add administrator user to system Post: 302356418

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to add user on Embedded System

The directions below were provided by someone on the unslung mailing list. unslung is a linux OS for LinkSys's $100 NSLU2 NAS controller. I'm posting the query here because (1) I think it is really a generic linux/unix questions (2) I did not get a response in the unslung mailing list. I...

2. What is on Your Mind?

I want to become a System Administrator

Has anyone got any advice on how I can get a job as a Unix/Solaris system administrator? My current job is supporting an application that runs on Solaris servers. I have very minimal Solaris/Unix skills but would like to expand on them with the aim of getting a junior sys admin role. I have...

3. AIX

Test 223: System p Administrator

Please may you help me with specific study packs, redbooks etc that may help me pass this certification. Also can you advise me the best AIX certification course as I am new to AIX, coming from solaris and networking environments. Thanx

4. Advertise with Us

Needed: Sr. System Administrator

Composite Software, Inc. is hiring! Sr. System Administrator Location: San Mateo, CA REQ: 10-22 Reports to: IT Manager Job Description Composite Software is hiring a full-time System Administrator. The system administrator will be responsible for installing,...

5. Shell Programming and Scripting

Shell Scripting for System Administrator

Hello All, If possible can anybody kindly let me know the good shell scripting book for system Administrator. Thanks & Regards, Vinay.K.S

6. What is on Your Mind?

Know your System Administrator

Couldn't resist: www.gnu.org/fun/jokes/know.your.sysadmin.html

7. UNIX for Advanced & Expert Users

Linux System Administrator for a role in CH

Hi guys I hope I will not break any rules and guidelines on the forum with this post. I am Admir, working as a recruiter for execIT Recruitment Zurich, Switzerland. Our client is an urgent need of a linux system administrator/support analyst who has trading floor experience and is eligible...

8. UNIX for Dummies Questions & Answers

Becoming a system administrator, need some advice.

I've been learning linux and solaris for the past couple months and have been thinking about seeking a systems admin career. Is it worth it to learn solaris? Do many companies really use it or is it a waste of my time? Would learning just linux be a better idea? I see there's more opportunity as a...

LEARN ABOUT SUNOS

user_attr

user_attr(4)							   File Formats 						      user_attr(4)

NAME

       user_attr - extended user attributes database

SYNOPSIS

       /etc/user_attr

DESCRIPTION

       /etc/user_attr  is  a  local source of extended attributes associated with users and roles. user_attr can be used with other user attribute
       sources, including the LDAP people container, the user_attr NIS map, and the user_attr NIS+ table.  Programs  use  the  getuserattr(3SECDB)
       routines to gain access to this information.

       The search order for multiple user_attr sources is specified in the /etc/nsswitch.conf file, as described in the nsswitch.conf(4) man page.
       The search order follows that for passwd(4).

       Each entry in the user_attr databases consists of a single line with five fields separated by colons  (:).  Line  continuations	using  the
       backslash () character are permitted. Each entry has the form:

       user:qualifier:res1:res2:attr

       user

	   The name of the user as specified in the passwd(4) database.

       qualifier

	   Reserved for future use.

       res1

	   Reserved for future use.

       res2

	   Reserved for future use.

       attr

	   An  optional  list  of semicolon-separated (;) key-value pairs that describe the security attributes to apply to the object upon execu-
	   tion. Zero or more keys may be specified. The following keys are currently interpreted by the system:

	   auths

	       Specifies a comma-separated list of authorization names chosen from those names defined in the auth_attr(4) database. Authorization
	       names  may  be  specified using the asterisk (*) character as a wildcard. For example, solaris.printer.* means all of Sun's printer
	       authorizations.

	   profiles

	       Contains an ordered, comma-separated list of profile names chosen from prof_attr(4). Profiles are enforced by the  profile  shells,
	       pfcsh,  pfksh,  and  pfsh. See pfsh(1). A default profile is assigned in /etc/security/policy.conf (see policy.conf(4)). If no pro-
	       files are assigned, the profile shells do not allow the user to execute any commands.

