Setting Up User Accounts (Task Map)

Task	Description	For Instructions
Gather user information.	Use a standard form to gather user information to help you keep user information organized.	Gathering User Information
Customize user initialization files.	You can set up user initialization files (`.cshrc`, `.profile`, `.login`), so that you can provide new users with consistent environments.	How to Customize User Initialization Files
Add a group.	You can add a group with the following tools: Solaris Management Console's Groups tool Solaris command-line interface tools	How to Add a Group With the Solaris Management Console's Groups Tool Adding Groups and Users With Command-Line Tools
Add a user.	You can add a user with the following tools: Solaris Management Console's Users tool Solaris command-line interface tools	How to Add a User With the Solaris Management Console's Users Tool Adding Groups and Users With Command-Line Tools
Set up a user template.	You can create a user template so that you don't have to manually add all similar user properties.	See Solaris Management Console online help
Add rights or a role to a user.	You can add rights or a role to a user so that the user can perform a specific command or task.	See Solaris Management Console online help
Share the user's home directory.	You must share the user's home directory so that the directory can be remotely mounted from the user's system.	How to Share a User's Home Directory
Mount the user's home directory.	You must mount the user's home directory on the user's system.	How to Mount a User's Home Directory

Gathering User Information

You can create a form such as the following to gather information about users before adding their accounts.

Item	Description
User Name:
Role Name:
Profiles or Authorizations:
UID:
Primary Group:
Secondary Groups:
Comment:
Default Shell:
Password Status and Aging:
Home Directory Path Name:
Mounting Method:
Permissions on Home Directory:
Mail Server:
Department Name:
Department Administrator:
Manager:
Employee Name:
Employee Title:
Employee Status:
Employee Number:
Start Date:
Add to These Mail Aliases:
Desktop System Name:

How to Customize User Initialization Files

Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Create a skeleton directory for each type of user.
```
# mkdir /shared-dir/skel/user-type
```
shared-dir

The name of a directory that is available to other systems on the network.

user-type

The name of a directory to store initialization files for a type of user.
Copy the default user initialization files into the directories that you created for different types of users.
```
# cp /etc/skel/local.cshrc /shared-dir/skel/user-type/.cshrc
# cp /etc/skel/local.login /shared-dir/skel/user-type/.login
# cp /etc/skel/local.profile /shared-dir/skel/user-type/.profile
```
Note - If the account has profiles assigned to it, then the user has to launch a special version of the shell called a profile shell to use commands (with any security attributes) that are assigned to the profile. There are three profile shells corresponding to the types of shells: pfsh (Bourne shell), pfcsh (C shell), and pfksh (Korn shell). For information about profile shells, see Role-Based Access Control (Overview) in System Administration Guide: Security Services.
Edit the user initialization files for each user type and customize them based on your site's needs.
For a detailed description on the ways to customize the user initialization files, see Customizing a User's Work Environment.
Set the permissions for the user initialization files.
```
# chmod 744 /shared-dir/skel/user-type/.*
```
Verify that the permissions for the user initialization files are correct.
```
# ls -la /shared-dir/skel/*
```

Example 5-1 Customizing User Initialization Files

The following example shows how to customize the C-shell user initialization file in the /export/skel/enduser directory designated for a particular type of user. For an example of a .cshrc file, see Example 4-3.

# mkdir /export/skel/enduser
# cp /etc/skel/local.cshrc /export/skel/enduser/.cshrc
 
(Edit .cshrc file)
# chmod 744 /export/skel/enduser/.*

How to Add a Group With the Solaris Management Console's Groups Tool

You can add existing users to the group when you add the group. Or, you can just add the group and then add the user to the group when you add the user.

Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Start the Solaris Management Console.
```
# /usr/sadm/bin/smc &
```
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
Click the This Computer icon under the Management Tools icon in the Navigation pane.
A list of categories is displayed.
(Optional) Select the appropriate toolbox for your name service environment.
Click the System Configuration icon.
Click the User icon and provide the superuser password or the role password.
Click the Groups icon. Select Add Group from the Action menu.
Use the Context help to add a group to the system.
Identify the group name at the Group Name prompt under Group Identification.
For example, mechanoids.
Identify the group number at the Group ID number prompt.
For example, GID 101.
Click OK.

How to Add a User With the Solaris Management Console's Users Tool

Use the following procedure to add a user with the Solaris Management Console's Users tool.

Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Start the Solaris Management Console.
```
# /usr/sadm/bin/smc &
```
For more information on starting the Solaris Management Console, see How to Start the Console as Superuser or as a Role or How to Start the Solaris Management Console in a Name Service Environment.
Click the This Computer icon under the Management Tools icon in the Navigation pane.
A list of categories is displayed.
(Optional) Select the appropriate toolbox for your name service environment.
Click the System Configuration icon.
Click the User icon and provide the superuser password or the role password.
Click the User Accounts icon.
Use the Context help to add a user to the system.
Select Add User⇒With Wizard from the Action menu.
Click Next between the steps below.
1. Identify the user name or login name at the User Name prompt.
  For example, kryten
2. (Optional) Identify the user's full name at the Full Name prompt.
  For example, kryten series 3000.
3. (Optional) Provide a further description of this user at the Description prompt.
4. Provide the user ID at the User ID Number prompt.
  For example, 1001.
5. Select the User Must Use This Password At First Login option.
  Provide a password for the user at the Password prompt and then confirm the password at the Confirm Password prompt.
6. Select the user's primary group.
  For example, mechanoids.
7. Create the user's home directory by accepting the defaults at the Server and Path prompts.
8. Specify the mail server.
9. Review the information you provided and go back to correct the information, if necessary. Otherwise, click Finish.

Adding Groups and Users With Command-Line Tools

This section provides examples of adding users and groups with command-line tools.

Adding a Group and User With the `groupadd` and `useradd` Commands

The following example shows how to use the groupadd and useradd commands to add the group scutters and the user scutter1 to files on the local system. These commands cannot be used to manage users in a name service environment.

# groupadd -g 102 scutters
# useradd -u 1003 -g 102 -d /export/home/scutter1 -s /bin/csh \ -c "Scutter 1" -m -k /etc/skel scutter1
64 blocks

For more information, see the groupadd(1M) and useradd(1M) man pages.

Adding a Group and User With the `smgroup` and `smuser` Commands

The following example shows how to use the smgroup and smuser commands to add the group gelfs and the user camille to the NIS domain solar.com on the host starlite.

# /usr/sadm/bin/smgroup add -D nis:/starlitesolar.com -- -g 103 -n gelfs
# /usr/sadm/bin/smuser add -D nis:/starlite/solar.com -- -u 1004 
-n camille -c "Camille G." -d /export/home/camille -s /bin/csh -g gelfs

For more information, see the smgroup(1M) and smuser(1M) man pages.

Setting Up Home Directories With the Solaris Management Console

Keep the following in mind when using the Solaris Management Console tools to manage user home directories:

If you use the Users tool's Add User Wizard to add a user account and you specify the user's home directory as /export/home/username, the home directory is automatically set up to automount. Also, the following entry is added to the passwd file.
```
/home/username
```
There is only way you can use Users tool to set up a user account that does not automount the home directory. First, set up a user account template that disables this feature. Then, add users with this template. You cannot disable this feature with the Add User Wizard.
You can use the smuser add command with the -x autohome=N option to add a user without automounting the user's home directory. However, there is no option to the smuser delete command to remove the home directory after the user is added. You would have to remove the user and the user's home directory with the Users tool.

How to Share a User's Home Directory

Use the following procedure to share a user's home directory.

