Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

rolemod


NAME
     rolemod - modify a role's login information on the system

SYNOPSIS
     rolemod [-u uid [-o]] [-g group] [-G group [, group...]]
          [-d dir [-m]] [-s shell] [-c comment] [-l new_name]
          [-f inactive] [-e expire]
          [-A authorization [, authorization]]
          [-P profile [, profile]] [-K key=value] role


DESCRIPTION
     The rolemod utility modifies a role's login  information  on
     the system. It changes the definition of the specified login
     and makes the appropriate login-related system file and file
     system changes.


     The system file entries created with  this  command  have  a
     limit  of 512 characters per line. Specifying long arguments
     to several options may exceed this limit.

OPTIONS
     The following options are supported:

     -A authorization

         One or more comma separated authorizations as deined  in
         auth_attr(4). Only role with grant rights to the author-
         ization can assign it to an account. This  replaces  any
         existing authorization setting. If no authorization list
         is specified, the existing setting is removed.


     -c comment

         Specify a  comment  string.  comment  can  be  any  text
         string.  It  is  generally  a  short  description of the
         login, and is currently used as the field for the user's
         full  name.  This  information  is  stored in the user's
         /etc/passwd entry.


     -d dir

         Specify the new home directory of the role. It  defaults
         to  base_dir/login, where base_dir is the base directory
         for new login home directories, and  login  is  the  new
         login.



     -e expire

         Specify the expiration date for a role. After this date,
         no  role  will  be able to access this login. The expire
         option argument is a date entered using one of the  date
         formats  included in the template file /etc/datemsk. See
         getdate(3C).

         For example, you may enter 10/6/90 or October 6, 1990. A
         value of `` '' defeats the status of the expired date.


     -f inactive

         Specify the maximum number of days allowed between  uses
         of  a login ID before that login ID is declared invalid.
         Normal values  are  positive  integers.  A  value  of  0
         defeats the status.


     -g group

         Specify an existing group's  integer  ID  or  character-
         string  name.  It  redefines  the  role's  primary group
         membership.


     -G group

         Specify an existing  group's  integer  ID  or  character
         string name. It redefines the role's supplementary group
         membership. Duplicates between group with the -g and  -G
         options  are  ignored.  No more than NGROUPS_UMAX groups
         may be specified as defined in <param.h>.


     -K key=value

         Replace existing or  add  to  a  role's  key=value  pair
         attributes.  Multiple  -K options can be used to replace
         or add multiple key=value pairs. However, keys must  not
         be  repeated. The generic -K option with the appropriate
         key may be used instead  of  the  specific  implied  key
         options  (-A  and  -P).  See  user_attr(4) for a list of
         valid key=value pairs.

         The keyword type can be specified with the value role or
         the  value  normal.  When  using  the  value normal, the
         account changes from a role user to a normal user; using
         the value role keeps the account a role user.


     -l new_logname

         Specify the new login name for the role. The new_logname
         argument is a string no more than eight bytes consisting
         of characters from the  set  of  alphabetic  characters,
         numeric characters, period (.), underline (_), and hypen
         (-). The first character should be  alphabetic  and  the
         field  should contain at least one lower case alphabetic
         character. A warning message will be  written  if  these
         restrictions  are  not met. A future Solaris release may
         refuse to accept login fields that  do  not  meet  these
         requirements.  The  new_logname argument must contain at
         least one character and must not contain a colon (:)  or
         NEWLINE (\n).


     -m

         Move the role's home  directory  to  the  new  directory
         specified  with  the -d option. If the directory already
         exists, it must have permissions  read/write/execute  by
         group, where group is the role's primary group.


     -o

         This option allows the specified UID  to  be  duplicated
         (non-unique).


     -P profile

         One or more comma-separated execution  profiles  defined
         in auth_attr(4). This replaces any existing profile set-
         ting. If no profile list is specified, the existing set-
         ting is removed.


     -s shell

         Specify the full pathname of the program that is used as
         the  role's shell on login. The value of shell must be a
         valid executable file.


     -u uid

         Specify a new UID for  the  role.  It  must  be  a  non-
         negative  decimal integer less than MAXUID as defined in
         <param.h>. The  UID  associated  with  the  role's  home
         directory  is not modified with this option; a role will
         not have access to their home directory until the UID is
         manually reassigned using chown(1).


OPERANDS
     The following operands are supported:

     login

         An existing login name to be modified.


EXIT STATUS
     In case of an error, rolemod prints  an  error  message  and
     exits with one of the following values:

     2

         The command syntax was invalid. A usage message for  the
         rolemod command is displayed.


     3

         An invalid argument was provided to an option.


     4

         The uid given with the -u option is already in use.


     5

         The password files contain an error. pwconv(1M)  can  be
         used to correct possible errors. See passwd(4).


     6

         The login to be modified does not exist, the group  does
         not exist, or the login shell does not exist.


     8

         The login to be modified is in use.


     9

         The new_logname is already in use.

     10

         Cannot update the  /etc/group  or  /etc/user_attr  file.
         Other update requests will be implemented.


     11

         Insufficient  space  to  move  the  home  directory  (-m
         option). Other update requests will be implemented.


     12

         Unable to complete the move of the home directory to the
         new home directory.


FILES
     /etc/group

         system file containing group definitions


     /etc/datemsk

         system file of date formats


     /etc/passwd

         system password file


     /etc/shadow

         system file containing users' and roles' encrypted pass-
         words and related information


     /etc/user_attr

         system file containing additional user and  role  attri-
         butes


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWcsu                     |
    |_____________________________|_____________________________|
    | Interface Stability         | Evolving                    |
    |_____________________________|_____________________________|


SEE ALSO
     chown(1), passwd(1), users(1B), groupadd(1M),  groupdel(1M),
     groupmod(1M),     logins(1M),    pwconv(1M),    roleadd(1M),
     roledel(1M),    useradd(1M),    userdel(1M),    usermod(1M),
     getdate(3C), auth_attr(4), passwd(4), attributes(5)










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments