1usermod(1M) System Administration Commands usermod(1M)
2
6 usermod - modify a user's login information on the system
7
9 usermod [-u uid [-o]] [-g group] [-G group [, group...]]
10 [-d dir [-m]] [-s shell] [-c comment] [-l new_name]
11 [-f inactive] [-e expire]
12 [-A authorization [, authorization]]
13 [-P profile [, profile]] [-R role [, role]]
14 [-K key=value] login
15
18 The usermod utility modifies a user's login definition on the system.
19 It changes the definition of the specified login and makes the appro‐
20 priate login-related system file and file system changes.
21 The system file entries created with this command have a limit of 512
24 characters per line. Specifying long arguments to several options might
25 exceed this limit.
26
28 The following options are supported:
29 -A authorization
31 One or more comma separated authorizations as defined in
33 auth_attr(4). Only a user or role who has grant rights to the
34 authorization can assign it to an account. This replaces any exist‐
35 ing authorization setting. If no authorization list is specified,
36 the existing setting is removed.
37 -c comment
40 Specify a comment string. comment can be any text string. It is
42 generally a short description of the login, and is currently used
43 as the field for the user's full name. This information is stored
44 in the user's /etc/passwd entry.
45 -d dir
48 Specify the new home directory of the user. It defaults to
50 base_dir/login, where base_dir is the base directory for new login
51 home directories, and login is the new login.
52 -e expire
55 Specify the expiration date for a login. After this date, no user
57 will be able to access this login. The expire option argument is a
58 date entered using one of the date formats included in the template
59 file /etc/datemsk. See getdate(3C).
60 For example, you may enter 10/6/90 or October 6, 1990. A value of
62 `` '' defeats the status of the expired date.
63 -f inactive
66 Specify the maximum number of days allowed between uses of a login
68 ID before that login ID is declared invalid. Normal values are pos‐
69 itive integers. A value of 0 defeats the status.
70 -g group
73 Specify an existing group's integer ID or character-string name. It
75 redefines the user's primary group membership.
76 -G group
79 Specify an existing group's integer "ID" "," or character string
81 name. It redefines the user's supplementary group membership.
82 Duplicates between group with the -g and -G options are ignored. No
83 more than NGROUPS_UMAX groups may be specified as defined in
84 <param.h>.
85 -K key=value
88 Replace existing or add to a user's key=value pair attributes. Mul‐
90 tiple -K options can be used to replace or add multiple key=value
91 pairs. However, keys must not be repeated. The generic -K option
92 with the appropriate key can be used instead of the specific
93 implied key options (-A, -P, -R, -p). See user_attr(4) for a list
94 of valid keys. Values for these keys are usually found in man pages
95 or other sources related to those keys. For example, see project(4)
96 for guidance on values for the project key. Use the command
97 ppriv(1) with the -v and -l options for a list of values for the
98 keys defaultpriv and limitpriv.
99 The keyword type can be specified with the value role or the value
101 normal. When using the value role, the account changes from a nor‐
102 mal user to a role; using the value normal keeps the account a nor‐
103 mal user.
104 As a role account, no roles (-R or roles=value) can be present.
106 -l new_logname
109 Specify the new login name for the user. See passwd(4) for the
111 requirements for usernames.
112 -m
115 Move the user's home directory to the new directory specified with
117 the -d option. If the directory already exists, it must have per‐
118 missions read/write/execute by group, where group is the user's
119 primary group.
120 -o
123 This option allows the specified UID to be duplicated (non-unique).
125 -P profile
128 One or more comma-separated rights profiles defined in
130 prof_attr(4). This replaces any existing profile setting in
131 user_attr(4). If an empty profile list is specified, the existing
132 setting is removed.
133 -R role
136 One or more comma-separated roles (see roleadd(1M)). This replaces
138 any existing role setting. If no role list is specified, the exist‐
139 ing setting is removed.
140 -s shell
143 Specify the full pathname of the program that is used as the user's
145 shell on login. The value of shell must be a valid executable file.
146 -u uid
149 Specify a new UID for the user. It must be a non-negative decimal
151 integer less than MAXUID as defined in <param.h>. The UID associ‐
152 ated with the user's home directory is not modified with this
153 option; a user will not have access to their home directory until
154 the UID is manually reassigned using chown(1).
