1rolemod(1M)             System Administration Commands             rolemod(1M)
2
3
4

NAME

6       rolemod - modify a role's login information on the system
7

SYNOPSIS

9       rolemod [-u uid [-o]] [-g group] [-G group [, group...]]
10            [-d dir [-m]] [-s shell] [-c comment] [-l new_name]
11            [-f inactive] [-e expire]
12            [-A authorization [, authorization]]
13            [-P profile [, profile]] [-K key=value] role
14
15

DESCRIPTION

17       The  rolemod utility modifies a role's login information on the system.
18       It changes the definition of the specified login and makes  the  appro‐
19       priate login-related system file and file system changes.
20
21
22       The  system  file entries created with this command have a limit of 512
23       characters per line. Specifying long arguments to several  options  may
24       exceed this limit.
25

OPTIONS

27       The following options are supported:
28
29       -A authorization
30
31           One   or   more   comma   separated  authorizations  as  deined  in
32           auth_attr(4). Only role with grant rights to the authorization  can
33           assign  it  to an account. This replaces any existing authorization
34           setting. If no authorization list is specified, the  existing  set‐
35           ting is removed.
36
37
38       -c comment
39
40           Specify  a  comment  string.  comment can be any text string. It is
41           generally a short description of the login, and is  currently  used
42           as  the  field for the user's full name. This information is stored
43           in the user's /etc/passwd entry.
44
45
46       -d dir
47
48           Specify the  new  home  directory  of  the  role.  It  defaults  to
49           base_dir/login,  where base_dir is the base directory for new login
50           home directories, and login is the new login.
51
52
53       -e expire
54
55           Specify the expiration date for a role. After this  date,  no  role
56           will  be able to access this login. The expire option argument is a
57           date entered using one of the date formats included in the template
58           file /etc/datemsk. See getdate(3C).
59
60           For  example,  you may enter 10/6/90 or October 6, 1990. A value of
61           `` '' defeats the status of the expired date.
62
63
64       -f inactive
65
66           Specify the maximum number of days allowed between uses of a  login
67           ID before that login ID is declared invalid. Normal values are pos‐
68           itive integers. A value of 0 defeats the status.
69
70
71       -g group
72
73           Specify an existing group's integer ID or character-string name. It
74           redefines the role's primary group membership.
75
76
77       -G group
78
79           Specify an existing group's integer ID or character string name. It
80           redefines the role's  supplementary  group  membership.  Duplicates
81           between  group with the -g and -G options are ignored. No more than
82           NGROUPS_UMAX groups may be specified as defined in <param.h>.
83
84
85       -K key=value
86
87           Replace existing or add to a role's key=value pair attributes. Mul‐
88           tiple  -K  options can be used to replace or add multiple key=value
89           pairs. However, keys must not be repeated. The  generic  -K  option
90           with  the  appropriate  key  may  be  used  instead of the specific
91           implied key options (-A and -P). See user_attr(4)  for  a  list  of
92           valid key=value pairs.
93
94           The  keyword type can be specified with the value role or the value
95           normal. When using the value normal, the  account  changes  from  a
96           role  user to a normal user; using the value role keeps the account
97           a role user.
98
99
100       -l new_logname
101
102           Specify the new login name for the role. The  new_logname  argument
103           is  a string no more than eight bytes consisting of characters from
104           the set of alphabetic characters, numeric characters,  period  (.),
105           underline  (_), and hypen (). The first character should be alpha‐
106           betic and the field should contain at least one lower  case  alpha‐
107           betic  character.  A  warning  message  will  be  written  if these
108           restrictions are not met. A future Solaris release  may  refuse  to
109           accept  login  fields  that  do  not  meet  these requirements. The
110           new_logname argument must contain at least one character  and  must
111           not contain a colon (:) or NEWLINE (\n).
112
113
114       -m
115
116           Move  the role's home directory to the new directory specified with
117           the -d option. If the directory already exists, it must  have  per‐
118           missions  read/write/execute  by  group,  where group is the role's
119           primary group.
120
121
122       -o
123
124           This option allows the specified UID to be duplicated (non-unique).
125
126
127       -P profile
128
129           One  or  more  comma-separated  execution   profiles   defined   in
130           auth_attr(4).  This  replaces  any  existing profile setting. If no
131           profile list is specified, the existing setting is removed.
132
133
134       -s shell
135
136           Specify the full pathname of the program that is used as the role's
137           shell on login. The value of shell must be a valid executable file.
138
139
140       -u uid
141
142           Specify  a  new UID for the role. It must be a non-negative decimal
143           integer less than MAXUID as defined in <param.h>. The  UID  associ‐
144           ated  with  the  role's  home  directory  is not modified with this
145           option; a role will not have access to their home  directory  until
146           the UID is manually reassigned using chown(1).
147
148

OPERANDS

150       The following operands are supported:
151
152       login
153
154           An existing login name to be modified.
155
156

EXIT STATUS

158       In case of an error, rolemod prints an error message and exits with one
159       of the following values:
160
161       2
162
163           The command syntax was invalid. A usage  message  for  the  rolemod
164           command is displayed.
165
166
167       3
168
169           An invalid argument was provided to an option.
170
171
172       4
173
174           The uid given with the -u option is already in use.
175
176
177       5
178
179           The password files contain an error. pwconv(1M) can be used to cor‐
180           rect possible errors. See passwd(4).
181
182
183       6
184
185           The login to be modified does not exist, the group does not  exist,
186           or the login shell does not exist.
187
188
189       8
190
191           The login to be modified is in use.
192
193
194       9
195
196           The new_logname is already in use.
197
198
199       10
200
201           Cannot  update  the /etc/group or /etc/user_attr file. Other update
202           requests will be implemented.
203
204
205       11
206
207           Insufficient space to move the home directory  (-m  option).  Other
208           update requests will be implemented.
209
210
211       12
212
213           Unable  to  complete the move of the home directory to the new home
214           directory.
215
216

FILES

218       /etc/group
219
220           system file containing group definitions
221
222
223       /etc/datemsk
224
225           system file of date formats
226
227
228       /etc/passwd
229
230           system password file
231
232
233       /etc/shadow
234
235           system file containing users' and roles'  encrypted  passwords  and
236           related information
237
238
239       /etc/user_attr
240
241           system file containing additional user and role attributes
242
243

ATTRIBUTES

245       See attributes(5) for descriptions of the following attributes:
246
247
248
249
250       ┌─────────────────────────────┬─────────────────────────────┐
251       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
252       ├─────────────────────────────┼─────────────────────────────┤
253       │Availability                 │SUNWcsu                      │
254       ├─────────────────────────────┼─────────────────────────────┤
255       │Interface Stability          │Evolving                     │
256       └─────────────────────────────┴─────────────────────────────┘
257

SEE ALSO

259       chown(1),  passwd(1),  users(1B),  groupadd(1M),  groupdel(1M),  group‐
260       mod(1M), logins(1M), pwconv(1M), roleadd(1M), roledel(1M), useradd(1M),
261       userdel(1M),   usermod(1M),   getdate(3C),   auth_attr(4),   passwd(4),
262       attributes(5)
263
264
265
266SunOS 5.11                        10 Dec 2008                      rolemod(1M)
Impressum