Become superuser or assume an equivalent role on the system that contains the home directory.
Verify that the mountd daemon is running.
In this release, mountd is now started as part of the NFS server service. To see if the mountd daemon is running, type the following command:
```
# svcs network/nfs/server
STATE          STIME    FMRI
online         Aug_26   svc:/network/nfs/server:default
```
If the mountd daemon is not running, start it.
```
# svcadm network/nfs/server
```
List the file systems that are shared on the system.
```
# share
```
Select one of the following based on whether the file system that contains the user's home directory is already shared.
1. If the user's home directory is already shared, go to the step 8.
2. If the user's home directory is not shared, go to Step 6.
Edit the /etc/dfs/dfstab file and add the following line:
```
share -F nfs /file-system
```
/file-system is the file system that contains the user's home directory that you need to share. By convention, the file system is /export/home.
Share the file systems listed in the /etc/dfs/dfstab file.
```
# shareall -F nfs
```
This command executes all the share commands in the /etc/dfs/dfstab file so that you do not have to wait to reboot the system.
Verify that a user's home directory is shared.
```
# share
```

Example 5-2 Sharing a User's Home Directory

The following example shows how to share the /export/home directory.

# svcs network/nfs/server
# svcadm network/nfs/server
# share
# vi /etc/dfs/dfstab
 
(The line share -F nfs /export/home is added.)
# shareall -F nfs
# share
-               /usr/dist                ro   "" 
-               /export/home/user-name     rw   ""

How to Mount a User's Home Directory

For information on automounting a home directory, see Task Overview for Autofs Administration in System Administration Guide: Network Services.

Make sure that the user's home directory is shared.
For more information, see How to Share a User's Home Directory.
Log in as superuser on the user's system.
Edit the /etc/vfstab file and create an entry for the user's home directory.
```
system-name:/export/home/user-name - /export/home/username nfs - yes rw
```
system-name

The name of the system where the home directory is located.

/export/home/username

The name of the user's home directory that will be shared. By convention, /export/home/username contains user home directories. However, you can use a different file system.

-

Required placeholders in the entry.

/export/home/username

The name of the directory where the user's home directory will be mounted.

For more information about adding an entry to the /etc/vfstab file, see Mounting File Systems in System Administration Guide: Devices and File Systems.
Create the mount point for the user's home directory.
```
# mkdir -p /export/home/username
```
Mount the user's home directory.
```
# mountall
```
All entries in the current vfstab file (whose mount at boot fields are set to yes) are mounted.
Verify that the home directory is mounted.
```
# mount | grep username
```

Example 5-3 Mounting a User's Home Directory

The following example shows how to mount user ripley's home directory.

# vi /etc/vfstab
 
(The line venus:/export/home/ripley - /export/home/ripley
nfs - yes rw is added.)
# mkdir -p /export/home/ripley
# mountall
# mount
/ on /dev/dsk/c0t0d0s0 read/write/setuid/intr/largefiles/xattr/onerror=panic/dev=...
/devices on /devices read/write/setuid/dev=46c0000 on Thu Jan  8 09:38:19 2004
/usr on /dev/dsk/c0t0d0s6 read/write/setuid/intr/largefiles/xattr/onerror=panic/dev=...
/proc on /proc read/write/setuid/dev=4700000 on Thu Jan  8 09:38:27 2004
/etc/mnttab on mnttab read/write/setuid/dev=47c0000 on Thu Jan  8 09:38:27 2004
/dev/fd on fd read/write/setuid/dev=4800000 on Thu Jan  8 09:38:30 2004
/var/run on swap read/write/setuid/xattr/dev=1 on Thu Jan  8 09:38:30 2004
/tmp on swap read/write/setuid/xattr/dev=2 on Thu Jan  8 09:38:30 2004
/export/home on /dev/dsk/c0t0d0s7 read/write/setuid/intr/largefiles/xattr/onerror=...
/export/home/ripley on venus:/export/home/ripley remote/read/write/setuid/xattr/dev=...