useradd(1m) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨페이지이름
검색(S)

useradd(1m)

Name
     useradd - administer a new user login on the system

Synopsis
     useradd [-A authorization [,authorization...]]
          [-b base_dir | -d dir] [-c comment] [-e expire]
          [-f inactive] [-g group] [-G group [,group]...]
          [-K key=value] [-m [-k skel_dir]] [-p projname]
          [-P profile [,profile...]] [-R role [,role...]]
          [-s shell] [-S repository] [-u uid [-o]] login


     useradd -D [-A authorization [,authorization...]]
          [-b base_dir] [-s shell [-k skel_dir]] [-e expire]
          [-f inactive] [-g group] [-K key=value] [-p projname]
          [-P profile [,profile...]] [-R role [,role...]]

Description
     useradd adds a new user to the passwd, shadow, and user_attr
     databases  in the files and ldap repositories. The -A and -P
     options respectively assign authorizations and  profiles  to
     the  user.  The  -R  option  assigns roles to a user. The -p
     option associates a project with a user. The -K option  adds
     a  key=value  pair to user_attr entry for the user. Multiple
     key=value pairs may be added with multiple -K options.


     useradd also creates supplementary group memberships for the
     user  (-G option) and creates the home directory (-m option)
     for the user if requested.  The  new  login  remains  locked
     until the passwd(1) command is executed.


     Specifying useradd -D with the -s, -k,-g, -b,  -f,  -e,  -A,
     -P,  -p,  -R,  or  -K  option  (or  any combination of these
     options) sets the default values for the respective  fields.
     See  the  -D  option,  below.  Subsequent  useradd  commands
     without the -D option use these arguments.


     The system file entries created with  this  command  have  a
     limit of 2048 characters per line. Specifying long arguments
     to several options can exceed this limit.


     useradd requires that usernames be in the  format  described
     in  passwd(4).  A warning message is displayed if these res-
     trictions are not met. See passwd(4)  for  the  requirements
     for usernames.

     An administrator must be granted the User Management Profile
     to be able to create a new user. The authorizations required
     to set the various fields in passwd,  shadow  and  user_attr
     can  be found in passwd(4), shadow(4), and user_attr(4). The
     authorizations required to assign groups and projects can be
     found in group(4) and project(4).

Options
     The following options are supported:

     -A authorization
         One or more comma-separated  authorizations  defined  in
         auth_attr(4).  Only  a user or role who has grant rights
         to the authorization can assign it to an account.


     -b base_dir
         The base directory for new login home  directories  (see
         the  -d  option  below. When a new user account is being
         created, base_dir  must  already  exist  unless  the  -m
         option or the -d option is also specified.


     -c comment
         Any text string. It is generally a short description  of
         the  login,  and  is currently used as the field for the
         user's full name. This  information  is  stored  in  the
         user's passwd entry.


     -d dir | server:dir
         Specifies the home directory path for the new  user.  If
         no  server name is specified, the specified directory is
         maintained in the passwd(4) database.

         The optional server name specifies the host on which the
         home  directory  resides. Entries in this form depend on
         the automounter, and are  maintained  in  the  auto_home
         map.  The  path  /home/username  is  maintained  in  the
         passwd(4) database. When the  user  subsequently  refer-
         ences  /home/username,  the  automounter  will mount the
         specified directory on /home/username.


     -D
         Display  the  default  values   for   group,   base_dir,
         skel_dir,  shell,  inactive,  expire, proj, projname and
         key=value pairs. When used with the -g, -b, -f, -e, - A,
         -P,  -p,  -R,  or  -  K  options, the -D option sets the
         default values for the  specified  fields.  The  default
         values are:

         group
             staff (GID of 10)


         base_dir
             /export/home


         skel_dir
             /etc/skel


         shell
             /usr/bin/bash


         inactive
             0


         expire
             null


         auths
             null


         profiles
             null


         auth_profiles
             null


         proj
             3


         projname
             default

         key=value (pairs defined in user_attr(4)
             not present


         roles
             null



     -e expire
         Specify the expiration date  for  a  login.  After  this
         date,  no  user  will  be able to access this login. The
         expire option argument is a date entered  using  one  of
         the   date   formats   included  in  the  template  file
         /etc/datemsk. See getdate(3C).

