Setting Up User Accounts

Table 2-1 Task Map: Setting Up User Accounts

Activity.......Description

For Instructions, Go To

Customize User

Optional. Set up user initialization files (.cshrc,

· How to Customize page 41

Initialization Files

.profile, .login), so you can provide new users with

User Initialization

consistent environments. This is usually a one-time task.

Files

Add Groups

Optional. To help administer users, add groups by choosing

· How to Add a Group page 45

Add from the Group Manager's Edit menu. This is usually a one-time task.

Set User Account

Optional. Before you add several user accounts, set up

· How to Set Up User page 48

Defaults

defaults for the Add window by choosing Set Defaults from

Account Defaults

the User Manager's Edit menu. Setting up defaults can increase the consistency and efficiency of adding new user accounts.

· How to Add a New Add a New User Account...............User Account Add a user account by choosing Add from the User Manager's Edit menu.	page 49
· How to Copy an Copy an Existing User Account............Existing User Copy an existing user account by choosing Copy from the Account User Manager's Edit menu. This is useful if you need to add a user account that is similar to an existing user account.	page 51

Add a User Account

Share the User's

Share the user's home directory, so the directory can be

· How to Share a..page 52

Home Directory

remotely mounted from the user's system. If one system

User's Home

contains all the home directories, this is usually a one-time

Directory

task.

Table 2-1 Task Map: Setting Up User Accounts (Continued)

Activity.......Description

For Instructions, Go To

Mount the User's

Needed If Not Using AutoFS

· How to Mount a..page 55

Home Directory

If you did not select AutoFS when creating the user account

User's Home

(the AutoHome Setup field) and the user's home

Directory

directory is located on another system, manually mount the user's home directory on the user's system.

User Information Data Sheet

You may find it useful to create a form like the one below to gather information about users before adding their accounts. The items above the double line reflect the information specified when adding a user account with User Manager.

· How to Customize User Initialization Files

1. Become root on the system where the users' home directories are created and shared.

2. Create a skeleton directory for each type of user.

# mkdir /shared-directory/skel/user-type

In this command,

shared-directory	Is the name of a directory that is available to other systems on the network.
user-type	Is the name of a directory to store initialization files for a type of user.

3. Copy the default user initialization files into the directories you created for different types of users.

# cp /etc/skel/local.cshrc /shared-directory/skel/user-type/.cshrc # cp /etc/skel/local.login /shared-directory/skel/user-type/.login # cp /etc/skel/local.profile /shared-directory/skel/user-type/.profile

---

Note - You can use the ls -a command to list . (dot) files.

---

4. Edit the user initialization files for each user type and customize them based on your site's needs.

   See "Customizing a User's Work Environment" on page 23 for a detailed description on the ways to customize the user initialization files.

5. Set the permissions for the user initialization files.

# chmod 744 /shared-directory/skel/user-type/.*

Example--Customizing User Initialization Files

The following example customizes the C-shell user initialization file in the /export/skel/enduser directory designated for a particular type of user.

# mkdir /export/skel/enduser # cp /etc/skel/local.cshrc /export/skel/enduser/.cshrc Edit .cshrc file-see "Example--.cshrc File" on page 34 # chmod 744 /export/skel/enduser/.*

· How to Start Group Manager

1. Verify that the following prerequisites are met. To use Group Manager, you must have:

• Solstice AdminSuite software installed.
• A bit-mapped display monitor. The Solstice AdminSuite software can be used only on a system with a console that is a bit-mapped screen such as a standard display monitor that comes with a Sun workstation. If you want to perform administration tasks on a system with an ASCII terminal as the console, use Solaris commands instead.
• OpenWindows^(TM) software. Start this software with the following command:

$ /usr/openwin/bin/openwin

• Membership in the sysadmin group (group 14) and the required access privileges for managing the NIS or NIS+ database.

---

Note - If your name service is NIS+, you must be a member of the NIS+ admin group.

---

2. Start the Solstice Launcher.

$ solstice &

The Solstice Launcher is displayed.

3. Click on the Group Manager icon.

   The Load window is displayed.

4. Select the name service used in your network.

5. Check that the domain or host name is correct.

   If not, type the name of the domain or host you need to access.

