Delete User Accounts
When you delete a user account with the Users Tool, the software deletes
the entries in the passwd and group
files. In addition, you can delete the files in the user's home directory
and mail directory.
Add Customized User Initialization Files
Although you cannot create customized user initialization files with
the Users Tool, you can populate a user's home directory with user initialization
files located in a specified "skeleton" directory. You can do
this by creating a user template with the User Templates tool and specifying
a skeleton directory from which to copy user initialization files.
You can customize the user initialization templates in the /etc/skel directory and then copy them to users' home directories.
Administer Passwords
You can use Users Tool for password administration, which includes the
following capabilities:
Specifying a normal password for a user account
Enabling users to create their own passwords during their
first login
Disabling or locking a user account
Specifying expiration dates and password aging information.
Note - Password aging is not supported by the NIS name service.
Disable User Accounts
Occasionally, you might need to temporarily or permanently disable a
login account. Disabling or locking a user account means that an invalid password, *LK*, is assigned to the user account, preventing future logins.
The easiest way to disable a user account is to lock the password for
an account with Users Tool.
You can also enter an expiration date in the account availability section
of the User Properties screen to set a limit on how long the account is active.
Other ways to disable a user account is to set up password aging or
to change the user's password.
Where User Account and Group Information Is Stored
Depending on your site policy, you can store user account and group
information in a name service or a local system's /etc
files. In the NIS+ name service, information is stored in tables, in the NIS
name service, information is stored in maps, and in the LDAP directory service,
information is stored in indexed database files.
Note - To avoid confusion, the location of the user account and group
information is generically referred to as a file rather
than as a database, table or map.
Most of the user account information is stored in the passwd file. However, password encryption and password aging is stored
in the passwd file when using NIS or NIS+ and in the /etc/shadow file when using /etc files. Password
aging is not available when using NIS.
Group information is stored in the group file.
Fields in the passwd File
The fields in the passwd file are separated by
colons and contain the following information:
username:password:uid:gid:comment:home-directory:login-shell
|
For example:
kryten:x:101:100:Kryten Series 4000 Mechanoid:/export/home/kryten:/bin/csh
|
The following table describes the passwd file fields.
Table 4-11 Fields in the passwd File
Field Name | Description |
|---|
username | Contains the user or
login name. User names should be unique and consist of 1-8 letters (A-Z, a-z)
and numerals (0-9). The first character must be a letter, and at least one
character must be a lowercase letter. |
password | Contains an x, a
placeholder for the encrypted password. The encrypted password is stored in
the shadow file. |
uid | Contains a user identification (UID)
number that identifies the user to the system. UID numbers for regular users
should range from 100 to 60000. All UID numbers should be unique. |
gid | Contains a group identification (GID)
number that identifies the user's primary group. Each GID number must be a
whole number between 0 and 60002. 60001 and 60002 are assigned to nobody and noaccess. 65534 is assigned to nobody4. |
comment | Usually contains the full name of the user. This field is informational only.
It is sometimes called the GECOS field because it was originally used to hold
the login information needed to submit batch jobs to a mainframe running GECOS
(General Electric Computer Operating System) from UNIX systems at Bell Labs. |
home-directory | Contains the user's
home directory path name. |
login-shell | Contains the user's
default login shell, such as /bin/sh, /bin/csh or /bin/ksh. Table 4-18
contains a description of shell features. |
Default passwd File
The default Solaris passwd file contains entries
for standard daemons, processes usually started at boot time to perform some
system-wide task, such as printing, network administration, and port monitoring.
root:x:0:1:Super-User:/:/sbin/sh
daemon:x:1:1::/:
bin:x:2:2::/usr/bin:
sys:x:3:3::/:
adm:x:4:4:Admin:/var/adm:
lp:x:71:8:Line Printer Admin:/usr/spool/lp:
uucp:x:5:5:uucp Admin:/usr/lib/uucp:
nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico
smmsp:x:25:25:SendMail Message Submission Program:/:
listen:x:37:4:Network Admin:/usr/net/nls:
nobody:x:60001:60001:Nobody:/:
noaccess:x:60002:60002:No Access User:/:
nobody4:x:65534:65534:SunOS 4.x Nobody:/:
|
Table 4-12 Default passwd File Entries
User Name | User ID | Description |
|---|
root | 0 | Superuser account. |
daemon | 1 | Umbrella system daemon associated with
routine system tasks. |
bin | 2 | Administrative daemon associated with
running system binaries to perform some routine system task. |
sys | 3 | Administrative daemon associated with
system logging or updating files in temporary directories. |
adm | 4 | Administrative daemon associated with
system logging. |
lp | 71 | Line printer daemon. |
uucp | 5 | Daemon associated with uucp functions. |
nuucp | 6 | Daemon associated with uucp functions. |
smmsp | 25 | Sendmail message submission program daemon. |
listen | 37 | Network listener daemon. |
nobody | 60001 | Assigned to users or software processes
that do not need nor should have any special permissions. |
noaccess | 60002 | Assigned to a user or a process that
needs access to a system through some application but without actually logging
in. |
nobody4 | 65534 | SunOS 4.0 or 4.1 version of the nobody user account. |
Fields in the shadow File
The fields in the shadow file are separated by
colons and contain the following information:
username:password:lastchg:min:max:warn:inactive:expire
|
For example:
rimmer:86Kg/MNT/dGu.:8882:0::5:20:8978
|
The following table describes the shadow file fields.
Table 4-13 Fields in the shadow File
Field Name | Description |
|---|
username | Contains the user or
login name. |
password | Might contain
the following entries: a 13-character encrypted user password; the string *LK*, which indicates an inaccessible account; or the string NP, which indicates no password for the account. |
lastchg | Indicates the number of days between January 1, 1970, and the last password
modification date. |
min | Contains the minimum
number of days required between password changes. |
max | Contains the maximum
number of days the password is valid before the user is prompted to specify
a new password. |
inactive | Contains
the number of days a user account can be inactive before being locked. |
expire | Contains the absolute date when the user account expires. Past this date,
the user cannot log in to the system. |
| 
Previous