Chapter 5 Managing User Accounts and Groups (Tasks)

This chapter describes how to set up and maintain user accounts and groups.

For information on the procedures associated with setting up and maintaining user accounts and groups, see Setting Up User Accounts (Task Map) and Maintaining User Accounts (Task Map).

For background information about managing user accounts and groups, see Chapter 4, Managing User Accounts and Groups (Overview).

Setting Up User Accounts (Task Map)

User Information Data Sheet

You might find it useful to create a form like the one that follows to gather information about users before adding their accounts.

How to Customize User Initialization Files

1. Become superuser or assume an equivalent role on the system where the users' home directories are created and shared.

2. Create a skeleton directory for each type of user.

   # mkdir /shared-dir/skel/user-type

   shared-dir	The name of a directory that is available to other systems on the network.
   user-type	The name of a directory to store initialization files for a type of user.

3. Copy the default user initialization files into the directories you created for different types of users.

   # cp /etc/skel/local.cshrc /shared-dir/skel/user-type/.cshrc # cp /etc/skel/local.login /shared-dir/skel/user-type/.login # cp /etc/skel/local.profile /shared-dir/skel/user-type/.profile

   ---

   Note –

   If the account has profiles assigned to it, then the user has to launch a special version of the shell called a profile shell to use commands (with any security attributes) that are assigned to the profile. There are three profile shells corresponding to the types of shells: pfsh (Bourne shell), pfcsh (C shell), and pfksh (Korn shell).

   ---

4. Edit the user initialization files for each user type and customize them based on your site's needs.

   For a detailed description on the ways to customize the user initialization files, see Customizing a User's Work Environment.

5. Set the permissions for the user initialization files.

   # chmod 744 /shared-dir/skel/user-type/.*

6. Verify that the permissions for the user initialization files are correct.

   # ls -la /shared-dir/skel/*

Example—Customizing User Initialization Files

The following example shows how to customize the C-shell user initialization file in the /export/skel/enduser directory designated for a particular type of user. For an example of a .cshrc file, see Example—.cshrc File.

# mkdir /export/skel/enduser
# cp /etc/skel/local.cshrc /export/skel/enduser/.cshrc
 
(Edit .cshrc file )
# chmod 744 /export/skel/enduser/.*

How to Share a User's Home Directory

1. Become superuser or assume an equivalent role on the system that contains the home directory.

2. Verify that the mountd daemon is running.

   # ps -ef | grep mountd root 176 1 0 May 02 ? 0:19 /usr/lib/nfs/mountd

   The /usr/lib/nfs/mountd line shows whether the mountd daemon is running.

3. If the mountd daemon is not running, start it.

   # /etc/init.d/nfs.server start

4. List the file systems that are shared on the system.

   # share

5. Select one of the following based on whether the file system containing the user's home directory is already shared.

   1. If the user's home directory is already shared, go to the verification step below.

   2. If the user's home directory is not shared, go to Step 6.

6. Edit the /etc/dfs/dfstab file and add the following line.

   share -F nfs /file-system

   file-system is the file system containing the user's home directory that you need to share. By convention, the file system is /export/home.

7. Share the file systems listed in the /etc/dfs/dfstab file.

   # shareall -F nfs

   This command executes all the share commands in the /etc/dfs/dfstab file, so you do not have to wait to reboot the system.

8. Verify that a user's home directory is shared, as follows:

   # share

Where to Go From Here

If the user's home directory is not located on the user's system, you have to mount the user's home directory from the system where it is located. For detailed instructions, see How to Mount a User's Home Directory.

Example—Sharing a User's Home Directory

# ps -ef | grep mountd
# /etc/init.d/nfs.server start
# share
# vi /etc/dfs/dfstab
 
(The line share -F nfs /export/home is added.)
# shareall -F nfs
# share
-               /usr/dist                ro   "" 
-               /export/home/user-name     rw   ""  

How to Mount a User's Home Directory

For information on automounting a home directory, see “Autofs Administration Task Overview” in System Administration Guide: Resource Management and Network Services.

1. Make sure that the user's home directory is shared.

   For more information, see How to Share a User's Home Directory.

