Maintenance Commands                                  useradd(1M)


useradd - administer a new user login on the system


useradd [ -c comment ] [ -d dir ] [ -e expire ] [ -f inactive ] [ -g group ] [ -G group [, group ... ] ] [ -m [ -k skel_dir ] ] [ -u uid [ -o ] ] [ -s shell ] [ -A authorization [,authorization... ] ] [ -P profile [ ,profile... ] ] [ -R role [ ,role... ] ] [ -p projname ] login useradd -D [ -b base_dir ] [ -e expire ] [ -f inactive ] [ -g group ] [ -p projname ]


useradd adds a new user to the /etc/passwd and /etc/shadow" and /etc/user_attr files. The -A and -P options respectively assign authorizations and profiles to the user. The -R option assigns roles to a user. The -p option associates a project with a user. useradd also creates supplementary group memberships for the user (-G option) and creates the home directory (-m option) for the user if requested. The new login remains locked until the passwd(1) command is executed. Specifying useradd -D with the -g, -b, -f, -e, -A, -P, -p, or -R option (or any combination of these options) sets the default values for the respective fields. See the -D option, below. Subsequent useradd commands without the -D option use these arguments. The system file entries created with this command have a limit of 512 characters per line. Specifying long arguments to several options can exceed this limit. The login (login) and role (role) fields accept a string of no more than eight bytes consisting of characters from the set of alphabetic characters, numeric characters, period (.), underscore (_), and hyphen (-). The first character should be alphabetic and the field should contain at least one lower case alphabetic character. A warning message will be written if these restrictions are not met. A future Solaris release may refuse to accept login and role fields that do not meet these requirements. The login and role fields must contain at least one charac- ter and must not contain a colon (:) or a newline (\n).


The following options are supported: -A authorization One or more comma separated authorizations defined in auth_attr(4). Only a user or role who has grant rights to the authorization can assign it to an account. -b base_dir The default base directory for the system if -d dir is not specified. base_dir is concatenated with the account name to define the home directory. If the -m option is not used, base_dir must exist. -c comment Any text string. It is generally a short description of the login, and is currently used as the field for the user's full name. This information is stored in the user's /etc/passwd entry. -d dir The home directory of the new user. It defaults to base_dir/account_name, where base_dir is the base directory for new login home directories and account_name is the new login name. -D Display the default values for group, base_dir, skel_dir, shell, inactive, expire, proj and projname. When used with the -g, -b, -f, -e, -A, -P, -p, or -R options, the -D option sets the default values for the specified fields. The default values are: group other (GID of 1) base_dir /home skel_dir /etc/skel shell /bin/sh" inactive 0 expire null auths null profiles null proj 3 projname default roles null -e expire Specify the expiration date for a login. After this date, no user will be able to access this login. The expire option argument is a date entered using one of the date formats included in the template file /etc/datemsk. See getdate(3C). If the date format that you choose includes spaces, it must be quoted. For example, you can enter 10/6/90 or "October 6, 1990". A null value (" ") defeats the status of the expired date. This option is useful for creating temporary logins. -f inactive The maximum number of days allowed between uses of a login ID before that ID is declared invalid. Normal values are positive integers. A value of 0 defeats the status. -g group An existing group's integer ID or character-string name. Without the -D option, it defines the new user's primary group membership and defaults to the default group. You can reset this default value by invoking useradd -D -g group. -G group An existing group's integer ID or character-string name. It defines the new user's supplementary group membership. Duplicates between group with the -g and -G options are ignored. No more than NGROUPS_MAX groups can be specified. -k skel_dir A directory that contains skeleton information (such as .profile) that can be copied into a new user's home directory. This directory must already exist. The sys- tem provides the /etc/skel directory that can be used for this purpose. -m Create the new user's home directory if it does not already exist. If the directory already exists, it must have read, write, and execute permissions by group, where group is the user's primary group. -o This option allows a UID to be duplicated (non- unique). -P profile One or more comma-separated execution profiles defined in prof_attr(4). -p projname Name of the project with which the added user is asso- ciated. See the projname field as defined in pro- ject(4). -R role One or more comma-separated execution profiles defined in user_attr(4). Roles cannot be assigned to other roles. -s shell Full pathname of the program used as the user's shell on login. It defaults to an empty field causing the system to use /bin/sh as the default. The value of shell must be a valid executable file. -u uid The UID of the new user. This UID must be a non- negative decimal integer below MAXUID as defined in <sys/param.h>. The UID defaults to the next available (unique) number above the highest number currently assigned. For example, if UIDs 100, 105, and 200 are assigned, the next default UID number will be 201. (UIDs from 0-99 are reserved for possible use in future applications.)


/etc/datemsk /etc/passwd" /etc/shadow" /etc/group" /etc/skel /usr/include/limits.h /etc/user_attr"


See attributes(5) for descriptions of the following attri- butes: | ATTRIBUTE TYPE | ATTRIBUTE VALUE | |_____________________________|_____________________________| | Availability | SUNWcsu | |_____________________________|_____________________________|


passwd(1), profiles(1), roles(1), users(1B), groupadd(1M), groupdel(1M), groupmod(1M), grpck(1M), logins(1M), pwck(1M), userdel(1M), usermod(1M), getdate(3C), auth_attr(4), passwd(4), prof_attr(4), project(4), user_attr(4), attri- butes(5)


In case of an error, useradd prints an error message and exits with a non-zero status. The following indicates that login specified is already in use: UX: useradd: ERROR: login is already in use. Choose another. The following indicates that the uid specified with the -u option is not unique: UX: useradd: ERROR: uid uid is already in use. Choose another. The following indicates that the group specified with the -g option is already in use: UX: useradd: ERROR: group group does not exist. Choose another. The following indicates that the uid specified with the -u option is in the range of reserved UIDs (from 0-99): UX: useradd: WARNING: uid uid is reserved. The following indicates that the uid specified with the -u option exceeds MAXUID as defined in <sys/param.h>: UX: useradd: ERROR: uid uid is too big. Choose another. The following indicates that the /etc/passwd or /etc/shadow" files do not exist: UX: useradd: ERROR: Cannot update system files - login cannot be created.


The useradd utility adds definitions to only the local /etc/group, etc/passwd, /etc/passwd, /etc/shadow, /etc/project, and /etc/user_attr files. If a network name service such as NIS or NIS+ is being used to supplement the local /etc/passwd file with additional entries, useradd can- not change information supplied by the network name service. However useradd will verify the uniqueness of the user name (or role) and user id and the existence of any group names specified against the external name service.