About Users Tools
Six tools are available through the Solaris Management Console (SMC) for managing user accounts, information related to users, and rights that can be granted or denied to users.
- User Accounts -- Add and maintain user accounts (including home directory and password information), assign rights to users, specify which administrative roles (see Administrative Roles, below) each user may assume (if any), and set default user policies.
- User Templates -- Add and maintain named sets of properties (templates) as starting points when adding new user accounts. You might, for example, create a template to use for adding new user accounts for administrative personnel, or one for new marketing department user accounts.
- Rights -- Grant users the ability to perform administrative tasks by using a named collection, called a "right," that includes commands and authorizations to use specific applications (or to perform specific functions within an application). Rights can be granted directly to the user, or can be granted to a role the user can then assume. A comprehensive set of rights is included with the SMC. You can also modify existing rights or add rights.
- Administrative Roles -- These special accounts provide one way to make rights available to administrators. (The other way is to assign rights directly to users.) By assigning rights to roles and specifying who can assume each role, you can make each role (and the ability to perform the administrative tasks allowed by the role) available to administrators. Users who assume a role relinquish their own user account attributes and take on all attributes of the role.
- Groups -- Add user groups and maintain the list of group members for each.
- Mailing Lists -- Add mailing lists and maintain the recipients for each.
Commands
In addition to the graphical user interface for managing users, individual commands enable you to perform operations through the command line interface.
For additional information about each command, see the man page for each.
smprofile
- add, delete, modify, or list a profile (right) in the prof_attr
database
smexec
- add, delete, or modify an entry in the exec_attr
database
smuser
- add, delete, modify, or list a user entry
smmultiuser
- bulk add, delete, or modify of multiple user entries
smmaillist
- add, delete, modify, or list email alias entries
smgroup
- add, delete, modify, or list group entries
smrole
- add, delete, modify, or list role entries
smattrpop
- populate security attribute databases in a name service