Information Technology Reference
In-Depth Information
Roles created with the
roleadd
command do not have a password. These roles are
locked and cannot be used until a password is defined for the role using the
passwd(1)
command.
Modifying a Role Using the rolemod Command
The
rolemod(1M)
command is used to modify an existing role. The
command-line arguments are identical to the
roleadd
command-line
arguments with the following exceptions:
The base directory (
-b
) is not available. Use
-d
to specify a new
directory. Don't forget to include the
-m
if the base directory doesn't
exist.
➤
The set default (
-D
) is not available.
➤
The template directory (
-k
) is not available.
➤
A new role name is specified using
-l
role
if the role name is being
modified.
➤
Keep in mind that if the role is changed, the name of the home directory
does not change unless the
-d
and
-m
command-line arguments are used.
The following example shows the
rolemod
command changing the name of
the
date_adm
role to
set_date
:
# rolemod -l set_date date_adm
#
Deleting a Role Using the roledel Command
The
roledel(1M)
command is used to delete a role. Not only is the role
definition deleted from the
user_attr
file, but all role assignments in
other
user_attr
entries are modified as well. The role is specified as a
command-line argument. Only one other command-line argument is sup-
ported. This is
-r
, which is used to remove the home directory associated
with the role.
The following example shows the
roledel
command deleting the
set_date
role:
# rolededl set_date
#