	   roles

	       Can be assigned a comma-separated list of role names from the set of user accounts in this database whose type field indicates  the
	       account is a role. If the roles key value is not specified, the user is not permitted to assume any role.

	   type

	       Can be assigned one of these strings: normal, indicating that this account is for a normal user, one who logs in; or role, indicat-
	       ing that this account is for a role. Roles can only be assumed by a normal user after the user has logged in.

	   project

	       Can be assigned a name of one project from the project(4) database to be used as a default project to place the user  in  at  login
	       time. For more information, see getdefaultproj(3PROJECT).

	   defaultpriv

	       The default set of privileges assigned to a user's inheritable set upon login.

	   limitpriv

	       The maximum set of privileges a user or any process started by the user, whether through su(1M) or any other means, can obtain. The
	       system administrator must take extreme care when removing privileges from the limit set. Removing any basic privilege has the abil-
	       ity of crippling all applications; removing any other privilege can cause many or all applications requiring privileges to malfunc-
	       tion.

	       See privileges(5) for a description of privileges. The command ppriv -l (see ppriv(1)) produces a list of all supported privileges.
	       Note  that  you specify privileges as they are displayed by ppriv. In privileges(5), privileges are listed in the form PRIV_<privi-
	       lege_name>. For example, the privilege  file_chown,  as	you  would  specify  it  in  user_attr,  is  listed  in  privileges(5)	as
	       PRIV_FILE_CHOWN.

	   lock_after_retries

	       Specifies  whether an account is locked after the count of failed logins for a user equals or exceeds the allowed number of retries
	       as defined by RETRIES in /etc/default/login. Possible values are yes or no. The default is no. Account locking is  applicable  only
	       to local accounts.

       Except for the type key, the key=value fields in /etc/user_attr can be added using roleadd(1M) and useradd(1M). You can use rolemod(1M) and
       usermod(1M) to modify key=value fields in /etc/user_attr. Modification of the type key is restricted as described in rolemod and usermod.

EXAMPLES

       Example 1: Assigning a Profile to Root

       The following example entry assigns to root the All profile, which allows root to use all commands in the  system,  and	also  assigns  two
       authorizations:

       root::::auths=solaris.*,solaris.grant;profiles=All;type=normal

       The  solaris.* wildcard authorization shown above gives root all the solaris authorizations; and the solaris.grant authorization gives root
       the right to grant to others any solaris authorizations that root has. The combination of authorizations enables root to  grant	to  others
       all the solaris authorizations. See auth_attr(4) for more about authorizations.

FILES

       /etc/nsswitch.conf

	   See nsswitch.conf(4).

       /etc/user_attr

	   Described here.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       auths(1),  pfcsh(1),  pfksh(1),	pfsh(1),  ppriv(1), profiles(1), roles(1), roleadd(1M), rolemod(1M), useradd(1M), usermod(1M), getdefault-
       proj(3PROJECT), getuserattr(3SECDB), auth_attr(4), exec_attr(4), nsswitch.conf(4),  passwd(4),  policy.conf(4),	prof_attr(4),  project(4),
       attributes(5), privileges(5)

NOTES

       When  deciding  which  authorization source to use, if you are not using LDAP, keep in mind that NIS+ provides stronger authentication than
       NIS.

       The root user is usually defined in local databases for a number of reasons, including the fact that root needs to be able to log in and do
       system maintenance in single-user mode, before the network name service databases are available. For this reason, an entry should exist for
       root in the local user_attr file, and the precedence shown in the example nsswitch.conf(4) file entry under EXAMPLES is highly recommended.

       Because the list of legal keys is likely to expand, any code that parses this database must be written to ignore  unknown  key-value  pairs
       without error. When any new keywords are created, the names should be prefixed with a unique string, such as the company's stock symbol, to
       avoid potential naming conflicts.

       In the attr field, escape the following symbols with a backslash () if you use them in any  value:  colon  (:),  semicolon  (;),  carriage
       return (
), equals (=), or backslash ().

SunOS 5.10							    16 Mar 2004 						      user_attr(4)