From 58a05777fb9e6b7931e6a6f1226be4b27ef01bb5 Mon Sep 17 00:00:00 2001 From: Peter Tribble Date: Fri, 9 Feb 2018 21:31:49 +0000 Subject: [PATCH] 9086 account administration manpages need some tlc Reviewed by: Jason King Reviewed by: Yuri Pankov Approved by: Richard Lowe --- usr/src/man/man1/profiles.1 | 17 ++-- usr/src/man/man1/roles.1 | 11 ++- usr/src/man/man1m/groupadd.1m | 19 ++-- usr/src/man/man1m/groupdel.1m | 4 +- usr/src/man/man1m/groupmod.1m | 11 ++- usr/src/man/man1m/projadd.1m | 27 ++---- usr/src/man/man1m/projdel.1m | 13 +-- usr/src/man/man1m/projmod.1m | 44 ++++----- usr/src/man/man1m/roleadd.1m | 216 +++++++++++++++++++++++++++--------------- usr/src/man/man1m/roledel.1m | 21 +++- usr/src/man/man1m/rolemod.1m | 84 +++++++++------- usr/src/man/man1m/useradd.1m | 98 +++++++++---------- usr/src/man/man1m/userdel.1m | 14 +-- usr/src/man/man1m/usermod.1m | 59 ++++++------ 14 files changed, 358 insertions(+), 280 deletions(-) diff --git a/usr/src/man/man1/profiles.1 b/usr/src/man/man1/profiles.1 index f0db54973e..6a887ed47e 100644 --- a/usr/src/man/man1/profiles.1 +++ b/usr/src/man/man1/profiles.1 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH PROFILES 1 "Feb 11, 2000" +.TH PROFILES 1 "Jan 7, 2018" .SH NAME profiles \- print execution profiles for a user .SH SYNOPSIS @@ -13,7 +13,6 @@ profiles \- print execution profiles for a user .fi .SH DESCRIPTION -.sp .LP The \fBprofiles\fR command prints on standard output the names of the execution profiles that have been assigned to you or to the optionally-specified user or @@ -40,7 +39,6 @@ profiles are added to the list loaded from \fBuser_attr\fR(4). Matching entries in \fBprof_attr\fR(4) provide the authorizations list, and matching entries in \fBexec_attr\fR(4) provide the commands list. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -55,7 +53,7 @@ such as user and group \fBID\fRs. .SH EXAMPLES .LP -\fBExample 1 \fRSample Output +\fBExample 1\fR Sample Output .sp .LP The output of the \fBprofiles\fR command has the following form: @@ -63,7 +61,8 @@ The output of the \fBprofiles\fR command has the following form: .sp .in +2 .nf -example% \fBprofiles tester01 tester02\fRtester01 : Audit Management, All Commands +example% \fBprofiles tester01 tester02\fR +tester01 : Audit Management, All Commands tester02 : Device Management, All Commands example% .fi @@ -71,11 +70,12 @@ example% .sp .LP -\fBExample 2 \fRUsing the \fBlist\fR Option +\fBExample 2\fR Using the \fBlist\fR Option .sp .in +2 .nf -example% \fBprofiles -l tester01 tester02\fRtester01 : +example% \fBprofiles -l tester01 tester02\fR +tester01 : Audit Management: /usr/sbin/audit euid=root /usr/sbin/auditconfig euid=root egid=sys @@ -93,7 +93,6 @@ example% .sp .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -115,7 +114,6 @@ An error occurred. .RE .SH FILES -.sp .LP \fB/etc/security/exec_attr\fR .sp @@ -128,7 +126,6 @@ An error occurred. .LP \fB/etc/security/policy.conf\fR .SH SEE ALSO -.sp .LP \fBauths\fR(1), \fBpfexec\fR(1), \fBroles\fR(1), \fBgetprofattr\fR(3SECDB), \fBexec_attr\fR(4), \fBpolicy.conf\fR(4), \fBprof_attr\fR(4), diff --git a/usr/src/man/man1/roles.1 b/usr/src/man/man1/roles.1 index cbdab0a000..fa732a8435 100644 --- a/usr/src/man/man1/roles.1 +++ b/usr/src/man/man1/roles.1 @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ROLES 1 "Mar 6, 2017" +.TH ROLES 1 "Jan 7, 2018" .SH NAME roles \- print roles granted to a user .SH SYNOPSIS @@ -14,7 +14,7 @@ roles \- print roles granted to a user .SH DESCRIPTION .LP -The command \fBroles\fR prints on standard output the roles that you or the +The \fBroles\fR command prints on standard output the roles that you or the optionally-specified user have been granted. Roles are special accounts that correspond to a functional responsibility rather than to an actual person (referred to as a normal user). @@ -28,7 +28,7 @@ profiles. See \fBauths\fR(1) and \fBprofiles\fR(1). .sp .LP Roles are not allowed to log into a system as a primary user. Instead, a user -must log in as him\(em or herself and assume the role. The actions of a role +must first log in as a normal user and assume the role. The actions of a role are attributable to the normal user. The audited events of the role contain the audit \fBID\fR of the original user who assumed the role. @@ -49,7 +49,7 @@ requires knowledge of the role's password and membership in the role. Role assignments are specified in \fBuser_attr\fR(4). .SH EXAMPLES .LP -\fBExample 1 \fRSample output +\fBExample 1\fR Sample output .sp .LP The output of the \fBroles\fR command has the following form: @@ -57,7 +57,8 @@ The output of the \fBroles\fR command has the following form: .sp .in +2 .nf -example% \fBroles tester01 tester02\fRtester01 : admin +example% \fBroles tester01 tester02\fR +tester01 : admin tester02 : secadmin, root example% .fi diff --git a/usr/src/man/man1m/groupadd.1m b/usr/src/man/man1m/groupadd.1m index 79ea3cebe3..6029feb6c5 100644 --- a/usr/src/man/man1m/groupadd.1m +++ b/usr/src/man/man1m/groupadd.1m @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright 1989 AT&T Copyright (c) 1998 Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GROUPADD 1M "Feb 25, 2017" +.TH GROUPADD 1M "Jan 7, 2018" .SH NAME groupadd \- add (create) a new group definition on the system .SH SYNOPSIS @@ -27,11 +28,11 @@ The following options are supported: .RS 10n Assigns the group id \fIgid\fR for the new group. This group id must be a non-negative decimal integer below \fBMAXUID\fR as defined in -\fB/usr/include/sys/param.h\fR. The group \fBID\fR defaults to the next +\fB\fR. The group \fBID\fR defaults to the next available (unique) number above the highest number currently assigned. For -example, if groups \fB100\fR, \fB105\fR, and \fB200\fR are assigned as -groups, the next default group number will be \fB201\fR. (Group \fBIDs\fR from -\fB0\fR\(mi\fB99\fR are reserved by SunOS for future applications.) +example, if groups \fB100\fR, \fB105\fR, and \fB200\fR are assigned as +groups, the next default group number will be \fB201\fR. (Group \fBIDs\fR from +\fB0\fR\(mi\fB99\fR are reserved for future applications.) .RE .sp @@ -57,7 +58,7 @@ characters and numeric characters. A warning message will be written if the string exceeds \fBMAXGLEN,\fR which is usually set at eight characters. The \fIgroup\fR field must contain at least one character; it accepts lower case or numeric characters or a combination of both, and must not contain a colon -(\fB:\fR) or \fBNEWLINE.\fR +(\fB:\fR) or \fBNEWLINE.\fR .RE .SH EXIT STATUS @@ -97,7 +98,7 @@ An invalid argument was provided to an option. \fB\fB4\fR\fR .ad .RS 6n -The \fIgid\fR is not unique (when \fB-o\fR option is not used). +The \fIgid\fR is not unique (when \fB-o\fR option is not used). .RE .sp @@ -115,7 +116,7 @@ The \fIgroup\fR is not unique. \fB\fB10\fR\fR .ad .RS 6n -The \fB/etc/group\fR file cannot be updated. +The \fB/etc/group\fR file cannot be updated. .RE .SH FILES @@ -133,7 +134,7 @@ The \fB/etc/group\fR file cannot be updated. .RE .SH SEE ALSO .LP -\fBusers\fR(1B), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBgrpck\fR(1M), +\fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBgrpck\fR(1M), \fBlogins\fR(1M), \fBpwck\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M), \fBgroup\fR(4), \fBattributes\fR(5) .SH NOTES diff --git a/usr/src/man/man1m/groupdel.1m b/usr/src/man/man1m/groupdel.1m index bb5ef3b3c8..3f31f03e75 100644 --- a/usr/src/man/man1m/groupdel.1m +++ b/usr/src/man/man1m/groupdel.