6. Click on OK.

   The Group Manager main window is displayed.

Example--Group Manager Main Window

· How to Add a Group

1. Start Group Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start Group Manager" on page 43 for more information.

2. Choose Add from the Edit menu on the Group Manager main window.

   The Add window is displayed. If you need information to complete a field, click on the Help button to see field definitions for this window.

3. Type the name of the new group in the Group Name text box.

4. Type the group ID for the new group in the Group ID text box.

   The group ID should be unique.

5. (Optional) Type user names in the Members List text box.

   The list of users will be added to the group. User names must be separated by commas.

6. Click on OK.

   The list of groups displayed in the Group Manager main window is updated to include the new group.

Example--Completed Group Manager Add Window

The following example adds a group named users that has a group ID of 100.

· How to Start User Manager

1. Verify that the following prerequisites are met. To use User Manager, you must have:

• Solstice AdminSuite software installed.
• A bit-mapped display monitor. The Solstice AdminSuite software can be used only on a system with a console that is a bit-mapped screen such as a standard display monitor that comes with a Sun workstation. If you want to perform administration tasks on a system with an ASCII terminal as the console, use Solaris commands instead.
• OpenWindows^(TM) software. Start this software with the following command:

$ /usr/openwin/bin/openwin

• Membership in the sysadmin group (group 14) and the required access privileges for managing the NIS or NIS+ database.

---

Note - If your name service is NIS+, you must be a member of the NIS+ admin group.

---

2. Start the Solstice Launcher.

$ solstice &

The Solstice Launcher is displayed.

3. Click on the User Manager icon from the Solstice Launcher.

   The Load window is displayed.

4. Select the name service used in your network.

5. Check that the domain or host name is correct.

   If not, type the name of the domain or host you need to access.

6. Click on OK.

   The User Account main window is displayed.

Example--User Manager Main Window

· How to Set Up User Account Defaults

1. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

2. Choose Set Defaults from the Edit menu.

   The Set Add Defaults window is displayed.

3. Fill in the Set Add Defaults window.

   The defaults you select will be the initial defaults values in the Add window. If you need information to complete a field, click on the Help button to see field definitions for this window.

   You can set the following defaults:

• Primary and Secondary Groups
• Login Shell
• Password Policy
• Creating a Home Directory
• Home Directory Server
• Skeleton Path (Path to User Initialization Files)
• Using AutoFS (AutoHome Setup)
• Permissions in Home Directory
• Mail Server

4. Click on OK.

· How to Add a New User Account

1. (Optional) Fill out the user information data sheet on page 40.

2. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

3. Choose Add from the Edit menu.

   The Add window is displayed.

4. Fill in the Add window.

   If you need information to complete a field, click on the Help button to see field definitions for this window.

5. Click on OK.

   The list of user accounts displayed in the User Manager main window is updated to include the new user account.

Where to Go From Here

If you created a user's home directory, you must share the directory so the user's system can remotely mount it. See "How to Share a User's Home Directory" on page 52 for detailed instructions.

If disk space is limited, you can set up a disk quota for the user in the file system containing the user's home directory. See "Managing System Resources" in System Administration Guide, Volume II for information on setting disk quotas.

Example--Completed User Manager Add Window

· How to Copy an Existing User Account

1. (Optional) Fill out the user information data sheet on page 40.

2. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

3. Select a user account entry to copy from the main window.

4. Choose Copy from the Edit menu.

   The Copy window is displayed with the following fields copied from the selected user account:

• Primary Group
• Secondary Groups
• Comment
• Login Shell
• Path
• Server
• Skeleton Path.

5. Fill in the fields in the Copy window.

   If you need information to complete a field, click on the Help button to see field definitions for this window.

6. Click on OK.

   The list of user accounts displayed in the User Manager main window is updated to include the new user account.

Where to Go From Here

If you created a user's home directory, you must share the directory so the user's system can remotely mount it. See "How to Share a User's Home Directory" on page 52 for detailed instructions.

If disk space is limited, you can set up a disk quota for the user in the file system containing user's home directory. See "Managing System Resources" in System Administration Guide, Volume II for information on setting disk quotas.

