1usermod(1M)             System Administration Commands             usermod(1M)
2
3
4

NAME

6       usermod - modify a user's login information on the system
7

SYNOPSIS

9       usermod [-u uid [-o]] [-g group] [-G group [, group...]]
10            [-d dir [-m]] [-s shell] [-c comment] [-l new_name]
11            [-f inactive] [-e expire]
12            [-A authorization [, authorization]]
13            [-P profile [, profile]] [-R role [, role]]
14            [-K key=value] login
15
16

DESCRIPTION

18       The  usermod  utility modifies a user's login definition on the system.
19       It changes the definition of the specified login and makes  the  appro‐
20       priate login-related system file and file system changes.
21
22
23       The  system  file entries created with this command have a limit of 512
24       characters per line. Specifying long arguments to several options might
25       exceed this limit.
26

OPTIONS

28       The following options are supported:
29
30       -A authorization
31
32           One   or   more   comma  separated  authorizations  as  defined  in
33           auth_attr(4). Only a user or role  who  has  grant  rights  to  the
34           authorization can assign it to an account. This replaces any exist‐
35           ing authorization setting. If no authorization list  is  specified,
36           the existing setting is removed.
37
38
39       -c comment
40
41           Specify  a  comment  string.  comment can be any text string. It is
42           generally a short description of the login, and is  currently  used
43           as  the  field for the user's full name. This information is stored
44           in the user's /etc/passwd entry.
45
46
47       -d dir
48
49           Specify the  new  home  directory  of  the  user.  It  defaults  to
50           base_dir/login,  where base_dir is the base directory for new login
51           home directories, and login is the new login.
52
53
54       -e expire
55
56           Specify the expiration date for a login. After this date,  no  user
57           will  be able to access this login. The expire option argument is a
58           date entered using one of the date formats included in the template
59           file /etc/datemsk. See getdate(3C).
60
61           For  example,  you may enter 10/6/90 or October 6, 1990. A value of
62           `` '' defeats the status of the expired date.
63
64
65       -f inactive
66
67           Specify the maximum number of days allowed between uses of a  login
68           ID before that login ID is declared invalid. Normal values are pos‐
69           itive integers. A value of 0 defeats the status.
70
71
72       -g group
73
74           Specify an existing group's integer ID or character-string name. It
75           redefines the user's primary group membership.
76
77
78       -G group
79
80           Specify  an  existing  group's integer "ID" "," or character string
81           name. It  redefines  the  user's  supplementary  group  membership.
82           Duplicates between group with the -g and -G options are ignored. No
83           more than NGROUPS_UMAX  groups  may  be  specified  as  defined  in
84           <param.h>.
85
86
87       -K key=value
88
89           Replace existing or add to a user's key=value pair attributes. Mul‐
90           tiple -K options can be used to replace or add  multiple  key=value
91           pairs.  However,  keys  must not be repeated. The generic -K option
92           with the appropriate key  can  be  used  instead  of  the  specific
93           implied  key  options (-A, -P, -R, -p). See user_attr(4) for a list
94           of valid keys. Values for these keys are usually found in man pages
95           or other sources related to those keys. For example, see project(4)
96           for guidance on  values  for  the  project  key.  Use  the  command
97           ppriv(1)  with  the  -v and -l options for a list of values for the
98           keys defaultpriv and limitpriv.
99
100           The keyword type can be specified with the value role or the  value
101           normal.  When using the value role, the account changes from a nor‐
102           mal user to a role; using the value normal keeps the account a nor‐
103           mal user.
104
105           As a role account, no roles (-R or roles=value) can be present.
106
107
108       -l new_logname
109
110           Specify  the  new  login  name  for the user. See passwd(4) for the
111           requirements for usernames.
112
113
114       -m
115
116           Move the user's home directory to the new directory specified  with
117           the  -d  option. If the directory already exists, it must have per‐
118           missions read/write/execute by group, where  group  is  the  user's
119           primary group.
120
121
122       -o
123
124           This option allows the specified UID to be duplicated (non-unique).
125
126
127       -P profile
128
129           One   or   more   comma-separated   rights   profiles   defined  in
130           prof_attr(4).  This  replaces  any  existing  profile  setting   in
131           user_attr(4).  If  an empty profile list is specified, the existing
132           setting is removed.
133
134
135       -R role
136
137           One or more comma-separated roles (see roleadd(1M)). This  replaces
138           any existing role setting. If no role list is specified, the exist‐
139           ing setting is removed.
140
141
142       -s shell
143
144           Specify the full pathname of the program that is used as the user's
145           shell on login. The value of shell must be a valid executable file.
146
147
148       -u uid
149
150           Specify  a  new UID for the user. It must be a non-negative decimal
151           integer less than MAXUID as defined in <param.h>. The  UID  associ‐
152           ated  with  the  user's  home  directory  is not modified with this
153           option; a user will not have access to their home  directory  until
154           the UID is manually reassigned using chown(1).
155
156

OPERANDS

158       The following operands are supported:
159
160       login
161
162           An existing login name to be modified.
163
164