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GROUPDEL 1M "Feb 25, 2017" +.TH GROUPDEL 1M "Jan 7, 2018" .SH NAME groupdel \- delete a group definition from the system .SH SYNOPSIS @@ -76,7 +76,7 @@ system file containing group definitions .SH SEE ALSO .LP -\fBusers\fR(1B), \fBgroupadd\fR(1M), \fBgroupmod\fR(1M), \fBlogins\fR(1M), +\fBgroupadd\fR(1M), \fBgroupmod\fR(1M), \fBlogins\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M), \fBattributes\fR(5) .SH NOTES .LP diff --git a/usr/src/man/man1m/groupmod.1m b/usr/src/man/man1m/groupmod.1m index 2bad7f98d9..670777c7df 100644 --- a/usr/src/man/man1m/groupmod.1m +++ b/usr/src/man/man1m/groupmod.1m @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright 1989 AT&T Copyright (c) 1997, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH GROUPMOD 1M "Feb 25, 2017" +.TH GROUPMOD 1M "Jan 7, 2018" .SH NAME groupmod \- modify a group definition on the system .SH SYNOPSIS @@ -27,8 +28,8 @@ The following options are supported: .RS 11n Specify the new group \fBID\fR for the group. This group \fBID\fR must be a non-negative decimal integer less than \fBMAXUID\fR, as defined in -\fB\fR\&. The group \fBID\fR defaults to the next available (unique) -number above 99. (Group IDs from 0-99 are reserved by SunOS for future +\fB\fR\&. The group \fBID\fR defaults to the next available +(unique) number above 99. (Group IDs from 0-99 are reserved for future applications.) .RE @@ -41,7 +42,7 @@ applications.) Specify the new name for the group. The \fIname\fR argument is a string of no more than eight bytes consisting of characters from the set of lower case alphabetic characters and numeric characters. A warning message will be -written if these restrictions are not met. A future Solaris release may refuse +written if these restrictions are not met. A future release may refuse to accept group fields that do not meet these requirements. The \fIname\fR argument must contain at least one character and must not include a colon (\fB:\fR) or \fBNEWLINE\fR (\fB\en\fR). @@ -146,7 +147,7 @@ group file .SH SEE ALSO .LP -\fBusers\fR(1B), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBlogins\fR(1M), +\fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBlogins\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M), \fBgroup\fR(4), \fBattributes\fR(5) .SH NOTES diff --git a/usr/src/man/man1m/projadd.1m b/usr/src/man/man1m/projadd.1m index 7a92c237d4..342d96e5b1 100644 --- a/usr/src/man/man1m/projadd.1m +++ b/usr/src/man/man1m/projadd.1m @@ -1,27 +1,26 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright (c) 2001, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH PROJADD 1M "Sep 30, 2004" +.TH PROJADD 1M "Jan 7, 2018" .SH NAME projadd \- administer a new project on the system .SH SYNOPSIS .LP .nf \fBprojadd\fR [\fB-n\fR] [\fB-f\fR \fIfilename\fR] [\fB-p\fR \fIprojid\fR [\fB-o\fR]] [\fB-c\fR \fIcomment\fR] - [\fB-U\fR \fIuser\fR [,\fIuser\fR]... ] [\fB-G\fR \fIgroup\fR [,\fIgroup\fR]... ] - [ [\fB-K\fR \fIname\fR [=\fIvalue\fR [,\fIvalue\fR]...]...]] \fIproject\fR + [\fB-U\fR \fIuser\fR[,\fIuser\fR]...] [\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...] + [\fB-K\fR \fIname\fR[=\fIvalue\fR[,\fIvalue\fR]...]]... \fIproject\fR .fi .SH DESCRIPTION -.sp .LP \fBprojadd\fR adds a new project entry to the \fB/etc/project\fR file. If the files backend is being used for the project database, the new project is available for use immediately upon the completion of the \fBprojadd\fR command. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -51,7 +50,7 @@ system project file, \fB/etc/project\fR, is modified. .sp .ne 2 .na -\fB\fB-G\fR \fIgroup\fR[,group...]\fR +\fB\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...\fR .ad .RS 29n Specify a group list for the project. @@ -60,7 +59,7 @@ Specify a group list for the project. .sp .ne 2 .na -\fB\fB-K\fR \fIname\fR[=\fIvalue\fR[,\fIvalue\fR...]\fR +\fB\fB-K\fR \fIname\fR[=\fIvalue\fR[,\fIvalue\fR]...]\fR .ad .RS 29n Specify an attribute list for the project. Multiple \fB-K\fR options can be @@ -114,20 +113,19 @@ defined in \fBlimits.h\fR. \fIprojid\fR defaults to the next available unique number above the highest number currently assigned. For example, if \fIprojid\fRs \fB100\fR, \fB105\fR, and \fB200\fR are assigned, the next default \fIprojid\fR is \fB201\fR. \fIprojid\fRs between \fB0\fR-\fB99\fR are -reserved by SunOS. +reserved. .RE .sp .ne 2 .na -\fB\fB-U\fR \fIuser\fR[,user...]\fR +\fB\fB-U\fR \fIuser\fR[,\fIuser\fR]...\fR .ad .RS 29n Specify a user list for the project. .RE .SH OPERANDS -.sp .LP The following operands are supported: .sp @@ -146,7 +144,7 @@ restrictions are not met. .SH EXAMPLES .LP -\fBExample 1 \fRAdding a Project +\fBExample 1\fR Adding a Project .sp .LP The following command creates the project \fBsalesaudit\fR and sets the @@ -188,7 +186,6 @@ note the effect of the scaling factor in the resource cap MB, and scaling factors are specified in \fBresource_controls\fR(5). .SH EXIT STATUS -.sp .LP The following exit values are returned: .sp @@ -264,7 +261,6 @@ Cannot update the \fB/etc/project\fR file. .RE .SH FILES -.sp .ne 2 .na \fB\fB/etc/project\fR\fR @@ -274,7 +270,6 @@ System project file .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -293,20 +288,18 @@ Interface Stability See below. .LP Invocation is evolving. Human readable output is unstable. .SH SEE ALSO -.sp .LP \fBprojects\fR(1), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBgrpck\fR(1M), \fBprojdel\fR(1M), \fBprojmod\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M), \fBproject\fR(4), \fBattributes\fR(5), \fBresource_controls\fR(5) .SH NOTES -.sp .LP In case of an error, \fBprojadd\fR prints an error message and exits with a non-zero status. .sp .LP \fBprojadd\fR adds a project definition only on the local system. If a network -name service such as NIS or LDAP is being used to supplement the local +name service is being used to supplement the local \fB/etc/project\fR file with additional entries, \fBprojadd\fR cannot change information supplied by the network name service. diff --git a/usr/src/man/man1m/projdel.1m b/usr/src/man/man1m/projdel.1m index e680658b0a..b3adbcd7a7 100644 --- a/usr/src/man/man1m/projdel.1m +++ b/usr/src/man/man1m/projdel.1m @@ -4,7 +4,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH PROJDEL 1M "May 4, 2004" +.TH PROJDEL 1M "Jan 7, 2018" .SH NAME projdel \- delete a project from the system .SH SYNOPSIS @@ -126,15 +126,6 @@ Cannot update the \fB/etc/project\fR file. System project file .RE -.sp -.ne 2 -.na -\fB\fB\fR\fR -.ad -.RS 16n - -.RE - .SH ATTRIBUTES .LP See \fBattributes\fR(5) for descriptions of the following attributes: @@ -166,6 +157,6 @@ non-zero status. .SH NOTES .LP \fBprojdel\fR deletes a project definition only on the local system. If a -network name service such as \fBNIS\fR or \fBLDAP\fR is being used to +network name service is being used to supplement the local \fB/etc/project\fR file with additional entries, \fBprojdel\fR cannot change information supplied by the network name service. diff --git a/usr/src/man/man1m/projmod.1m b/usr/src/man/man1m/projmod.1m index 81a6e13a15..5225c127ae 100644 --- a/usr/src/man/man1m/projmod.1m +++ b/usr/src/man/man1m/projmod.1m @@ -1,9 +1,10 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright (c) 2007, Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH PROJMOD 1M "Feb 22, 2007" +.TH PROJMOD 1M "Jan 7, 2018" .SH NAME projmod \- modify a project's information on the system .SH SYNOPSIS @@ -15,20 +16,18 @@ projmod \- modify a project's information on the system .LP .nf \fBprojmod\fR [\fB-n\fR] [\fB-A\fR|\fB-f\fR \fIfilename\fR | -] [\fB-p\fR \fIprojid\fR [\fB-o\fR]] - [\fB-c\fR \fIcomment\fR] [\fB-a\fR|\fB-s\fR|\fB-r\fR] [\fB-U\fR \fIuser\fR [,\fIuser\fR]... ] - [\fB-G\fR \fIgroup\fR [,\fIgroup\fR]... ] - [ [\fB-K\fR \fIname\fR [=\fIvalue\fR [,\fIvalue\fR]...]...]] + [\fB-c\fR \fIcomment\fR] [\fB-a\fR|\fB-s\fR|\fB-r\fR] [\fB-U\fR \fIuser\fR[,\fIuser\fR]...] + [\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...] + [\fB-K\fR \fIname\fR[=\fIvalue\fR[,\fIvalue\fR]...]]... [\fB-l\fR \fInew_projectname\fR] \fIproject\fR .fi .SH DESCRIPTION -.sp .LP The \fBprojmod\fR utility modifies a project's definition on the system. \fBprojmod\fR changes the definition of the specified project and makes the appropriate project-related system file and file system changes. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -79,7 +78,7 @@ modified. .sp .ne 2 .na -\fB\fB-G\fR \fIgroup\fR [,\fIgroup\fR...]