Back to the main page

Managing Solaris user accounts and groups

Note: this story is only for local account, no NIS, etc. 

So new employees are coming on board! 

First you need to know what to enter for them. I guess you'll get some info from your HR, the rest you'll determine, like username, password, UID, etc. 

But let's start with some explanations. 

Files that stores users' and groups information are

	Fields are: user-name:x:uid:gid:comment:home directory:login-shell
username Consist of 2-8 letters and numerals. The first one must be a letter, and at least one character must be a lowercase letter. No underscores.
password This is x. The encrypted password is in the shadow file.
UID UIDs for regular users are 100 - 60000. All UID numbers should be unique.
GID This is user's primary group. GID must be between 0 and 60000 (60001 = nobody, 60002 = noaccess) FYI: user can belong up to 16 secondary groups.
comment Only for information, like full name. It is called the GCOS (General Electric Computer Operating System)
Home dir User's home directory pathname.
login shell user's default login shell
/etc/shadow Fields are: user-name:password:lastchg:min:max:warn:inactive:expire
username Same as /etc/passwd username
password Three options:
13-character encrypted
The string *LK* - account is locked
The string NP, no password setup for this account
lastchg Number of days between January 1, 1970 and the last password modification date.
min Min number of days required between password changes
max Max number of days password is valid before user has to change it
inactive Number of inactivity days allowed for the user before account is locked.
expire It is absolute date when the user account expires. After this user cannot log in to the system.
/etc/group Fileds are: group name:group password:gid:user-list
groupname Group name
group password Usually it's empty
GID User groups range from 100 to 60000
60001 = nobody
60002 = noaccess
Below 100 = system default groups
user list Contains a list of groups and user names. This is users' secondary group (max of 16 secondary groups)
/etc/default/passwd In /etc/default/passwd file you setup properties for passwords. Here are some examples you want to consider. PASSREQ=yes # yes, user need passwd PASSLENGTH=8 # min number of characters MAXWEEKS=12 # max weeks passwd is valid MINWEEKS=0 # min weeks before user can change passwd WARNWEEKS=2 # warn user passwd will expire MAXRETRY=5 # max number to allow failed logins HISTORY=7 # record number of failed login attempt

User initialization files

Working environment can be adjusted with modifying environment variables in system initialization files. 

When user logs in, machine reads these files and is using environment variables to configure system. 

Each shell has its own initialization files. The Bourne shell is default Solaris shell. Let's stick with this one in the document. 
# echo $SHELL
/sbin/sh (may be different part on your system)
JFYI, other popular shell are: /bin/bash - Bourne Again shell /bin/csh - C shell /bin/ksh - Korn shell /bin/tcsh - TC shell /bin/zsh - Z shell Here is what is happening when user logs in. 1. System runs system profile file which is /etc/profile See system profile files for other shells: /etc/profile (for Bourne and Korn shell) /etc/.login (for C shell) What is this doing? Define and export some environment variables, define MOTD, setup default permissions with 'umask' 2. System runs user's profile file which is /home/user/.profile See user's profile file(s) for other popular shells (located in user's home dir). .profile (for the Bourne and Korn shells) .bash_profile (for the Bourne Again shell) .login and .cshrc (for the C shell) .tcshrc and .cshrc (for the TC shell) .zlogin and .zshrc (for the Z shell) 3. Use command env to see environment variables currently set on your system 4. Check templates for user's initialization files in /etc/skel directory. The command useradd copies files from /etc/skel/ to users $HOME and renames them to appropriate name (usually remove local left from dot).
# /etc/skel> ls
total 18
drwxr-xr-x   2 root     sys          512 Jul  2 18:12 .
drwxr-xr-x  60 root     sys         4096 Aug 20 15:41 ..
-rw-r--r--   1 root     other        144 Mar 17 10:40 .profile
-rw-r--r--   1 root     sys          136 Mar 17 10:40 local.cshrc
-rw-r--r--   1 root     sys          157 Mar 17 10:40 local.login
-rw-r--r--   1 root     sys          174 Mar 17 10:40 local.profile

Users' Home directories

Of course I assume the home directories will be placed on central server (I guess with attached storage, say StorEdge 6120). 
You may have many home(s) under /export, like home1, home2, etc. each should be separate file system. 
And users should access home dir through mounted /home/username.

You can mount them manually in /etc/vfstab file but forget that for now. Use automounter service.
# svcs -xv autofs
svc:/system/filesystem/autofs:default (automounter)
 State: online since August 13, 2009 12:59:13 PM PDT
   See: man -M /usr/share/man -s 1M automount
   See: /var/svc/log/system-filesystem-autofs:default.log
Impact: None.
The /etc/auto_master file will have line:
/home auto_home
And /etc/auto_home file will have lines
username1          servername:/export/home/username1
username2          servername:/export/home/& 
Note: ampersand (&) expands to value (in key field) for entry where it occurs - in this case it expands to username ! So when user logs in, automounter mounts /export/home/username1 from server "servername" to /home/username1 on machine where user logged in. Note: When automounter is used to mount home dirs, you are not permitted to manually create anything under /home mount point.
Back to the main page