add a user in solaris 9?

anti.corp · 04-01-2006, 11:24 AM

Hi,

I just installed solaris 9 on my sparc.

How do I add a user, so I dont need to login as root?

Sincerely, Jorgen

AxeZ · 04-01-2006, 03:59 PM

I believe useradd is what you need.

apt-get-dude · 04-02-2006, 03:30 AM

Example:

groupadd -g 100 users
useradd -u 101 -g 100 -md /export/home/user1 -c "new user" -s /bin/ksh user1
passwd user1

anti.corp · 04-02-2006, 06:54 AM

Thanks alot for your help.

I didnt feel that comfortable loggin in as root all the time.

Sincerely, Jorgen

saudoi · 04-02-2006, 06:52 PM

You can login as normal user and su to root whenever you need to add user (or do some admin tasks).

AbrahamJose · 04-03-2006, 12:02 PM

Use smc (Solaris Management Console)

As it is solaris9 U can use admintool also

mdhmi · 04-16-2006, 11:12 PM

You can use SMC (garbage) or the "useradd" command or "vipw" followed by "pwconv" if you know what you're doing.

Mark

sc425000 · 04-17-2006, 04:58 AM

you must have root privileges for add user or do anything tin admin task

jlliagre · 04-17-2006, 05:52 AM

Technically, you do not need to be root to create users under Solaris, you just need to have the privilege to do it.

See for example http://www.softpanorama.org/Solaris/...ris_rbac.shtml for details.

mdhmi · 04-17-2006, 11:41 PM

True, but I've never actually seen people go through the hassle of using RBAC properly. Most folks just use sudo as it's simple and portable.

Don't forget to make a backup of /etc/shadow and /etc/passwd before making any changes.

Mark

jlliagre · 04-18-2006, 02:22 AM

I understand that, and it's the reason why I wrote "technically".

I see however Sun's customers starting to use RBAC, which is far less complicated to set that people usually think.

For example, if I want you to be able to manage user accounts, I simply have to add or update this line in the /etc/user_attr file:

Code:

mdhmi::::type=normal;profiles=User Management

Then you'll be able for example to run "pfexec useradd" to create a user account.

If you want to be able to call useradd stile commands without the pfexec prefix, your shell can be replaced by an RBAC aware shell, like /usr/bin/pfksh, in the /etc/passwd file.

I wouldn't say all this is that more complicated than sudo.

It is actually simpler in that example, given the fact the required profile already exists.

javier.e.menendez · 04-18-2006, 09:58 AM

Although sudo is commonly used, there is nothing difficult about rbac.

Here is an example on how to create a role with a brand new privilege from scratch.

---

1. Create a regular user

# groupadd -g 100 users

# useradd -u 100 -g 100 -md /export/home/user1 -s /bin/ksh user1
# passwd user1 <- make it user1

2. Verify if the user is associated to any roles

# roles user1
No roles

3. Create a role (special account) that will be able to halt the system

# roleadd -u 200 -g 10 -md /export/home/halt halt
# passwd halt <- make it halt1

4. Verify the automatic changes in /etc/user_attr

# grep halt /etc/user_attr
halt::::type=role;profiles=All

5. Create a profile for the role account

# echo halt:::halting profile for halt role: >> /etc/security/prof_attr

# grep halt /etc/security/prof_attr
halt:::halting profile for halt role:

6. Add the profile to the role account

# rolemod -P halt halt

# grep halt /etc/user_attr
halt::::type=role;profiles=halt

7. Assign the role to the existing user

# usermod -R halt user1

# grep halt /etc/user_attr
halt::::type=role;profiles=halt
user1::::type=normal;roles=halt

# roles user1
halt

8. Specify the command to be run by the role account

# echo halt:suser:cmd:::/usr/sbin/halt:euid=0 >> /etc/security/exec_attr

9. Test your configuration as the user user1 [should fail]

# su – user1

$ /usr/sbin/halt
halt: permission denied

10. Test your configuration after switching users to the role halt [should work]

# su – user1 ; su - halt

# /usr/sbin/halt <- the system should halt now

jlliagre · 04-18-2006, 11:27 AM

Just a warning, "halt" is a command that shoulnd't be generally used to shutdown a Solaris box, especially when services are enabled, because it doesn't go to the smf services shutdown, nor the rc kill commands.

The recommended way is using "init 5" or "shutdown -y -i 5 -g 0".

Also, to allow a user to shutdown a machine, you can simply give this user the "Maintenance and Repair" role.

javier.e.menendez · 04-19-2006, 07:14 AM

There you go again,

This is just an example and by the way, init 5 is not the prefered way to halt, it is
instead init 0. init 5 is the prefered way to poweroff.

mdhmi · 04-19-2006, 09:53 AM

I agree Javier that RBAC is useable, we have used it on and off over the years in our environment. Our corporate directive is portability, which is why we usually use sudo as we have a mixed Solaris / AIX environment.

Mark