\fR +\fB\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...]fR .ad .RS 29n Specify a replacement list of member groups of the project. When used in @@ -90,7 +89,7 @@ of groups to be added or removed from the project. .sp .ne 2 .na -\fB\fB-K\fR \fIname\fR[=\fIvalue\fR[,\fIvalue\fR...]\fR +\fB\fB-K\fR \fIname\fR[=\fIvalue\fR[,\fIvalue\fR]...]\fR .ad .RS 29n Specify a replacement list of project attributes for the project. When used in @@ -156,8 +155,9 @@ non-unique within the project file. .ad .RS 29n Specify a new project \fBID\fR for the project. It must be a non-negative -decimal integer less than \fBMAXUID\fR as defined in \fBparam.h\fR. This value -must be unique within the project file if the \fB-o\fR option is not specified. +decimal integer less than \fBMAXUID\fR as defined in \fB\fR. This +value must be unique within the project file if the \fB-o\fR option is not +specified. .RE .sp @@ -186,7 +186,7 @@ options. .sp .ne 2 .na -\fB\fB-U\fR \fIuser\fR [,\fIuser\fR...]\fR +\fB\fB-U\fR \fIuser\fR[,\fIuser\fR]...\fR .ad .RS 29n Specify a replacement list of member users of the project. When used in @@ -195,7 +195,6 @@ of users to be added or removed from the project. .RE .SH OPERANDS -.sp .LP The following operands are supported: .sp @@ -219,7 +218,7 @@ project. .SH EXAMPLES .LP -\fBExample 1 \fRUsing the \fB-K\fR Option for Addition of an Attribute Value +\fBExample 1\fR Using the \fB-K\fR Option for Addition of an Attribute Value .sp .LP Consider the following \fBproject\fR(4) entry: @@ -275,7 +274,7 @@ task.max-lwps=(priv,100,deny),(priv,1000,signal=KILL) .in -2 .LP -\fBExample 2 \fRUsing the \fB-K\fR Option for the Substitution of an Attribute +\fBExample 2\fR Using the \fB-K\fR Option for the Substitution of an Attribute Value .sp .LP @@ -313,7 +312,7 @@ task.max-lwps=(priv,500,signal=SIGSTOP) .in -2 .LP -\fBExample 3 \fRUsing the \fB-K\fR Option for Removal of an Attribute Value +\fBExample 3\fR Using the \fB-K\fR Option for Removal of an Attribute Value .sp .LP Assume an attributes field in a \fBproject\fR(4) entry for a project @@ -350,7 +349,7 @@ task.max-lwps=(priv,1000,signal=KILL) .in -2 .LP -\fBExample 4 \fRSpecifying Multiple Attribute Values +\fBExample 4\fR Specifying Multiple Attribute Values .sp .LP Suppose you want to achieve the following resource controls for the project @@ -419,7 +418,7 @@ and scaling factors you can use for resource controls are specified in \fBresource_controls\fR(5). .LP -\fBExample 5 \fRBinding a Pool to a Project +\fBExample 5\fR Binding a Pool to a Project .sp .LP The following command sets the \fBproject.pool\fR attribute for the project @@ -433,7 +432,7 @@ The following command sets the \fBproject.pool\fR attribute for the project .in -2 .LP -\fBExample 6 \fREvaluating Input from \fBstdin\fR +\fBExample 6\fR Evaluating Input from \fBstdin\fR .sp .LP The following command uses the \fB-f\fR option without a project name operand @@ -447,7 +446,6 @@ to evaluate the contents of an NIS projects map. .in -2 .SH EXIT STATUS -.sp .LP In case of an error, \fBprojmod\fR prints an error message and exits with one of the following values: @@ -527,7 +525,6 @@ Cannot update the \fB/etc/project\fR file. .RE .SH FILES -.sp .ne 2 .na \fB\fB/etc/group\fR\fR @@ -564,7 +561,6 @@ System file containing users' encrypted passwords and related information .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -583,18 +579,16 @@ Interface Stability See below. .LP Invocation is evolving. Human readable output is unstable. .SH SEE ALSO -.sp .LP \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBprojadd\fR(1M), \fBprojdel\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M), \fBpasswd\fR(4), \fBproject\fR(4), \fBattributes\fR(5), \fBresource_controls\fR(5) .SH NOTES -.sp .LP The \fBprojmod\fR utility modifies project definitions only in the local -\fB/etc/project\fR file. If a network name service such as \fBNIS\fR or -\fBLDAP\fR is being used to supplement the local files with additional entries, +\fB/etc/project\fR file. If a network name service +is being used to supplement the local files with additional entries, \fBprojmod\fR cannot change information supplied by the network name service. However \fBprojmod\fR verifies the uniqueness of project name and project \fBID\fR against the external name service. diff --git a/usr/src/man/man1m/roleadd.1m b/usr/src/man/man1m/roleadd.1m index d1f7dfb2e3..f8674edbef 100644 --- a/usr/src/man/man1m/roleadd.1m +++ b/usr/src/man/man1m/roleadd.1m @@ -1,34 +1,37 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright 1989 AT&T Copyright (c) 2006 Sun Microsystems, Inc. All Rights Reserved. .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ROLEADD 1M "Feb 25, 2017" +.TH ROLEADD 1M "Jan 7, 2018" .SH NAME roleadd \- administer a new role account on the system .SH SYNOPSIS .LP .nf -\fBroleadd\fR [\fB-c\fR \fIcomment\fR] [\fB-d\fR \fIdir\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] - [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [, \fIgroup\fR...]] [\fB-m\fR [\fB-k\fR \fIskel_dir\fR]] - [\fB-u\fR \fIuid\fR [\fB-o\fR]] [\fB-s\fR \fIshell\fR] - [\fB-A\fR \fIauthorization\fR [,\fIauthorization...\fR]] [\fB-K\fR \fIkey=value\fR] \fIrole\fR +\fBroleadd\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization\fR]...] + [\fB-b\fR \fIbase_dir\fR] [\fB-c\fR \fIcomment\fR] [\fB-d\fR \fIdir\fR] [\fB-e\fR \fIexpire\fR] + [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...] + [\fB-K\fR \fIkey=value\fR] [\fB-m\fR [\fB-z|-Z\fR] [\fB-k\fR \fIskel_dir\fR]] [\fB-p\fR \fIprojname\fR] + [\fB-P\fR \fIprofile\fR[,\fIprofile\fR]...] [\fB-s\fR \fIshell\fR] [\fB-u\fR \fIuid\fR [\fB-o\fR]] \fIrole\fR .fi .LP .nf -\fBroleadd\fR \fB-D\fR [\fB-b\fR \fIbase_dir\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] - [\fB-g\fR \fIgroup\fR] [\fB-A\fR \fIauthorization\fR [,\fIauthorization...\fR]] - [\fB-P\fR \fIprofile\fR [,\fIprofile...\fR] [\fB-K\fR \fIkey=value\fR]] +\fBroleadd\fR \fB-D\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization\fR]...] + [\fB-b\fR \fIbase_dir\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] + [\fB-k\fR \fIskel_dir\fR] [\fB-K\fR \fIkey=value\fR] [\fB-p\fR \fIprojname\fR] + [\fB-P\fR \fIprofile\fR[,\fIprofile\fR]...] [\fB-s\fR \fIshell\fR] .fi .SH DESCRIPTION .LP \fBroleadd\fR adds a role entry to the \fB/etc/passwd\fR and \fB/etc/shadow\fR and \fB/etc/user_attr\fR files. The \fB-A\fR and \fB-P\fR options respectively -assign authorizations and profiles to the role. Roles cannot be assigned to -other roles. The \fB-K\fR option adds a \fIkey=value\fR pair to -\fB/etc/user_attr\fR for a role. Multiple \fIkey=value\fR pairs can be added +assign authorizations and profiles to the role. The \fB-p\fR option associates +a project with the role. The \fB-K\fR option adds a \fIkey=value\fR pair to +\fB/etc/user_attr\fR for the role. Multiple \fIkey=value\fR pairs can be added with multiple \fB-K\fR options. .sp .LP @@ -38,9 +41,10 @@ if requested. The new role account remains locked until the \fBpasswd\fR(1) command is executed. .sp .LP -Specifying \fBroleadd\fR \fB-D\fR with the \fB-g\fR, \fB-b\fR, \fB-f\fR, -\fB-e\fR, or \fB-K\fR option (or any combination of these option) sets the -default values for the respective fields. See the \fB-D\fR option. Subsequent +Specifying \fBroleadd\fR \fB-D\fR with the \fB-A\fR, \fB-b\fR, \fB-e\fR, +\fB-f\fR, \fB-g\fR, \fB-k\fR, \fB-K\fR, \fB-p\fR, \fB-P\fR, or +\fB-s\fR option (or any combination of these options) sets the default values +for the respective fields. See the \fB-D\fR option. Subsequent \fBroleadd\fR commands without the \fB-D\fR option use these arguments. .sp .LP @@ -49,17 +53,14 @@ characters per line. Specifying long arguments to several options can exceed this limit. .sp .LP -The role (\fBrole\fR) field accepts a string of no more than eight bytes -consisting of characters from the set of alphabetic characters, numeric -characters, period (\fB\&.