Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎


     rolemod - modify a role's login information on the system

     rolemod [-u uid [-o]] [-g group] [-G group [, group...]]
          [-d dir [-m]] [-s shell] [-c comment] [-l new_name]
          [-f inactive] [-e expire]
          [-A authorization [, authorization]]
          [-P profile [, profile]] [-K key=value] role

     The rolemod utility modifies a role's login  information  on
     the system. It changes the definition of the specified login
     and makes the appropriate login-related system file and file
     system changes.

     The system file entries created with  this  command  have  a
     limit  of 512 characters per line. Specifying long arguments
     to several options may exceed this limit.

     The following options are supported:

     -A authorization

         One or more comma separated authorizations as deined  in
         auth_attr(4). Only role with grant rights to the author-
         ization can assign it to an account. This  replaces  any
         existing authorization setting. If no authorization list
         is specified, the existing setting is removed.

     -c comment

         Specify a  comment  string.  comment  can  be  any  text
         string.  It  is  generally  a  short  description of the
         login, and is currently used as the field for the user's
         full  name.  This  information  is  stored in the user's
         /etc/passwd entry.

     -d dir

         Specify the new home directory of the role. It  defaults
         to  base_dir/login, where base_dir is the base directory
         for new login home directories, and  login  is  the  new

     -e expire

         Specify the expiration date for a role. After this date,
         no  role  will  be able to access this login. The expire
         option argument is a date entered using one of the  date
         formats  included in the template file /etc/datemsk. See

         For example, you may enter 10/6/90 or October 6, 1990. A
         value of `` '' defeats the status of the expired date.

     -f inactive

         Specify the maximum number of days allowed between  uses
         of  a login ID before that login ID is declared invalid.
         Normal values  are  positive  integers.  A  value  of  0
         defeats the status.

     -g group

         Specify an existing group's  integer  ID  or  character-
         string  name.  It  redefines  the  role's  primary group

     -G group

         Specify an existing  group's  integer  ID  or  character
         string name. It redefines the role's supplementary group
         membership. Duplicates between group with the -g and  -G
         options  are  ignored.  No more than NGROUPS_UMAX groups
         may be specified as defined in <param.h>.

     -K key=value

         Replace existing or  add  to  a  role's  key=value  pair
         attributes.  Multiple  -K options can be used to replace
         or add multiple key=value pairs. However, keys must  not
         be  repeated. The generic -K option with the appropriate
         key may be used instead  of  the  specific  implied  key
         options  (-A  and  -P).  See  user_attr(4) for a list of
         valid key=value pairs.

         The keyword type can be specified with the value role or
         the  value  normal.  When  using  the  value normal, the
         account changes from a role user to a normal user; using
         the value role keeps the account a role user.

     -l new_logname

         Specify the new login name for the role. The new_logname
         argument is a string no more than eight bytes consisting
         of characters from the  set  of  alphabetic  characters,
         numeric characters, period (.), underline (_), and hypen
         (-). The first character should be  alphabetic  and  the
         field  should contain at least one lower case alphabetic
         character. A warning message will be  written  if  these
         restrictions  are  not met. A future Solaris release may
         refuse to accept login fields that  do  not  meet  these
         requirements.  The  new_logname argument must contain at
         least one character and must not contain a colon (:)  or
         NEWLINE (\n).


         Move the role's home  directory  to  the  new  directory
         specified  with  the -d option. If the directory already
         exists, it must have permissions  read/write/execute  by
         group, where group is the role's primary group.


         This option allows the specified UID  to  be  duplicated

     -P profile

         One or more comma-separated execution  profiles  defined
         in auth_attr(4). This replaces any existing profile set-
         ting. If no profile list is specified, the existing set-
         ting is removed.

     -s shell

         Specify the full pathname of the program that is used as
         the  role's shell on login. The value of shell must be a
         valid executable file.

     -u uid

         Specify a new UID for  the  role.  It  must  be  a  non-
         negative  decimal integer less than MAXUID as defined in
         <param.h>. The  UID  associated  with  the  role's  home
         directory  is not modified with this option; a role will
         not have access to their home directory until the UID is
         manually reassigned using chown(1).

     The following operands are supported:


         An existing login name to be modified.

     In case of an error, rolemod prints  an  error  message  and
     exits with one of the following values:


         The command syntax was invalid. A usage message for  the
         rolemod command is displayed.


         An invalid argument was provided to an option.


         The uid given with the -u option is already in use.


         The password files contain an error. pwconv(1M)  can  be
         used to correct possible errors. See passwd(4).


         The login to be modified does not exist, the group  does
         not exist, or the login shell does not exist.


         The login to be modified is in use.


         The new_logname is already in use.


         Cannot update the  /etc/group  or  /etc/user_attr  file.
         Other update requests will be implemented.


         Insufficient  space  to  move  the  home  directory  (-m
         option). Other update requests will be implemented.


         Unable to complete the move of the home directory to the
         new home directory.


         system file containing group definitions


         system file of date formats


         system password file


         system file containing users' and roles' encrypted pass-
         words and related information


         system file containing additional user and  role  attri-

     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWcsu                     |
    | Interface Stability         | Evolving                    |

     chown(1), passwd(1), users(1B), groupadd(1M),  groupdel(1M),
     groupmod(1M),     logins(1M),    pwconv(1M),    roleadd(1M),
     roledel(1M),    useradd(1M),    userdel(1M),    usermod(1M),
     getdate(3C), auth_attr(4), passwd(4), attributes(5)

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.