· How to Share a User's Home Directory

1. Become root on the system that contains the home directory.

2. Verify that the mountd daemon is running.

# ps -ef | grep mountd

The following line is displayed if the mountd daemon is running.

/usr/lib/nfs/mountd

3. If the mountd daemon is not running, start it.

# /etc/init.d/nfs.server start

4. List the file systems that are shared on the system.

# share

5. Determine your next step based on whether the file system containing the user's home directory is already shared.

If the File System Containing the User's Home Directory Is ...	Then ...
Already shared	Go to "Verification--Sharing a User's Home Directory" on page 53.
Not shared	Go to Step 6.

6. Edit the /etc/dfs/dfstab file and add the following line.

share -F nfs /file-system

In this entry,

file-system......Is the file system containing the user's home directory that you need to share. By convention, the file system is /export/home.

7. Share the file systems listed in the /etc/dfs/dfstab file.

# shareall -F nfs

This command executes all the share commands in the /etc/dfs/dfstab file, so you do not have to wait to reboot the system.

Verification--Sharing a User's Home Directory

If you selected the AutoHome Setup field when creating the user account (enabled the automounting of the home directory), log in to a system as the new user to make sure that the user's home directory is available. Otherwise, you have to manually mount the user's home directory and then log in to see if it's available.

Where to Go From Here

If you did not select the AutoHome Setup field when creating the user account (did not enable the automounting of the home directory) and the user's home directory is not located on the user's system, you have to mount the user's home directory from the system where it is located. See "How to Mount a User's Home Directory" on page 55 for detailed instructions.

Example--Sharing a User's Home Directory

# ps -ef | grep mountd # /etc/init.d/nfs.server start # share # vi /etc/dfs/dfstab The line share -F nfs /export/home is added. # shareall -F nfs

· How to Mount a User's Home Directory

1. Make sure that the user's home directory is shared. See "How to Share a User's Home Directory" on page 52 for more information.

2. Log in as root on the user's system.

3. Edit the /etc/vfstab file and create an entry for the user's home directory.

system-name:/export/home/user-name - /export/home/user-name nfs - yes rw,intr

In this entry,

system-name.......Is the name of the system where the home directory is located.

/export/home/user-name Is the name of the user's home directory that

will be shared. By convention, /export/home contains user's home directories, however, this could be a different file system.

-............Are required placeholders in the entry.

/export/home/user-name Is the name of the directory where the user's

home directory will be mounted.

See the Chapter , "Mounting and Unmounting File Systems," for more information about adding an entry to the /etc/vfstab file.

4. Create the mount point for the user's home directory.

# mkdir -p /export/home/user-name

5. Mount the user's home directory.

# mountall

All entries in the current vfstab file (whose mount at boot fields are set to yes) are mounted.

Verification--Mounting a User's Home Directory

Use the mount command to verify that the home directory is mounted.

Example--Mounting a User's Home Directory

# vi /etc/vfstab The line venus:/export/home/ripley - /export/home/ripley nfs - yes rw,intr is added. # mkdir -p /export/home/ripley # mountall # mount / on /dev/dsk/c0t2d0s0 read/write/setuid on Thu Nov 17 10:40:42 1994 /usr on /dev/dsk/c0t2d0s6 read/write/setuid on Thu Nov 17 10:40:42 1994 /proc on /proc read/write/setuid on Thu Nov 17 10:40:42 1994 /dev/fd on fd read/write/setuid on Thu Nov 17 10:40:42 1994 /tmp on swap read/write on Thu Nov 17 10:40:46 1994 /export/home/ripley on venus:/export/home/ripley /read/write/remote on Thu Nov 17 10:40:46 1994 #

Maintaining User Accounts

Table 2-2 Task Map: Maintaining User Accounts

Activity........Description

For Instructions, Go To

Modify a Group

Modify a group's name or the users in a group by

· How to Modify aGroupDelete a group by choosing Delete from the Group	page 58
· How to Delete a	page 59

Manager's Edit menu.