\fR), underscore (\fB_\fR), and hyphen (\fB-\fR). The -first character should be alphabetic and the field should contain at least one -lower case alphabetic character. A warning message is written if these -restrictions are not met. A future Solaris release might refuse to accept role -fields that do not meet these requirements. -.sp +\fBroleadd\fR requires that usernames be in the format described in +\fBpasswd\fR(4). A warning message is displayed if these restrictions are not +met. See \fBpasswd\fR(4) for the requirements for usernames. .LP -The \fBrole\fR field must contain at least one character and must not contain a -colon (\fB:\fR) or a newline (\fB\en\fR). +To change the action of \fBroleadd\fR when the traditional login name +length limit of eight characters is exceeded, edit the file +\fB/etc/default/useradd\fR by removing the \fB#\fR (pound sign) before the +appropriate \fBEXCEED_TRAD=\fR entry, and adding it before the others. .SH OPTIONS .LP The following options are supported: @@ -68,10 +69,11 @@ The following options are supported: .na \fB\fB-A\fR \fIauthorization\fR\fR .ad -.RS 20n +.sp .6 +.RS 4n One or more comma separated authorizations defined in \fBauth_attr\fR(4). Only -a user or role who has grant rights to the authorization can assign it to an -account +a user or role who has \fBgrant\fR rights to the authorization can assign it to +a role. .RE .sp @@ -79,10 +81,11 @@ account .na \fB\fB-b\fR \fIbase_dir\fR\fR .ad -.RS 20n -The default base directory for the system if \fB-d\fR\fI dir\fR is not -specified. \fIbase_dir\fR is concatenated with the account name to define the -home directory. If the \fB-m\fR option is not used, \fIbase_dir\fR must exist. +.sp .6 +.RS 4n +The base directory for new role home directories (see the \fB-d\fR option +below). The directory named by \fIbase_dir\fR must already exist and be an +absolute path. .RE .sp @@ -90,8 +93,9 @@ home directory. If the \fB-m\fR option is not used, \fIbase_dir\fR must exist. .na \fB\fB-c\fR \fIcomment\fR\fR .ad -.RS 20n -Any text string. It is generally a short description of the role. This +.sp .6 +.RS 4n +A text string. It is generally a short description of the role. This information is stored in the role's \fB/etc/passwd\fR entry. .RE @@ -100,8 +104,9 @@ information is stored in the role's \fB/etc/passwd\fR entry. .na \fB\fB-d\fR \fIdir\fR\fR .ad -.RS 20n -The home directory of the new role. It defaults to +.sp .6 +.RS 4n +The home directory of the new role. If not supplied, it defaults to \fIbase_dir\fR/\fIaccount_name\fR, where \fIbase_dir\fR is the base directory for new login home directories and \fIaccount_name\fR is the new role name. .RE @@ -111,10 +116,12 @@ for new login home directories and \fIaccount_name\fR is the new role name. .na \fB\fB-D\fR\fR .ad -.RS 20n -Display the default values for \fIgroup\fR, \fIbase_dir\fR, \fIskel_dir\fR, -\fIshell\fR, \fIinactive\fR, \fIexpire\fR and \fIkey=value\fR pairs. When used -with the \fB-g\fR, \fB-b\fR, \fB-f\fR, or \fB-K\fR, options, the \fB-D\fR +.sp .6 +.RS 4n +Display the default values for \fBgroup\fR, \fBbase_dir\fR, \fBskel_dir\fR, +\fBshell\fR, \fBinactive\fR, \fBexpire\fR, \fBproj\fR, \fBprojname\fR and +\fBkey=value\fR pairs. When used with the \fB-A\fR, \fB-b\fR, \fB-e\fR, +\fB-f\fR, \fB-g\fR, \fB-P\fR, \fB-p\fR, or \fB-K\fR, options, the \fB-D\fR option sets the default values for the specified fields. The default values are: .sp @@ -200,7 +207,27 @@ Null .sp .ne 2 .na -\fBkey=value (pairs defined in \fBuser_attr\fR(4)\fR +\fBproj\fR +.ad +.sp .6 +.RS 4n +\fB3\fR +.RE + +.sp +.ne 2 +.na +\fBprojname\fR +.ad +.sp .6 +.RS 4n +\fBdefault\fR +.RE + +.sp +.ne 2 +.na +\fBkey=value\fR (pairs defined in \fBuser_attr\fR(4)) .ad .sp .6 .RS 4n @@ -214,10 +241,11 @@ not present .na \fB\fB-e\fR \fIexpire\fR\fR .ad -.RS 20n +.sp .6 +.RS 4n Specify the expiration date for a role. After this date, no user is able to -access this role. The expire option argument is a date entered using one of the -date formats included in the template file \fB/etc/datemsk\fR. See +access this role. The expire option argument is a date entered using one of +the date formats included in the template file \fB/etc/datemsk\fR. See \fBgetdate\fR(3C). .sp If the date format that you choose includes spaces, it must be quoted. For @@ -231,10 +259,11 @@ creating temporary roles. .na \fB\fB-f\fR \fIinactive\fR\fR .ad -.RS 20n -The maximum number of days allowed between uses of a role ID before that ID is -declared invalid. Normal values are positive integers. A value of \fB 0\fR -defeats the status. +.sp .6 +.RS 4n +The maximum number of days allowed between uses of a role ID before that +\fBID\fR is declared invalid. Normal values are positive integers. A value of +\fB0\fR defeats the status. .RE .sp @@ -242,11 +271,13 @@ defeats the status. .na \fB\fB-g\fR \fIgroup\fR\fR .ad -.RS 20n -An existing group's integer ID or character-string name. Without the \fB-D\fR -option, it defines the new role's primary group membership and defaults to the -default group. You can reset this default value by invoking \fBroleadd -\fR\fB-D\fR\fB \fR\fB-g\fR\fB \fR\fIgroup.\fR +.sp .6 +.RS 4n +An existing group's integer \fBID\fR or character-string name. Without the +\fB-D\fR option, it defines the new role's primary group membership and +defaults to the default group. You can reset this default value by invoking +\fBroleadd\fR \fB-D\fR \fB-g\fR \fIgroup\fR. GIDs 0-99 are reserved for +allocation by the Operating System. .RE .sp @@ -254,11 +285,13 @@ default group. You can reset this default value by invoking \fBroleadd .na \fB\fB-G\fR \fIgroup\fR\fR .ad -.RS 20n -An existing group's integer \fBID\fR or character-string name. It defines the -new role's supplementary group membership. Duplicates between \fIgroup\fR with -the \fB-g\fR and \fB-G\fR options are ignored. No more than \fBNGROUPS_MAX\fR -groups can be specified. +.sp .6 +.RS 4n +One or more comma-separated existing groups, specified by integer \fBID\fR or +character-string name. It defines the new role's supplementary group +membership. Any duplicate groups between the \fB-g\fR and \fB-G\fR options are +ignored. No more than \fBNGROUPS_MAX\fR groups can be specified. GIDs 0-99 are +reserved for allocation by the Operating System. .RE .sp @@ -266,7 +299,8 @@ groups can be specified. .na \fB\fB-k\fR \fIskel_dir\fR\fR .ad -.RS 20n +.sp .6 +.RS 4n A directory that contains skeleton information (such as \fB\&.profile\fR) that can be copied into a new role's home directory. This directory must already exist. The system provides the \fB/etc/skel\fR directory that can be used for @@ -278,24 +312,36 @@ this purpose. .na \fB\fB-K\fR \fIkey=value\fR\fR .ad -.RS 20n +.sp .6 +.RS 4n A \fIkey=value\fR pair to add to the role's attributes. Multiple \fB-K\fR -options can be used to add multiple \fIkey=value\fR pairs. The generic \fB-K\fR -option with the appropriate key can be used instead of the specific implied key -options (\fB-A\fR and \fB-P\fR). See \fBuser_attr\fR(4) for a list of valid -\fIkey=value\fR pairs. The "type" key is not a valid key for this option. Keys -can not be repeated. +options may be used to add multiple \fIkey=value\fR pairs. The generic \fB-K\fR +option with the appropriate key may be used instead of the specific implied key +options (\fB-A\fR, \fB-p\fR, \fB-P\fR). See \fBuser_attr\fR(4) for a +list of valid \fIkey=value\fR pairs. The "type" key is not a valid key for this +option. Keys cannot be repeated. .RE .sp .ne 2 .na -\fB\fB-m\fR\fR +\fB\fB-m\fR\fR [\fB-z|-Z\fR] .ad -.RS 20n +.sp .6 +.RS 4n Create the new role's home directory if it does not already exist. If the directory already exists, it must have read, write, and execute permissions by \fIgroup\fR, where \fIgroup\fR is the role's primary group. +.sp +If the parent directory of the role's home directory is located on a separate +\fBZFS\fR file system and the \fB/etc/default/useradd\fR file contains the +parameter \fBMANAGE_ZFS\fR set to the value \fBYES\fR, a new \fBZFS\fR +file system will be created for the role. +.sp +If the \fB-z\fR option is