rolemod(1M) System Administration Commands rolemod(1M)
rolemod - modify a role's login information on the system
rolemod [ -u uid [-o]] [-g group] [ -G group [ , group...]] [ -d dir [-m]] [-s shell] [-c comment] [-l new_name] [-f inactive] [-e expire]
[-A authorization [, authorization]] [-P profile [, profile]] [-K key=value] role
The rolemod utility modifies a role's login information on the system. It changes the definition of the specified login and makes the
appropriate login-related system file and file system changes.
The system file entries created with this command have a limit of 512 characters per line. Specifying long arguments to several options may
exceed this limit.
The following options are supported:
-A authorization One or more comma separated authorizations as deined in auth_attr(4). Only role with grant rights to the autho-
rization can assign it to an account. This replaces any existing authorization setting. If no authorization list is
specified, the existing setting is removed.
-c comment Specify a comment string. comment can be any text string. It is generally a short description of the login, and is
currently used as the field for the user's full name. This information is stored in the user's /etc/passwd entry.
-d dir Specify the new home directory of the role. It defaults to base_dir/login, where base_dir is the base directory
for new login home directories, and login is the new login.
-e expire Specify the expiration date for a role. After this date, no role will be able to access this login. The expire
option argument is a date entered using one of the date formats included in the template file /etc/datemsk. See
For example, you may enter 10/6/90 or October 6, 1990. A value of `` '' defeats the status of the expired date.
-f inactive Specify the maximum number of days allowed between uses of a login ID before that login ID is declared invalid.
Normal values are positive integers. A value of 0 defeats the status.
-g group Specify an existing group's integer ID or character-string name. It redefines the role's primary group membership.
-G group Specify an existing group's integer "ID" "," or character string name. It redefines the role's supplementary group
membership. Duplicates between group with the -g and -G options are ignored. No more than NGROUPS_UMAX groups may
be specified as defined in <param.h>.
-K key=value Replace existing or add to a role's key=value pair attributes. Multiple -K options may be used to replace or add
multiple key=value pairs. The generic -K option with the appropriate key may be used instead of the specific
implied key options (-A and -P). See user_attr(4) for a list of valid key=value pairs. Keys may not be repeated.
Specifying a key= without a value removes an existing key=value pair. The "type" key may only be specified without
a value or with the "normal" value for this option. Specifying the "type" key without a value leaves the account as
a normal user, with the "role" value changing from a role user to a normal user.
-l new_logname Specify the new login name for the role. The new_logname argument is a string no more than eight bytes consisting
of characters from the set of alphabetic characters, numeric characters, period (.), underline (_), and hypen (-).
The first character should be alphabetic and the field should contain at least one lower case alphabetic character.
A warning message will be written if these restrictions are not met.
A future Solaris release may refuse to accept login fields that do not meet these requirements. The new_logname
argument must contain at least one character and must not contain a colon (:) or NEWLINE (
-m Move the role's home directory to the new directory specified with the -d option. If the directory already exists,
it must have permissions read/write/execute by group, where group is the role's primary group.
-o This option allows the specified UID to be duplicated (non-unique).
-P profile One or more comma-separated execution profiles defined in auth_attr(4). This replaces any existing profile set-
ting. If no profile list is specified, the existing setting is removed.
-s shell Specify the full pathname of the program that is used as the role's shell on login. The value of shell must be a
valid executable file.
-u uid Specify a new UID for the role. It must be a non-negative decimal integer less than MAXUID as defined in
<param.h>. The UID associated with the role's home directory is not modified with this option; a role will not have
access to their home directory until the UID is manually reassigned using chown(1).
The following operands are supported:
login An existing login name to be modified.
In case of an error, rolemod prints an error message and exits with one of the following values:
2 The command syntax was invalid. A usage message for the rolemod command is displayed.
3 An invalid argument was provided to an option.
4 The uid given with the -u option is already in use.
5 The password files contain an error. pwconv(1M) can be used to correct possible errors. See passwd(4).
6 The login to be modified does not exist, the group does not exist, or the login shell does not exist.
8 The login to be modified is in use.
9 The new_logname is already in use.
10 Cannot update the /etc/group or /etc/user_attr file. Other update requests will be implemented.
11 Insufficient space to move the home directory (-m option). Other update requests will be implemented.
12 Unable to complete the move of the home directory to the new home directory.
/etc/group system file containing group definitions
/etc/datemsk system file of date formats
/etc/passwd system password file
/etc/shadow system file containing users' and roles' encrypted passwords and related information
/etc/usr_attr system file containing additional user and role attributes
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|Availability |SUNWcsu |
|Interface Stability |Evolving |
chown(1), passwd(1), users(1B), groupadd(1M), groupdel(1M), groupmod(1M), logins(1M), pwconv(1M), roleadd(1M), roledel(1M), useradd(1M),
userdel(1M), usermod(1M), getdate(3C), auth_attr(4), passwd(4), attributes(5)
SunOS 5.10 1 Jul 2004 rolemod(1M)