         If the date format that you choose includes  spaces,  it
         must  be  quoted.  For example, you can enter 10/6/90 or
         October 6, 1990. A null value (" ") defeats  the  status
         of  the expired date. This option is useful for creating
         temporary logins.


     -f inactive
         The maximum number of days allowed  between  uses  of  a
         login  ID  before  that  ID  is declared invalid. Normal
         values are positive integers. A value of 0  defeats  the
         status.


     -g group
         An existing group's integer ID or character-string name.
         Without the -D option, it defines the new user's primary
         group membership and defaults to the default group.  You
         can  reset  this default value by invoking useradd -D -g
         group. GIDs 0-99 are  reserved  for  allocation  by  the
         Solaris Operating System.


     -G group
         An existing group's integer ID or character-string name.
         It  defines  the  new user's supplementary group member-
         ship. Duplicates  between  group  with  the  -g  and  -G
         options are ignored. No more than NGROUPS_MAX groups can
         be specified. GIDs 0-99 are reserved for  allocation  by
         the Solaris Operating System.

     -K key=value
         A key=value pair to add to the user's attributes. Multi-
         ple  -K  options  may  be used to add multiple key=value
         pairs. The generic -K option with  the  appropriate  key
         may  be used instead of the specific implied key options
         (-A, -P, -R, -p). See user_attr(4) for a list  of  valid
         key=value  pairs.  The "type" key is not a valid key for
         this option. Keys may not be repeated.


     -k skel_dir
         A directory that contains skeleton information (such  as
         .profile)  that  can  be  copied  into a new user's home
         directory. This directory must already exist. The system
         provides  the  /etc/skel  directory that can be used for
         this purpose.


     -m
         Create the new user's home  directory  if  it  does  not
         already  exist. If the directory already exists, it must
         have read, write,  and  execute  permissions  by  group,
         where  group  is the user's primary group. If the server
         name specified to the -d option is a  remote  host  then
         the  system  will  not attempt to create the home direc-
         tory.

         If the directory does not already  exist and the  parent
         directory  is  the  mount point of a ZFS dataset, then a
         child of that dataset will be created and mounted at the
         specified location. The user is delegated permissions to
         create ZFS snapshots and promote them. The newly created
         dataset  will  inherit  the  encryption setting from its
         parent. If it is encrypted, the user is granted  permis-
         sion to change its wrapping key.


     -o
         This option allows a UID to be duplicated (non-unique).


     -P profile
         One or more comma-separated execution  profiles  defined
         in prof_attr(4).


     -p projname
         Name of the project with which the added user is associ-
         ated. See the projname field as defined in project(4).

     -R role
         One or more comma-separated execution  profiles  defined
         in  user_attr(4).  Roles  cannot  be  assigned  to other
         roles.


     -s shell
         Full pathname of the program used as the user's shell on
         login. If unspecified, it will default to any value pre-
         viously configured with the -D -s  option. If no default
         has  been  set  with  -D -s,  then /usr/bin/bash will be
         used. The value of shell  must  be  a  valid  executable
         file.


     -S repository
         The valid repositories are files, ldap . The  repository
         specifies  which  name  service  will  be  updated.  The
         default repository is  files.  When  the  repository  is
         files  ,  the authorizations, profiles, and roles can be
         present in other name service repositories  and  can  be
         assigned  to  a  user  in the files repository. When the
         repository is ldap, both the LDAP server and client must
         be  configured  with  EnableShadowUpdate=true. Also, all
         the assignable attributes must be present  in  the  ldap
         repository.


     -u uid
         The UID of the new user. This UID must be a non-negative
         decimal    integer    below   MAXUID   as   defined   in
         <sys/param.h>. The UID defaults to  the  next  available
         (unique)  number  above  the  highest  number  currently
         assigned. For example, if UIDs 100,  105,  and  200  are
         assigned,  the next default UID number will be 201. UIDs
         0-99 are reserved for allocation by the Solaris  Operat-
         ing System.