specified, \fBroleadd\fR will always try to create +a new file system for the home directory. +.sp +If the \fB-Z\fR option is specified, a new file system will never be created. .RE .sp @@ -303,16 +349,29 @@ directory already exists, it must have read, write, and execute permissions by .na \fB\fB-o\fR\fR .ad -.RS 20n +.sp .6 +.RS 4n This option allows a \fBUID\fR to be duplicated (non-unique). .RE .sp .ne 2 .na +\fB\fB-p\fR \fIprojname\fR\fR +.ad +.sp .6 +.RS 4n +Name of the project with which the added role is associated. See the +\fIprojname\fR field as defined in \fBproject\fR(4). +.RE + +.sp +.ne 2 +.na \fB\fB-P\fR \fIprofile\fR\fR .ad -.RS 20n +.sp .6 +.RS 4n One or more comma-separated execution profiles defined in \fBprof_attr\fR(4). .RE @@ -321,8 +380,9 @@ One or more comma-separated execution profiles defined in \fBprof_attr\fR(4). .na \fB\fB-s\fR \fIshell\fR\fR .ad -.RS 20n -Full pathname of the program used as the user's shell on login. It defaults to +.sp .6 +.RS 4n +Full pathname of the program used as the role's shell on login. It defaults to an empty field causing the system to use \fB/bin/pfsh\fR as the default. The value of \fIshell\fR must be a valid executable file. .RE @@ -332,17 +392,21 @@ value of \fIshell\fR must be a valid executable file. .na \fB\fB-u\fR \fIuid\fR\fR .ad -.RS 20n +.sp .6 +.RS 4n The \fBUID\fR of the new role. This \fBUID\fR must be a non-negative decimal integer below \fBMAXUID\fR as defined in \fB\fR\&. The \fBUID\fR defaults to the next available (unique) number above the highest number currently assigned. For example, if \fBUID\fRs 100, 105, and 200 are assigned, -the next default \fBUID\fR number is 201. (\fBUID\fRs from \fB0\fR-\fB99\fR are -reserved for possible use in future applications.) +the next default \fBUID\fR number will be 201. \fBUID\fRs \fB0\fR-\fB99\fR are +reserved for allocation by the Operating System. .RE .SH FILES .LP +\fB/etc/default/useradd\fR +.sp +.LP \fB/etc/datemsk\fR .sp .LP @@ -380,10 +444,10 @@ Interface Stability Evolving .SH SEE ALSO .LP \fBpasswd\fR(1), \fBpfsh\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), -\fBusers\fR(1B), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), +\fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBgrpck\fR(1M), \fBlogins\fR(1M), \fBpwck\fR(1M), \fBuserdel\fR(1M), -\fBusermod\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4), -\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) +\fBusermod\fR(1M), \fBzfs\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), +\fBpasswd\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) .SH DIAGNOSTICS .LP In case of an error, \fBroleadd\fR prints an error message and exits with a diff --git a/usr/src/man/man1m/roledel.1m b/usr/src/man/man1m/roledel.1m index 4827c6ac1a..e14805a55b 100644 --- a/usr/src/man/man1m/roledel.1m +++ b/usr/src/man/man1m/roledel.1m @@ -3,7 +3,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ROLEDEL 1M "Feb 25, 2017" +.TH ROLEDEL 1M "Jan 7, 2018" .SH NAME roledel \- delete a role's login from the system .SH SYNOPSIS @@ -29,6 +29,10 @@ The following options are supported: Remove the role's home directory from the system. This directory must exist. The files and directories under the home directory will no longer be accessible following successful execution of the command. +.sp +If the role's home directory is located on a separate \fBZFS\fR file system and +the \fB/etc/default/useradd\fR file contains the parameter \fBMANAGE_ZFS\fR set +to the value \fBYES\fR, the file system will be destroyed. .RE .SH OPERANDS @@ -105,6 +109,15 @@ Cannot remove or otherwise modify the home directory. .SH FILES .ne 2 .na +\fB\fB/etc/default/useradd\fR\fR +.ad +.RS 18n +configuration file for user and role administrative commands +.RE + +.sp +.ne 2 +.na \fB\fB/etc/passwd\fR\fR .ad .RS 18n @@ -141,10 +154,10 @@ system file containing additional role attributes .SH SEE ALSO .LP \fBauths\fR(1), \fBpasswd\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), -\fBusers\fR(1B), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), +\fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBlogins\fR(1M), \fBroleadd\fR(1M), \fBrolemod\fR(1M), \fBuseradd\fR(1M), -\fBuserdel\fR(1M), \fBusermod\fR(1M), \fBpasswd\fR(4), \fBprof_attr\fR(4), -\fBuser_attr\fR(4), \fBattributes\fR(5) +\fBuserdel\fR(1M), \fBusermod\fR(1M), \fBzfs\fR(1M), \fBpasswd\fR(4), +\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) .SH NOTES .LP The \fBroledel\fR utility only deletes an account definition that is in the diff --git a/usr/src/man/man1m/rolemod.1m b/usr/src/man/man1m/rolemod.1m index 9e557af646..320e8baec0 100644 --- a/usr/src/man/man1m/rolemod.1m +++ b/usr/src/man/man1m/rolemod.1m @@ -1,23 +1,23 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright 1989 AT&T Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH ROLEMOD 1M "Dec 10, 2008" +.TH ROLEMOD 1M "Jan 7, 2018" .SH NAME rolemod \- modify a role's login information on the system .SH SYNOPSIS .LP .nf -\fBrolemod\fR [\fB-u\fR \fIuid\fR [\fB-o\fR]] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [, \fIgroup\fR...]] - [\fB-d\fR \fIdir\fR [\fB-m\fR]] [\fB-s\fR \fIshell\fR] [\fB-c\fR \fIcomment\fR] [\fB-l\fR \fInew_name\fR] +\fBrolemod\fR [\fB-u\fR \fIuid\fR [\fB-o\fR]] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...] + [\fB-d\fR \fIdir\fR [\fB-m\fR [\fB-z|-Z\fR]]] [\fB-s\fR \fIshell\fR] [\fB-c\fR \fIcomment\fR] [\fB-l\fR \fInew_name\fR] [\fB-f\fR \fIinactive\fR] [\fB-e\fR \fIexpire\fR] - [\fB-A\fR \fIauthorization\fR [, \fIauthorization\fR]] - [\fB-P\fR \fIprofile\fR [, \fIprofile\fR]] [\fB-K\fR \fIkey=value\fR] \fIrole\fR + [\fB-A\fR \fIauthorization\fR[,\fIauthorization\fR]...] + [\fB-P\fR \fIprofile\fR[,\fIprofile\fR]...] [\fB-K\fR \fIkey=value\fR] \fIrole\fR .fi .SH DESCRIPTION -.sp .LP The \fBrolemod\fR utility modifies a role's login information on the system. It changes the definition of the specified login and makes the appropriate @@ -25,10 +25,9 @@ login-related system file and file system changes. .sp .LP The system file entries created with this command have a limit of 512 -characters per line. Specifying long arguments to several options may exceed +characters per line. Specifying long arguments to several options can exceed this limit. .SH OPTIONS -.sp .LP The following options are supported: .sp @@ -38,10 +37,10 @@ The following options are supported: .ad .sp .6 .RS 4n -One or more comma separated authorizations as deined in \fBauth_attr\fR(4). -Only role with \fBgrant\fR rights to the \fBauthorization\fR can assign it to -an account. This replaces any existing authorization setting. If no -authorization list is specified, the existing setting is removed. +One or more comma separated authorizations as defined in \fBauth_attr\fR(4). +Only a user or role who has \fBgrant\fR rights to the \fBauthorization\fR can +assign it to an account. This replaces any existing authorization setting. If +an empty authorization list is specified, the existing setting is removed. .RE .sp @@ -53,7 +52,7 @@ authorization list is specified, the existing setting is removed. .RS 4n Specify a comment string. \fIcomment\fR can be any text string. It is generally a short description of the login, and is currently used as the field for the -user's full name. This information is stored in the user's \fB/etc/passwd\fR +role's full name. This information is stored in the role's \fB/etc/passwd\fR entry. .RE @@ -115,10 +114,11 @@ redefines the role's primary group membership. .ad .sp .6 .RS 4n -Specify an existing group's integer ID or character string name. It redefines -the role's supplementary group membership. Duplicates between \fIgroup\fR with -the \fB-g\fR and \fB-G\fR options are ignored. No more than \fBNGROUPS_UMAX\fR -groups may be specified as defined in \fB\fR\&. +One or more comma-separated existing groups, specified by integer \fBID\fR or +character-string name. It redefines the role's supplementary group membership. +Any duplicate groups between the \fB-g\fR and \fB-G\fR options are ignored. +No more than \fBNGROUPS_UMAX\fR groups may be specified as defined in +\fB\fR\&. .RE .sp @@ -149,12 +149,12 @@ user. .sp .6 .RS 4n Specify the new login name for the role. The \fInew_logname\fR argument is a -string no more than eight bytes consisting of characters from the set of +string of no more than eight bytes consisting of characters from the set of alphabetic characters, numeric characters, period (\fB\&.