Group

If a user account needs to be changed, modify the user · How to Modify a account by choosing Modify from the User Manager's..User Account Edit menu.	page 60
· How to Disable a Disable a User Account...............User Account If you want to temporarily disable a user account, lock the user account from the Password menu in the Modify window.	page 62
· How to Change a Change a User's Password..............User's Password If you want change a user's password, use the Password menu in the Modify window.	page 64
· How to Change Change Password Aging for a User Account.....Password Aging for If you want to force users to change their passwords...a User Account periodically, change the password aging fields for a user in the Modify window (Account Security category).	page 66

Modify a User

Account

Delete a User

Delete a user account by choosing Delete from the User

· How to Delete a page 68

Account

Manager's Edit menu.

User Account

· How to Modify a Group

1. Start Group Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start Group Manager" on page 43 for more information.

2. Select the group entry to modify from the Group Manager main window.

3. Choose Modify from the Edit menu.

   The Modify window is displayed containing the selected group entry.

4. Either modify the group's name or the users in the group.

   User names must be separated by commas. If you need information to complete a field, click on the Help button to see field definitions for this window.

5. Click on OK.

   The group information displayed in the main window is updated.

Example--Completed Group Manager Modify Window

· How to Delete a Group

1. Start Group Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start Group Manager" on page 43 for more information.

2. Select the group entry you want to delete from the Group Manager main window.

3. Choose Delete from the Edit menu.

   A window is displayed asking you to confirm the deletion.

4. Click on OK.

   The group entry is deleted from the Group Manager main window.

· How to Modify a User Account

1. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

2. Select the user account entry to modify from the User Manager main window.

3. Choose Modify from the Edit menu.

   The Modify window is displayed containing the selected user account entry.

4. Modify the user account.

   If you need information to complete a field, click on the Help button to see field definitions for this window.

   You can change any of the Account Security fields, which includes changing a password or changing password aging. See the following tasks for detailed step-by-step instructions:

• "How to Disable a User Account" on page 62
• "How to Change a User's Password" on page 64
• "How to Change Password Aging for a User Account" on page 66

5. Click on OK.

Verification--Modifying a User Account

Double-click on the modified user account entry in the User Manager main window to verify that the modifications were made. Click on Cancel to close the window without making any modifications.

Example--Completed User Manager Modify Window

The following example adds the lp secondary group membership to the rimmer user account.

· How to Disable a User Account

---

Note - You can enable the user account by changing the password status to Normal Password or Cleared until first login.

---

1. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

2. Select the user account entry to be disabled.

3. Choose Modify from the Edit menu.

   The Modify window is displayed containing the selected user account entry.

4. Choose Account is Locked from the Password menu.

   This selects the locked password status, which disables the user account.

5. Click on OK.

Verification--Disabling a User Account

Verify that you have disabled the user account by attempting to log in with the disabled user account.

Example--Disabling a User Account

· How to Change a User's Password

1. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

2. Select the user account entry that needs the password changed.

3. Choose Modify from the Edit menu.

   The Modify window is displayed containing the selected user account entry.

4. Choose Cleared until first login or Normal password from the Password menu.

5. Click on OK.

Example--Changing a User's Password

· How to Change Password Aging for a User Account

---

Note - Password aging is not supported for NIS. When you select NIS in User Manager, the password aging fields are not available.

---

1. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

2. Select the user account entry that needs password aging changed.

3. Choose Modify from the Edit menu.

   The Modify window is displayed containing the selected user account entry.

4. Change the following fields that affect password aging:

• Min Change
• Max Change
• Max Inactive
• Expiration Date
• Warning

If you need information about the password aging fields that are part of the Account Security category, click on the Help button.

5. Click on OK.

Example--Changing Password Aging for a User Account

· How to Delete a User Account

1. Start User Manager from the Solstice Launcher and select the name service, if not done already.

   See "How to Start User Manager" on page 46 for more information.

2. Select the user account entry to remove from the main window.

3. Choose Delete from the Edit menu.

   The Delete window is displayed to confirm the removal of the user account.

4. (Optional) Click on the check box to delete the user's home directory and its contents.

5. (Optional) Click on the check box to delete the user's mailbox and its contents.

6. Click on OK when you are ready to delete the user account.

   The user account entry is deleted from the User Manager main window.

Example--User Manager Delete Window