155
158 The following operands are supported:
159 login
161 An existing login name to be modified.
163
166 Example 1 Assigning Privileges to a User
167 The following command adds the privilege that affects high resolution
170 times to a user's initial, inheritable set of privileges.
171 # usermod -K defaultpriv=basic,proc_clock_highres jdoe
174 This command results in the following entry in user_attr:
179 jdoe::::type=normal;defaultpriv=basic,proc_clock_highres
182 Example 2 Removing a Privilege from a User's Limit Set
185 The following command removes the privilege that allows the specified
188 user to create hard links to directories and to unlink directories.
189 # usermod -K limitpriv=all,!sys_linkdir jdoe
192 This command results in the following entry in user_attr:
197 jdoe::::type=normal;defaultpriv=basic,limitpriv=all,!sys_linkdir
200 Example 3 Removing a Privilege from a User's Basic Set
203 The following command removes the privilege that allows the specified
206 user to examine processes outside the user's session.
207 # usermod -K defaultpriv=basic,!proc_session jdoe
210 This command results in the following entry in user_attr:
215 jdoe::::type=normal;defaultpriv=basic,!proc_session;limitpriv=all
218 Example 4 Assigning a Role to a User
221 The following command assigns a role to a user. The role must have been
224 created prior to this command, either through use of the Solaris Man‐
225 agement Console GUI or through roleadd(1M).
226 # usermod -R mailadm jdoe
229 This command results in the following entry in user_attr:
234 jdoe::::type=normal;roles=mailadm;defaultpriv=basic;limitpriv=all
237 Example 5 Removing All Profiles from a User
240 The following command removes all profiles that were granted to a user
243 directly. The user will still have any rights profiles that are granted
244 by means of the PROFS_GRANTED key in policy.conf(4).
245 # usermod -P "" jdoe
248
252 In case of an error, usermod prints an error message and exits with one
253 of the following values:
254 2
256 The command syntax was invalid. A usage message for the usermod
258 command is displayed.
259 3
262 An invalid argument was provided to an option.
264 4
267 The uid given with the -u option is already in use.
269 5
272 The password files contain an error. pwconv(1M) can be used to cor‐
274 rect possible errors. See passwd(4).
275 6
278 The login to be modified does not exist, the group does not exist,
280 or the login shell does not exist.
281 8
284 The login to be modified is in use.
286 9
289 The new_logname is already in use.
291 10
294 Cannot update the /etc/group or /etc/user_attr file. Other update
296 requests will be implemented.
297 11
300 Insufficient space to move the home directory (-m option). Other
302 update requests will be implemented.
303 12
306 Unable to complete the move of the home directory to the new home
308 directory.
309
312 /etc/group
313 system file containing group definitions
315 /etc/datemsk
318 system file of date formats
320 /etc/passwd
323 system password file
325 /etc/shadow
328 system file containing users' encrypted passwords and related
330 information
331 /etc/user_attr
334 system file containing additional user and role attributes
336
339 See attributes(5) for descriptions of the following attributes:
340 ┌─────────────────────────────┬─────────────────────────────┐
345 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
346 ├─────────────────────────────┼─────────────────────────────┤
347 │Availability │SUNWcsu │
348 ├─────────────────────────────┼─────────────────────────────┤
349 │Interface Stability │Committed │
350 └─────────────────────────────┴─────────────────────────────┘
351
353 chown(1), passwd(1), users(1B), groupadd(1M), groupdel(1M), group‐
354 mod(1M), logins(1M), pwconv(1M), roleadd(1M), roledel(1M), rolemod(1M),
355 useradd(1M), userdel(1M), getdate(3C), auth_attr(4), passwd(4), pol‐
356 icy.conf(4), prof_attr(4), user_attr(4), attributes(5)
357
359 The usermod utility modifies passwd definitions only in the local
360 /etc/passwd and /etc/shadow files. If a network nameservice such as NIS
361 or NIS+ is being used to supplement the local files with additional
362 entries, usermod cannot change information supplied by the network
363 nameservice. However usermod will verify the uniqueness of user name
364 and user ID against the external nameservice.
365 The usermod utility uses the /etc/datemsk file, available with
368 SUNWaccr, for date formatting.
369SunOS 5.11 22 Feb 2008 usermod(1M)