Information Technology Reference
In-Depth Information
Table 12.8
Command-Line Arguments for the roleadd Command (continued)
Argument
Description
-e date
Specifies an expiration date for the role. After the specified date ,
the role is disabled.
-f days
Specifies a maximum number of days the role can be inactive
before it is disabled.
-g group
Defines the GID or name of an existing group that will be the pri-
mary group for the role.
-G group
Defines a GID or name of an existing group that will be a secondary
group for the role.
-k template_dir
Specifies the directory that contains a template (default) .profile
used for the user profile.
-m
Creates the home directory if it doesn't exist. The home directory is
defined by -b and the role name or -d .
-o
Allows an existing UID to be specified. That is, allows a role to be
created with a duplicate UID (see -u ).
-p profiles
Specifies one or more execution profiles (separated by commas).
-s shell
Specifies the login shell; default is the Bourne Shell ( /bin/sh ).
-u uid
Specifies the UID of the role. It must be a decimal integer. If not
specified, the next highest available UID is assigned.
The roleadd command supports command-line arguments that are identical to the
useradd command. The one exception to this is that the roleadd command does not
support the -R command-line argument because a role cannot contain other roles.
The following example shows the roleadd command creating a role:
# roleadd -A solaris.system.date -P “Date Management” date_adm
#
This command creates the date_adm role. It assigns the solaris.system.date
authorization and the Date Management profile to it.
To make life a little easier, the roleadd command also supports the -D com-
mand-line argument, which allows default values to be assigned to authori-
zations ( -A ), base directory ( -b ), group ( -g ), expiration date ( -e ), maximum
inactivity ( -f ), and execution profile ( -P ). Subsequent uses of the roleadd
command will use these default values if they are not specified. Once a role
has been created, the useradd(1M) or usermod(1M) command can be used to
associate a user account with the role.
Search WWH ::




Custom Search