\fR), underline -(\fB_\fR), and hypen (\fB\(mi\fR). The first character should be alphabetic and +(\fB_\fR), and hyphen (\fB\(mi\fR). The first character should be alphabetic and the field should contain at least one lower case alphabetic character. A warning message will be written if these restrictions are not met. A future -Solaris release may refuse to accept login fields that do not meet these +release may refuse to accept login fields that do not meet these requirements. The \fInew_logname\fR argument must contain at least one character and must not contain a colon (\fB:\fR) or \fBNEWLINE\fR (\fB\en\fR). .RE @@ -162,7 +162,7 @@ character and must not contain a colon (\fB:\fR) or \fBNEWLINE\fR (\fB\en\fR). .sp .ne 2 .na -\fB\fB-m\fR\fR +\fB\fB-m\fR\fR [\fB-z|-Z\fR] .ad .sp .6 .RS 4n @@ -170,6 +170,20 @@ Move the role's home directory to the new directory specified with the \fB-d\fR option. If the directory already exists, it must have permissions read/write/execute by \fIgroup\fR, where \fIgroup\fR is the role's primary group. +.sp +If the role's old home directory was located on a separate \fBZFS\fR file system +and the \fB/etc/default/useradd\fR file contains the parameter \fBMANAGE_ZFS\fR +set to the value \fBYES\fR, the file system will be destroyed after the home +directory is moved. If the parent directory of the role's new home directory is +located on a separate \fBZFS\fR filesystem and the \fB/etc/default/useradd\fR +file contains the parameter \fBMANAGE_ZFS\fR set to the value \fBYES\fR, a new +\fBZFS\fR file system will be created. +.sp +If the \fB-z\fR option is specified, \fBrolemod\fR will always try to create a +new file system for the home directory and destroy the old one. +.sp +If the \fB-Z\fR option is specified, a new file system will never be created, +and the old one will never be destroyed. .RE .sp @@ -189,9 +203,9 @@ This option allows the specified \fBUID\fR to be duplicated (non-unique). .ad .sp .6 .RS 4n -One or more comma-separated execution profiles defined in \fBauth_attr\fR(4). -This replaces any existing profile setting. If no profile list is specified, -the existing setting is removed. +One or more comma-separated execution profiles defined in \fBprof_attr\fR(4). +This replaces any existing profile setting. If an empty profile list is +specified, the existing setting is removed. .RE .sp @@ -213,14 +227,13 @@ login. The value of \fIshell\fR must be a valid executable file. .sp .6 .RS 4n Specify a new \fBUID\fR for the role. It must be a non-negative decimal integer -less than \fBMAXUID\fR as defined in \fB\fR\&. The \fBUID\fR +less than \fBMAXUID\fR as defined in \fB\fR\&. The \fBUID\fR associated with the role's home directory is not modified with this option; a role will not have access to their home directory until the \fBUID\fR is manually reassigned using \fBchown\fR(1). .RE .SH OPERANDS -.sp .LP The following operands are supported: .sp @@ -234,7 +247,6 @@ An existing login name to be modified. .RE .SH EXIT STATUS -.sp .LP In case of an error, \fBrolemod\fR prints an error message and exits with one of the following values: @@ -344,7 +356,15 @@ Unable to complete the move of the home directory to the new home directory. .RE .SH FILES -.sp +.ne 2 +.na +\fB\fB/etc/default/useradd\fR\fR +.ad +.sp .6 +.RS 4n +configuration file for user and role administrative commands +.RE + .ne 2 .na \fB\fB/etc/group\fR\fR @@ -396,7 +416,6 @@ system file containing additional user and role attributes .RE .SH ATTRIBUTES -.sp .LP See \fBattributes\fR(5) for descriptions of the following attributes: .sp @@ -412,10 +431,9 @@ Interface Stability Evolving .TE .SH SEE ALSO -.sp .LP -\fBchown\fR(1), \fBpasswd\fR(1), \fBusers\fR(1B), \fBgroupadd\fR(1M), +\fBchown\fR(1), \fBpasswd\fR(1), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBlogins\fR(1M), \fBpwconv\fR(1M), \fBroleadd\fR(1M), \fBroledel\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), -\fBusermod\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4), -\fBattributes\fR(5) +\fBusermod\fR(1M), \fBzfs\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), +\fBpasswd\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) diff --git a/usr/src/man/man1m/useradd.1m b/usr/src/man/man1m/useradd.1m index aae53a27e1..819e7b55b6 100644 --- a/usr/src/man/man1m/useradd.1m +++ b/usr/src/man/man1m/useradd.1m @@ -1,30 +1,32 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright (c) 2013 Gary Mills .\" Copyright (c) 2008 Sun Microsystems, Inc. All Rights Reserved. .\" Copyright 1989 AT&T .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH USERADD 1M "Feb 25, 2017" +.TH USERADD 1M "Jan 7, 2018" .SH NAME useradd \- administer a new user login on the system .SH SYNOPSIS .LP .nf -\fBuseradd\fR [\fB-A\fR \fIauthorization\fR [,\fIauthorization...\fR]] +\fBuseradd\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization\fR]...] [\fB-b\fR \fIbase_dir\fR] [\fB-c\fR \fIcomment\fR] [\fB-d\fR \fIdir\fR] [\fB-e\fR \fIexpire\fR] - [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [,\fIgroup\fR]...] + [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...] [\fB-K\fR \fIkey=value\fR] [\fB-m\fR [\fB-z|-Z\fR] [\fB-k\fR \fIskel_dir\fR]] [\fB-p\fR \fIprojname\fR] - [\fB-P\fR \fIprofile\fR [,\fIprofile...\fR]] [\fB-R\fR \fIrole\fR [,\fIrole...\fR]] + [\fB-P\fR \fIprofile\fR[,\fIprofile\fR]...] [\fB-R\fR \fIrole\fR[,\fIrole\fR]...] [\fB-s\fR \fIshell\fR] [\fB-u\fR \fIuid\fR [\fB-o\fR]] \fIlogin\fR .fi .LP .nf -\fBuseradd\fR \fB-D\fR [\fB-A\fR \fIauthorization\fR [,\fIauthorization...\fR]] - [\fB-b\fR \fIbase_dir\fR] [\fB-s\fR \fIshell\fR [\fB-k\fR \fIskel_dir\fR]] [\fB-e\fR \fIexpire\fR] - [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] [\fB-K\fR \fIkey=value\fR] [\fB-p\fR \fIprojname\fR] - [\fB-P\fR \fIprofile\fR [,\fIprofile...\fR]] [\fB-R\fR \fIrole\fR [,\fIrole...\fR]] +\fBuseradd\fR \fB-D\fR [\fB-A\fR \fIauthorization\fR[,\fIauthorization\fR]...] + [\fB-b\fR \fIbase_dir\fR] [\fB-e\fR \fIexpire\fR] [\fB-f\fR \fIinactive\fR] [\fB-g\fR \fIgroup\fR] + [\fB-k\fR \fIskel_dir\fR] [\fB-K\fR \fIkey=value\fR] [\fB-p\fR \fIprojname\fR] + [\fB-P\fR \fIprofile\fR[,\fIprofile\fR]...] [\fB-R\fR \fIrole\fR[,\fIrole\fR]...] + [\fB-s\fR \fIshell\fR] .fi .SH DESCRIPTION @@ -32,7 +34,7 @@ useradd \- administer a new user login on the system \fBuseradd\fR adds a new user to the \fB/etc/passwd\fR and \fB/etc/shadow\fR and \fB/etc/user_attr\fR files. The \fB-A\fR and \fB-P\fR options respectively assign authorizations and profiles to the user. The \fB-R\fR option assigns -roles to a user. The \fB-p\fR option associates a project with a user. The +roles to the user. The \fB-p\fR option associates a project with the user. The \fB-K\fR option adds a \fIkey=value\fR pair to \fB/etc/user_attr\fR for the user. Multiple \fIkey=value\fR pairs may be added with multiple \fB-K\fR options. @@ -44,9 +46,9 @@ if requested. The new login remains locked until the \fBpasswd\fR(1) command is executed. .sp .LP -Specifying \fBuseradd\fR \fB-D\fR with the \fB-s\fR, \fB-k\fR,\fB-g\fR, -\fB-b\fR, \fB-f\fR, \fB-e\fR, \fB-A\fR, \fB-P\fR, \fB-p\fR, \fB-R\fR, or -\fB-K\fR option (or any combination of these options) sets the default values +Specifying \fBuseradd\fR \fB-D\fR with the \fB-A\fR, \fB-b\fR, \fB-e\fR, +\fB-f\fR, \fB-g\fR, \fB-k\fR, \fB-K\fR, \fB-p\fR, \fB-P\fR, \fB-R\fR, or +\fB-s\fR option (or any combination of these options) sets the default values for the respective fields. See the \fB-D\fR option, below. Subsequent \fBuseradd\fR commands without the \fB-D\fR option use these arguments. .sp @@ -87,8 +89,8 @@ an account. .sp .6 .RS 4n The base directory for new login home directories (see the \fB-d\fR option -below. When a new user account is being created, \fIbase_dir\fR must already -exist unless the \fB-m\fR option or the \fB-d\fR option is also specified. +below). The directory named by \fIbase_dir\fR must already exist and be an +absolute path. .RE .sp @@ -98,7 +100,7 @@ exist unless the \fB-m\fR option or the \fB-d\fR option is also specified. .ad .sp .6 .RS 4n -Any text string. It is generally a short description of the login, and is +A text string. It is generally a short description of the login, and is currently used as the field for the user's full name. This information is stored in the user's \fB/etc/passwd\fR entry. .RE @@ -110,7 +112,7 @@ stored in the user's \fB/etc/passwd\fR entry. .ad .sp .6 .RS 4n -The home directory of the new user. It defaults to +The home directory of the new user. If not supplied, it defaults to \fIbase_dir\fR/\fIaccount_name\fR, where \fIbase_dir\fR is the base directory for new login home directories and \fIaccount_name\fR is the new login name. .RE @@ -124,8 +126,8 @@ for new login home directories and \fIaccount_name\fR is the new login name. .RS 4n Display the default values for \fBgroup\fR, \fBbase_dir\fR, \fBskel_dir\fR, \fBshell\fR, \fBinactive\fR, \fBexpire\fR, \fBproj\fR, \fBprojname\fR and -\fBkey=value\fR pairs. When used with the \fB-g\fR, \fB-b\fR, \fB-f\fR, -\fB-e\fR, \fB-A\fR, \fB-P\fR, \fB-p\fR, \fB-R\fR, or \fB-K\fR options, the +\fBkey=value\fR pairs. When used with the \fB-A\fR, \fB-b\fR, \fB-e\fR, +\fB-f\fR, \fB-g\fR, \fB-P\fR, \fB-p\fR, \fB-R\fR, or \fB-K\fR options, the \fB-D\fR option sets the default values for the specified fields. The default values are: .sp @@ -231,7 +233,7 @@ null .sp .ne 2 .na -\fBkey=value (pairs defined in \fBuser_attr\fR(4)\fR +\fBkey=value\fR (pairs defined in \fBuser_attr\fR(4)) .ad .sp .6 .RS 4n @@ -291,7 +293,7 @@ An existing group's integer \fBID\fR or character-string name. Without the \fB-D\fR option, it defines the new user's primary group membership and defaults to the default group. You can reset this default value by invoking \fBuseradd\fR \fB-D\fR \fB-g\fR \fIgroup\fR. GIDs 0-99 are reserved for -allocation by the Solaris Operating System. +allocation by the Operating System. .RE .sp @@ -301,39 +303,39 @@ allocation by the Solaris Operating System. .ad .sp .6 .RS 4n -An existing group's integer \fBID\fR or character-string name. It defines the -new user's supplementary group membership. Duplicates between \fIgroup\fR with -the \fB-g\fR and \fB-G\fR options are ignored. No more than \fBNGROUPS_MAX\fR -groups can be specified. GIDs 0-99 are reserved for allocation by the Solaris -Operating System. +One or more comma-separated existing groups, specified by integer \fBID\fR or +character-string name. It defines the new user's supplementary group +membership. Any duplicate groups between the \fB-g\fR and \fB-G\fR options are +ignored. No more than \fBNGROUPS_MAX\fR groups can be specified. GIDs 0-99 are +reserved for allocation by the Operating System. .RE .sp .ne 2 .na -\fB\fB-K\fR \fIkey=value\fR\fR +\fB\fB-k\fR \fIskel_dir\fR\fR .ad .sp .6 .RS 4n -A \fIkey=value\fR pair to add to the user's attributes. Multiple \fB-K\fR -options may be used to add multiple \fIkey=value\fR pairs. The generic \fB-K\fR -option with the appropriate key may be used instead of the specific implied key -options (\fB-A\fR, \fB-P\fR, \fB-R\fR, \fB-p\fR). See \fBuser_attr\fR(4) for a -list of valid \fIkey=value\fR pairs. The "type" key is not a valid key for this -option. Keys may not be repeated. +A directory that contains skeleton information (such as \fB\&.profile\fR) that +can be copied into a new user's home directory. This directory must already +exist. The system provides the \fB/etc/skel\fR directory that can be used for +this purpose. .RE .sp .ne 2 .na -\fB\fB-k\fR \fIskel_dir\fR\fR +\fB\fB-K\fR \fIkey=value\fR\fR .ad .sp .6 .RS 4n -A directory that contains skeleton information (such as \fB\&.profile\fR) that -can be copied into a new user's home directory. This directory must already -exist. The system provides the \fB/etc/skel\fR directory that can be used for -this purpose. +A \fIkey=value\fR pair to add to the user's attributes. Multiple \fB-K\fR +options may be used to add multiple \fIkey=value\fR pairs. The generic \fB-K\fR +option with the appropriate key may be used instead of the specific implied key +options (\fB-A\fR, \fB-p\fR, \fB-P\fR, \fB-R\fR). See \fBuser_attr\fR(4) for a +list of valid \fIkey=value\fR pairs. The "type" key is not a valid key for this +option. Keys cannot be repeated. .RE .sp @@ -371,22 +373,22 @@ This option allows a \fBUID\fR to be duplicated (non-unique). .sp .ne 2 .na -\fB\fB-P\fR \fIprofile\fR\fR +\fB\fB-p\fR \fIprojname\fR\fR .ad .sp .6 .RS 4n -One or more comma-separated execution profiles defined in \fBprof_attr\fR(4). +Name of the project with which the added user is associated. See the +\fIprojname\fR field as defined in \fBproject\fR(4). .RE .sp .ne 2 .na -\fB\fB-p\fR \fIprojname\fR\fR +\fB\fB-P\fR \fIprofile\fR\fR .ad .sp .6 .RS 4n -Name of the project with which the added user is associated. See the -\fIprojname\fR field as defined in \fBproject\fR(4). +One or more comma-separated execution profiles defined in \fBprof_attr\fR(4). .RE .sp @@ -396,7 +398,7 @@ Name of the project with which the added user is associated. See the .ad .sp .6 .RS 4n -One or more comma-separated execution profiles defined in \fBuser_attr\fR(4). +One or more comma-separated roles defined in \fBuser_attr\fR(4). Roles cannot be assigned to other roles. .RE @@ -424,7 +426,7 @@ integer below \fBMAXUID\fR as defined in \fB\fR\&. The \fBUID\fR defaults to the next available (unique) number above the highest number currently assigned. For example, if \fBUID\fRs 100, 105, and 200 are assigned, the next default \fBUID\fR number will be 201. \fBUID\fRs \fB0\fR-\fB99\fR are -reserved for allocation by the Solaris Operating System. +reserved for allocation by the Operating System. .RE .SH FILES @@ -468,11 +470,11 @@ Interface Stability Committed .SH SEE ALSO .LP -\fBpasswd\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), \fBusers\fR(1B), +\fBpasswd\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBgrpck\fR(1M), \fBlogins\fR(1M), \fBpwck\fR(1M), \fBuserdel\fR(1M), \fBusermod\fR(1M), -\fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4), \fBprof_attr\fR(4), -\fBproject\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5), \fBzfs\fR(1M) +\fBzfs\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4), +\fBprof_attr\fR(4), \fBproject\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) .SH DIAGNOSTICS .LP In case of an error, \fBuseradd\fR prints an error message and exits with a @@ -551,7 +553,7 @@ UX: useradd: ERROR: Cannot update system files - login cannot be created. .SH NOTES .LP The \fBuseradd\fR utility adds definitions to only the local \fB/etc/group\fR, -\fBetc/passwd\fR, \fB/etc/passwd\fR, \fB/etc/shadow\fR, \fB/etc/project\fR, and +\fB/etc/passwd\fR, \fB/etc/shadow\fR, \fB/etc/project\fR, and \fB/etc/user_attr\fR files. If a network name service is being used to supplement the local \fB/etc/passwd\fR file with additional entries, \fBuseradd\fR cannot change information supplied by the diff --git a/usr/src/man/man1m/userdel.1m b/usr/src/man/man1m/userdel.1m index bdf4d3ebed..5db1d8780f 100644 --- a/usr/src/man/man1m/userdel.1m +++ b/usr/src/man/man1m/userdel.1m @@ -4,7 +4,7 @@ .