EXAMPLES

166       Example 1 Assigning Privileges to a User
167
168
169       The  following  command adds the privilege that affects high resolution
170       times to a user's initial, inheritable set of privileges.
171
172
173         # usermod -K defaultpriv=basic,proc_clock_highres jdoe
174
175
176
177
178       This command results in the following entry in user_attr:
179
180
181         jdoe::::type=normal;defaultpriv=basic,proc_clock_highres
182
183
184       Example 2 Removing a Privilege from a User's Limit Set
185
186
187       The following command removes the privilege that allows  the  specified
188       user to create hard links to directories and to unlink directories.
189
190
191         # usermod -K limitpriv=all,!sys_linkdir jdoe
192
193
194
195
196       This command results in the following entry in user_attr:
197
198
199         jdoe::::type=normal;defaultpriv=basic,limitpriv=all,!sys_linkdir
200
201
202       Example 3 Removing a Privilege from a User's Basic Set
203
204
205       The  following  command removes the privilege that allows the specified
206       user to examine processes outside the user's session.
207
208
209         # usermod -K defaultpriv=basic,!proc_session jdoe
210
211
212
213
214       This command results in the following entry in user_attr:
215
216
217         jdoe::::type=normal;defaultpriv=basic,!proc_session;limitpriv=all
218
219
220       Example 4 Assigning a Role to a User
221
222
223       The following command assigns a role to a user. The role must have been
224       created  prior  to this command, either through use of the Solaris Man‐
225       agement Console GUI or through roleadd(1M).
226
227
228         # usermod -R mailadm jdoe
229
230
231
232
233       This command results in the following entry in user_attr:
234
235
236         jdoe::::type=normal;roles=mailadm;defaultpriv=basic;limitpriv=all
237
238
239       Example 5 Removing All Profiles from a User
240
241
242       The following command removes all profiles that were granted to a  user
243       directly. The user will still have any rights profiles that are granted
244       by means of the PROFS_GRANTED key in policy.conf(4).
245
246
247         # usermod -P "" jdoe
248
249
250

EXIT STATUS

252       In case of an error, usermod prints an error message and exits with one
253       of the following values:
254
255       2
256
257           The  command  syntax  was  invalid. A usage message for the usermod
258           command is displayed.
259
260
261       3
262
263           An invalid argument was provided to an option.
264
265
266       4
267
268           The uid given with the -u option is already in use.
269
270
271       5
272
273           The password files contain an error. pwconv(1M) can be used to cor‐
274           rect possible errors. See passwd(4).
275
276
277       6
278
279           The  login to be modified does not exist, the group does not exist,
280           or the login shell does not exist.
281
282
283       8
284
285           The login to be modified is in use.
286
287
288       9
289
290           The new_logname is already in use.
291
292
293       10
294
295           Cannot update the /etc/group or /etc/user_attr file.  Other  update
296           requests will be implemented.
297
298
299       11
300
301           Insufficient  space  to  move the home directory (-m option). Other
302           update requests will be implemented.
303
304
305       12
306
307           Unable to complete the move of the home directory to the  new  home
308           directory.
309
310

FILES

312       /etc/group
313
314           system file containing group definitions
315
316
317       /etc/datemsk
318
319           system file of date formats
320
321
322       /etc/passwd
323
324           system password file
325
326
327       /etc/shadow
328
329           system  file  containing  users'  encrypted  passwords  and related
330           information
331
332
333       /etc/user_attr
334
335           system file containing additional user and role attributes
336
337

ATTRIBUTES

339       See attributes(5) for descriptions of the following attributes:
340
341
342
343
344       ┌─────────────────────────────┬─────────────────────────────┐
345       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
346       ├─────────────────────────────┼─────────────────────────────┤
347       │Availability                 │SUNWcsu                      │
348       ├─────────────────────────────┼─────────────────────────────┤
349       │Interface Stability          │Committed                    │
350       └─────────────────────────────┴─────────────────────────────┘
351

SEE ALSO

353       chown(1),  passwd(1),  users(1B),  groupadd(1M),  groupdel(1M),  group‐
354       mod(1M), logins(1M), pwconv(1M), roleadd(1M), roledel(1M), rolemod(1M),
355       useradd(1M), userdel(1M), getdate(3C),  auth_attr(4),  passwd(4),  pol‐
356       icy.conf(4), prof_attr(4), user_attr(4), attributes(5)
357

NOTES

359       The  usermod  utility  modifies  passwd  definitions  only in the local
360       /etc/passwd and /etc/shadow files. If a network nameservice such as NIS
361       or  NIS+  is  being  used to supplement the local files with additional
362       entries, usermod cannot change  information  supplied  by  the  network
363       nameservice.  However  usermod  will verify the uniqueness of user name
364       and user ID against the external nameservice.
365
366
367       The  usermod  utility  uses  the  /etc/datemsk  file,  available   with
368       SUNWaccr, for date formatting.
369
370
371
372SunOS 5.11                        22 Feb 2008                      usermod(1M)
Impressum