Exit Status
     In case of an error, useradd command prints an error message
     and  exits  with  one  of the following values. If the error
     occurred because LDAP is misconfigured, the following values
     are preceded by "LDAP configuration problem":

     1
           No permission for attempted operation.


     2
           The command syntax was invalid. A  usage  message  for
           the usermod command is displayed.

     3
           An invalid argument was provided to an option.


     4
           The gid or uid given with the -u option is already  in
           use.


     5
           The password and shadow files are not consistent  with
           each other. pwconv(1M) might be of use to correct pos-
           sible errors. See passwd(4) and shadow(4).


     6
           The login to be modified does not exist,  the  gid  or
           the uid does not exist.


     7
           The group, passwd, or shadow file is missing.


     9
           A group or user name is already in use.


     10
           Cannot update the passwd, shadow, or user_attr file.


     11
           Insufficient space to  move  the  home  directory  (-m
           option).


     12
           Unable to create, remove, or move the new home  direc-
           tory.


     13
           Requested login is already in use.


     14
           Unexpected failure.


     16
           Unable to update the group database.


     17
           Unable to update the project database.


     18
           Insufficient authorization.


     19
           Does not have role.

     20
           Does not have profile.


     21
           Does not have privilege.


     22
           Does not have label.


     23
           Does not have group.


     24
           System not running Trusted Extensions.


     25
           Does not have project.


     26
           Unable to update auto_home.

Files
     /etc/datemsk


     /etc/passwd


     /etc/shadow


     /etc/group


     /etc/skel


     /usr/include/limits.h


     /etc/user_attr

Attributes
     See attributes(5) for descriptions of the  following  attri-
     butes:



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE  TYPEATTRIBUTE  VALUE  _  Availabilitysystem/core-os  _
     Interface StabilityCommitted

See Also
     auths(1), passwd(1),  profiles(1),  roles(1),  groupadd(1M),
     groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M),
     userdel(1M),   usermod(1M),    getdate(3C),    auth_attr(4),
     group(4), passwd(4), prof_attr(4), project(4), user_attr(4),
     attributes(5)


     Working With Oracle Solaris 11.3 Directory and          Nam_ing
     Services: LDAP, Managing User Accounts and User Environ_ments
     in Oracle Solaris 11.3

Diagnostics
     In case of an error, useradd displays an error  message  and
     exits with a non-zero status.


     The following indicates that login specified is  already  in
     use:

       UX: useradd: ERROR: login is already in use. Choose another.




     The following indicates that the uid specified with  the  -u
     option is not unique:

       UX: useradd: ERROR: uid uid is already in use. Choose another.




     The following indicates that the group specified with the -g
     option has not yet been created:

       UX: useradd: ERROR: group group does not exist. Choose another.




     The following indicates that the uid specified with  the  -u
     option is in the range of reserved UIDs (from 0-99):

       UX: useradd: WARNING: uid uid is reserved.




     The following indicates that the uid specified with  the  -u
     option exceeds MAXUID as defined in <sys/param.h>:

       UX: useradd: ERROR: uid uid is too big. Choose another.




     The following indicates that the /etc/passwd or  /etc/shadow
     files do not exist:

       UX: useradd: ERROR: Cannot update system files - login cannot be created.




     The following indicates that the user executing the  command
     does not have sufficient authorization to perform the opera-
     tion:

       UX: roleadd: ERROR: Permission denied.




     The following indicates that an invalid directory was speci-
     fied in a useradd command:

       UX: invalid_directory is not a valid directory. Choose another.

Notes
     The useradd utility adds definitions to the passwd,  shadow,
     group,  project  ,  and  user_attr  databases  in  the scope
     (default or specified). It will verify the uniqueness of the
     user  name  (or  role)  and user id and the existence of any
     group names specified against the external name service.
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3