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH USERDEL 1M "Feb 25, 2017" +.TH USERDEL 1M "Jan 7, 2018" .SH NAME userdel \- delete a user's login from the system .SH SYNOPSIS @@ -112,7 +112,7 @@ Cannot remove or otherwise modify the home directory. \fB\fB/etc/default/useradd\fR\fR .ad .RS 18n -useradd, usermod and userdel configuration file +configuration file for user and role administrative commands .RE .sp @@ -130,7 +130,7 @@ system password file \fB\fB/etc/shadow\fR\fR .ad .RS 18n -system file contain users' encrypted passwords and related information +system file containing users' encrypted passwords and related information .RE .sp @@ -154,10 +154,10 @@ system file containing additional user attributes .SH SEE ALSO .LP \fBauths\fR(1), \fBpasswd\fR(1), \fBprofiles\fR(1), \fBroles\fR(1), -\fBusers\fR(1B), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), -\fBlogins\fR(1M), \fBroleadd\fR(1M), \fBrolemod\fR(1M), \fBuseradd\fR(1M), -\fBuserdel\fR(1M), \fBusermod\fR(1M), \fBpasswd\fR(4), \fBprof_attr\fR(4), -\fBuser_attr\fR(4), \fBattributes\fR(5), \fBzfs\fR(1M) +\fBgroupadd\fR(1M), \fBgroupdel\fR(1M), \fBgroupmod\fR(1M), +\fBlogins\fR(1M), \fBroleadd\fR(1M), \fBroledel\fR(1M), \fBrolemod\fR(1M), +\fBuseradd\fR(1M), \fBusermod\fR(1M), \fBzfs\fR(1M), \fBpasswd\fR(4), +\fBprof_attr\fR(4), \fBuser_attr\fR(4), \fBattributes\fR(5) .SH NOTES .LP The \fBuserdel\fR utility only deletes an account definition that is in the diff --git a/usr/src/man/man1m/usermod.1m b/usr/src/man/man1m/usermod.1m index fd337ca082..0a2a4bfdd3 100644 --- a/usr/src/man/man1m/usermod.1m +++ b/usr/src/man/man1m/usermod.1m @@ -1,19 +1,20 @@ '\" te +.\" Copyright (c) 2018 Peter Tribble. .\" Copyright 1989 AT&T Copyright (c) 2004, 2009, Sun Microsystems, Inc. All Rights Reserved .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] -.TH USERMOD 1M "May 13, 2017" +.TH USERMOD 1M "Jan 7, 2018" .SH NAME usermod \- modify a user's login information on the system .SH SYNOPSIS .LP .nf -\fBusermod\fR [\fB-u\fR \fIuid\fR [\fB-o\fR]] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR [, \fIgroup\fR...]] +\fBusermod\fR [\fB-u\fR \fIuid\fR [\fB-o\fR]] [\fB-g\fR \fIgroup\fR] [\fB-G\fR \fIgroup\fR[,\fIgroup\fR]...] [\fB-d\fR \fIdir\fR [\fB-m\fR [\fB-z|-Z\fR]]] [\fB-s\fR \fIshell\fR] [\fB-c\fR \fIcomment\fR] [\fB-l\fR \fInew_name\fR] [\fB-f\fR \fIinactive\fR] [\fB-e\fR \fIexpire\fR] - [\fB-A\fR \fIauthorization\fR [, \fIauthorization\fR]] - [\fB-P\fR \fIprofile\fR [, \fIprofile\fR]] [\fB-R\fR \fIrole\fR [, \fIrole\fR]] + [\fB-A\fR \fIauthorization\fR[,\fIauthorization\fR]...] + [\fB-P\fR \fIprofile\fR[,\fIprofile\fR]...] [\fB-R\fR \fIrole\fR[,\fIrole\fR]...] [\fB-K\fR \fIkey=value\fR] \fIlogin\fR .fi @@ -25,7 +26,7 @@ login-related system file and file system changes. .sp .LP The system file entries created with this command have a limit of 512 -characters per line. Specifying long arguments to several options might exceed +characters per line. Specifying long arguments to several options can exceed this limit. .SH OPTIONS .LP @@ -40,7 +41,7 @@ The following options are supported: One or more comma separated authorizations as defined in \fBauth_attr\fR(4). Only a user or role who has \fBgrant\fR rights to the \fBauthorization\fR can assign it to an account. This replaces any existing authorization setting. If -no authorization list is specified, the existing setting is removed. +an empty authorization list is specified, the existing setting is removed. .RE .sp @@ -114,10 +115,11 @@ redefines the user's primary group membership. .ad .sp .6 .RS 4n -Specify an existing group's integer "ID" "," or character string name. It -redefines the user's supplementary group membership. Duplicates between -\fIgroup\fR with the \fB-g\fR and \fB-G\fR options are ignored. No more than -\fBNGROUPS_UMAX\fR groups may be specified as defined in \fB\fR\&. +One or more comma-separated existing groups, specified by integer \fBID\fR or +character-string name. It redefines the user's supplementary group membership. +Any duplicate groups between the \fB-g\fR and \fB-G\fR options are ignored. +No more than \fBNGROUPS_UMAX\fR groups may be specified as defined in +\fB\fR\&. .RE .sp @@ -202,8 +204,8 @@ This option allows the specified \fBUID\fR to be duplicated (non-unique). .ad .sp .6 .RS 4n -One or more comma-separated rights profiles defined in \fBprof_attr\fR(4). This -replaces any existing profile setting in \fBuser_attr\fR(4). If an empty +One or more comma-separated execution profiles defined in \fBprof_attr\fR(4). +This replaces any existing profile setting in \fBuser_attr\fR(4). If an empty profile list is specified, the existing setting is removed. .RE @@ -215,8 +217,8 @@ profile list is specified, the existing setting is removed. .sp .6 .RS 4n One or more comma-separated roles (see \fBroleadd\fR(1M)). This replaces any -existing role setting. If no role list is specified, the existing setting is -removed. +existing role setting. If an empty role list is specified, the existing setting +is removed. .RE .sp @@ -238,7 +240,7 @@ login. The value of \fIshell\fR must be a valid executable file. .sp .6 .RS 4n Specify a new \fBUID\fR for the user. It must be a non-negative decimal integer -less than \fBMAXUID\fR as defined in \fB\fR\&. The \fBUID\fR +less than \fBMAXUID\fR as defined in \fB\fR\&. The \fBUID\fR associated with the user's home directory is not modified with this option; a user will not have access to their home directory until the \fBUID\fR is manually reassigned using \fBchown\fR(1). @@ -259,7 +261,7 @@ An existing login name to be modified. .SH EXAMPLES .LP -\fBExample 1 \fRAssigning Privileges to a User +\fBExample 1\fR Assigning Privileges to a User .sp .LP The following command adds the privilege that affects high resolution times to @@ -285,7 +287,7 @@ jdoe::::type=normal;defaultpriv=basic,proc_clock_highres .in -2 .LP -\fBExample 2 \fRRemoving a Privilege from a User's Limit Set +\fBExample 2\fR Removing a Privilege from a User's Limit Set .sp .LP The following command removes the privilege that allows the specified user to @@ -311,7 +313,7 @@ jdoe::::type=normal;defaultpriv=basic,limitpriv=all,!sys_linkdir .in -2 .LP -\fBExample 3 \fRRemoving a Privilege from a User's Basic Set +\fBExample 3\fR Removing a Privilege from a User's Basic Set .sp .LP The following command removes the privilege that allows the specified user to @@ -337,7 +339,7 @@ jdoe::::type=normal;defaultpriv=basic,!proc_session;limitpriv=all .in -2 .LP -\fBExample 4 \fRAssigning a Role to a User +\fBExample 4\fR Assigning a Role to a User .sp .LP The following command assigns a role to a user. The role must have been created @@ -363,11 +365,11 @@ jdoe::::type=normal;roles=mailadm;defaultpriv=basic;limitpriv=all .in -2 .LP -\fBExample 5 \fRRemoving All Profiles from a User +\fBExample 5\fR Removing All Profiles from a User .sp .LP The following command removes all profiles that were granted to a user -directly. The user will still have any rights profiles that are granted by +directly. The user will still have any execution profiles that are granted by means of the \fBPROFS_GRANTED\fR key in \fBpolicy.conf\fR(4). .sp @@ -494,7 +496,7 @@ Unable to complete the move of the home directory to the new home directory. .ad .sp .6 .RS 4n -useradd, usermod and userdel configuration file +configuration file for user and role administrative commands .RE .sp @@ -534,7 +536,8 @@ system password file .ad .sp .6 .RS 4n -system file containing users' encrypted passwords and related information +system file containing users' and roles' encrypted passwords and related +information .RE .sp @@ -564,12 +567,12 @@ Interface Stability Committed .SH SEE ALSO .LP -\fBchown\fR(1), \fBpasswd\fR(1), \fBusers\fR(1B), \fBgroupadd\fR(1M), -\fBgroupdel\fR(1M), \fBgroupmod\fR(1M), \fBlogins\fR(1M), \fBpwconv\fR(1M), -\fBroleadd\fR(1M), \fBroledel\fR(1M), \fBrolemod\fR(1M), \fBuseradd\fR(1M), -\fBuserdel\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4), +\fBchown\fR(1), \fBpasswd\fR(1), \fBgroupadd\fR(1M), \fBgroupdel\fR(1M), +\fBgroupmod\fR(1M), \fBlogins\fR(1M), \fBpwconv\fR(1M), \fBroleadd\fR(1M), +\fBroledel\fR(1M), \fBrolemod\fR(1M), \fBuseradd\fR(1M), \fBuserdel\fR(1M), +\fBzfs\fR(1M), \fBgetdate\fR(3C), \fBauth_attr\fR(4), \fBpasswd\fR(4), \fBpolicy.conf\fR(4), \fBprof_attr\fR(4), \fBuser_attr\fR(4), -\fBattributes\fR(5), \fBzfs\fR(1M) +\fBattributes\fR(5) .SH NOTES .LP The \fBusermod\fR utility modifies \fBpasswd\fR definitions only in the local -- 2.11.4.GIT