. You can reset this default value by invoking useradd -D -g group. -G group An existing group's integer ID or character- string name. It defines the new user's or role's | supplementary group membership. Duplicates between group with the -g and -G options are ignored. No more than NGROUPS_MAX groups may be speci- fied. -A authorization | One or more comma separated authorizations | defined in auth_attr(4). Only a user or role who has | "grant" rights to the "authorization" may assign | it to an account. | -P profile One or more comma-separated execution profiles | defined in prof_attr(4). | -R role One or more comma-separated role names defined in | user_attr(4). Roles may not be assigned to other roles. | -k skel_dir A directory that contains skeleton information (such as .profile) that can be copied into a new user's or role's home directory. This directory must | already exist. The system provides the /etc/skel directory that can be used for this purpose. -m Create the new user's or role's home directory if it | does not already exist. If the directory already exists, it must have read, write, and execute permissions by group, where group is the user's or role's primary group. | -s shell Full pathname of the program used as the user's or role's | shell on login. It defaults to an empty field causing the system to use /bin/sh as the default. The value of shell must be a valid executable file. -u uid The UID of the new user or role. This UID must be a | non-negative decimal integer below MAXUID as defined in . The UID defaults to the next available (unique) number above the highest number currently assigned. For example, if UIDs 100, 105, and 200 are assigned, the next default UID number will be 201. (UIDs from 0-99 are reserved by SunOS for future applications.) -o This option allows a UID to be duplicated (non- unique). -D Display the default values for group, base_dir, skel_dir, shell, inactive, and expire. When used with the -g, -b, -f, -e, -A, -P, or -R (useradd only) | options, the -D option sets the default values for the specified fields. The default values are: group other (GID of 1) base_dir /home skel_dir /etc/skel shell /bin/sh inactive 0 expire Null (unset). auths Null | profiles All | roles Null | -b base_dir The default base directory for the system if -d dir is not specified. base_dir is concatenated with the account name to define the home direc- | tory. If the -m option is not used, base_dir must exist. FILES /etc/passwd system password file /etc/shadow system file containing user's or role's encrypted | passwords and related information /etc/group system file containing group definitions /etc/user_attr system file containing additional user and role | attributes. | /etc/datemsk system file of date formats /etc/skel /usr/include/limits.h ATTRIBUTES See attributes(5) for descriptions of the following attri- butes: __________________________________ | ATTRIBUTE TYPE| ATTRIBUTE VALUE| |__________________________________ | Availability | SUNWcsu | |_______________|_________________| SEE ALSO passwd(1), users(1B), groupadd(1M), groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M), userdel(1M), usermod(1M), passwd(4), attributes(5) roles(1), profiles(1), auths(1), auth_attr(4), user_attr(4), | prof_attr(4) | DIAGNOSTICS In case of an error, useradd prints an error message and exits with a non-zero status. NOTES The useradd and roleadd utilities add definitions only in the local | /etc/group, /etc/passwd, /etc/shadow and /etc/user_attr files. | If a network nameservice such as NIS or NIS+ is being used to supplement the local files with additional entries, useradd and roleadd | cannot change information supplied by the network nameservice. However useradd and roleadd will verify the uniqueness of user name | (or role) and user ID against the external nameservice. | The useradd utility uses the /etc/datemsk file, available with SUNWaccr, for date formatting.