Information Technology Reference
In-Depth Information
Table 12.8
Command-Line Arguments for the roleadd Command
(continued)
Argument
Description
-e
date
Specifies an expiration
date
for the role. After the specified
date
,
the role is disabled.
-f
days
Specifies a maximum number of
days
the role can be inactive
before it is disabled.
-g
group
Defines the GID or name of an existing
group
that will be the pri-
mary group for the role.
-G
group
Defines a GID or name of an existing
group
that will be a secondary
group for the role.
-k
template_dir
Specifies the directory that contains a template (default) .profile
used for the user profile.
-m
Creates the home directory if it doesn't exist. The home directory is
defined by
-b
and the role name or
-d
.
-o
Allows an existing UID to be specified. That is, allows a role to be
created with a duplicate UID (see
-u
).
-p
profiles
Specifies one or more execution
profiles
(separated by commas).
-s
shell
Specifies the login shell; default is the Bourne Shell (
/bin/sh
).
-u
uid
Specifies the UID of the role. It must be a decimal integer. If not
specified, the next highest available UID is assigned.
The
roleadd
command supports command-line arguments that are identical to the
useradd
command. The one exception to this is that the
roleadd
command does not
support the
-R
command-line argument because a role cannot contain other roles.
The following example shows the
roleadd
command creating a role:
# roleadd -A solaris.system.date -P “Date Management” date_adm
#
This command creates the
date_adm
role. It assigns the
solaris.system.date
authorization and the
Date Management
profile to it.
To make life a little easier, the
roleadd
command also supports the
-D
com-
mand-line argument, which allows default values to be assigned to authori-
zations (
-A
), base directory (
-b
), group (
-g
), expiration date (
-e
), maximum
inactivity (
-f
), and execution profile (
-P
). Subsequent uses of the
roleadd
command will use these default values if they are not specified. Once a role
has been created, the
useradd(1M)
or
usermod(1M)
command can be used to
associate a user account with the role.