2. Log in as superuser on the user's system.

3. Edit the /etc/vfstab file and create an entry for the user's home directory.

   system-name:/export/home/user-name - /export/home/user-name nfs - yes rw

   system-name	The name of the system where the home directory is located.
   /export/home/user-name	The name of the user's home directory that will be shared. By convention, /export/homeuser-name contains user's home directories. However, this could be a different file system.
   -	Required placeholders in the entry.
   /export/home/user-name	The name of the directory where the user's home directory will be mounted.

   For more information about adding an entry to the /etc/vfstab file, see Chapter 39, Mounting and Unmounting File Systems (Tasks).

4. Create the mount point for the user's home directory.

   # mkdir -p /export/home/user-name

5. Mount the user's home directory.

   # mountall

   All entries in the current vfstab file (whose mount at boot fields are set to yes) are mounted.

6. Verify that the home directory is mounted.

   # mount | grep user-name

Example—Mounting a User's Home Directory

# vi /etc/vfstab
 
(The line  venus:/export/home/ripley - /export/home/ripley
nfs - yes rw is added.)
# mkdir -p /export/home/ripley
# mountall
# mount
/ on /dev/dsk/c0t0d0s0 read/write/setuid/intr/largefiles/onerror=panic/dev=2200000 ...
/proc on /proc read/write/setuid/dev=3840000 on Wed Feb 28 09:49:07 2001
/dev/fd on fd read/write/setuid/dev=3900000 on Wed Feb 28 09:49:10 2001
/etc/mnttab on mnttab read/write/setuid/dev=3a00000 on Wed Feb 28 09:49:12 2001
/var/run on swap read/write/setuid/dev=1 on Wed Feb 28 09:49:12 2001
/tmp on swap read/write/setuid/dev=2 on Wed Feb 28 09:49:15 2001
/export/home on /dev/dsk/c0t0d0s7 read/write/setuid/intr/largefiles/onerror=panic/dev= ...
/export/home/ripley on venus:/export/home/ripley remote/read/write/setuid/dev=3a8001e ...

Maintaining User Accounts (Task Map)

Solaris User Registration

Solaris User Registration is a tool for getting information about new Solaris releases, upgrade offers, and promotions. This graphical user interface (GUI) automatically starts when you first log into your desktop. The GUI lets you register now, later, or never. The registration process also provides Sun with the user's Solaris version, survey type, platform, hardware, and locale.

Accessing Solaris Solve^SM

Completing the Solaris User Registration process provides access to Solaris Solve, an exclusive web site that offers valuable Solaris product information and solutions—all in one convenient location. It provides a quick and easy method for getting the most recent information on what's happening around the latest Solaris release. Solaris Solve also provides a preview to additional Sun contract and service opportunities.

Basically, the steps for completing Solaris User Registration and accessing Solaris Solve are:

1. Fill in the electronic Solaris User Registration profile.

2. Submit the profile by email or print the profile to fax or mail.

3. Create your login ID and password to access the Solaris Solve site.

   Even if you do not access the Solaris Solve site immediately, we recommend that you create your Solaris Solve login ID and password during the Solaris User Registration process. A Solaris Solve login ID and password should contain 6 to 8 alphanumeric characters without spaces and colons.

4. Access the Solaris Solve site.

Solaris User Registration is not invoked if the system administrator or user is logged in as superuser.

If you choose to register, a copy of the completed form is stored in $HOME/.solregis/uprops. If you choose to never register and change your mind later, you can start User Registration by:

• Typing /usr/dt/bin/solregis at any command line prompt, or

• Clicking the Registration icon in the Application Manager's desktop tools folder (Common Desktop Environment desktop only)

For more information, see solregis(1).

Troubleshooting Solaris User Registration Problems

This section provides troubleshooting tips for solving Solaris User Registration problems.

The following table describes problems that may occur when you try to register, and actions required to resolve these conflicts.

How to Restart Solaris User Registration

Use the following procedure to restart the Solaris User Registration process.

1. Change to the $HOME/.solregis directory.

   % cd $HOME/.solregis

2. Remove the uprops file.

   % rm uprops

3. Restart the registration process.

   % /usr/dt/bin/solregis &

How To Disable User Registration

The following table shows how to disable User Registration before and after installing Solaris software. Before disabling Solaris User Registration, Sun recommends that system administrators register for their organization.