Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
rolemod(1M)		System Administration Commands		   rolemod(1M)

       rolemod - modify	a role's login information on the system

       rolemod	[  -u uid  [-o]] [-g group] [ -G group [ , group...]] [	-d dir
       [-m]] [-s shell]	[-c comment] [-l new_name]  [-f	inactive]  [-e expire]
       [-A  authorization   [,	authorization]]	 [-P profile  [, profile]] [-K
       key=value] role

       The rolemod utility modifies a role's login information on the  system.
       It  changes  the	definition of the specified login and makes the	appro-
       priate login-related system file	and file system	changes.

       The system file entries created with this command have a	limit  of  512
       characters  per	line. Specifying long arguments	to several options may
       exceed this limit.

       The following options are supported:

       -A authorization	       One or more comma separated  authorizations  as
			       deined  in  auth_attr(4).  Only role with grant
			       rights to the authorization can assign it to an
			       account.	 This replaces any existing authoriza-
			       tion setting. If	no authorization list is spec-
			       ified, the existing setting is removed.

       -c comment	       Specify	a  comment  string. comment can	be any
			       text string. It is generally a  short  descrip-
			       tion of the login, and is currently used	as the
			       field for the user's full name.	This  informa-
			       tion  is	 stored	in the user's  /etc/passwd en-

       -d dir		       Specify the new home directory of the role.  It
			       defaults	to  base_dir/login, where  base_dir is
			       the base	directory for new login	home  directo-
			       ries, and  login	is the new login.

       -e expire	       Specify	the expiration date for	a role.	 After
			       this date, no role will be able to access  this
			       login. The expire option	argument is a date en-
			       tered using one of the date formats included in
			       the   template	file  /etc/datemsk.  See  get-

			       For example, you	may enter 10/6/90 or   October
			       6, 1990.	A value	of `` '' defeats the status of
			       the expired date.

       -f inactive	       Specify the maximum number of days allowed  be-
			       tween  uses  of a login ID before that login ID
			       is declared invalid.  Normal values  are	 posi-
			       tive integers. A	value of 0 defeats the status.

       -g group		       Specify an existing group's integer ID or char-
			       acter-string name. It redefines the role's pri-
			       mary group membership.

       -G group		       Specify an existing group's integer "ID"	"," or
			       character string	name. It redefines the	role's
			       supplementary  group membership.	Duplicates be-
			       tween group with	the  -g	and   -G  options  are
			       ignored.	 No  more than NGROUPS_UMAX groups may
			       be specified as defined in  <param.h>.

       -K key=value	       Replace existing	or add to a  role's  key=value
			       pair  attributes.  Multiple  -K	options	may be
			       used  to	 replace  or  add  multiple  key=value
			       pairs.	The  generic -K	option with the	appro-
			       priate key may be used instead of the  specific
			       implied	 key   options	 (-A   and   -P).  See
			       user_attr(4) for	 a  list  of  valid  key=value
			       pairs.  Keys  may not be	repeated. Specifying a
			       key=  without  a	 value	removes	 an   existing
			       key=value  pair.	 The  "type"  key  may only be
			       specified without a value or with the  "normal"
			       value  for  this	 option. Specifying the	"type"
			       key without a value leaves  the	account	 as  a
			       normal  user,  with  the	 "role"	value changing
			       from a role user	to a normal user.

       -l new_logname	       Specify the new login name for the  role.   The
			       new_logname  argument  is a string no more than
			       eight bytes consisting of characters  from  the
			       set  of	alphabetic characters, numeric charac-
			       ters, period (.), underline (_),	and hypen (-).
			       The  first  character  should be	alphabetic and
			       the field should	contain	 at  least  one	 lower
			       case  alphabetic	 character.  A warning message
			       will be written if these	restrictions  are  not
				A  future Solaris release may refuse to	accept
			       login fields that do not	 meet  these  require-
			       ments.	The  new_logname argument must contain
			       at least	one character and must not  contain  a
			       colon (:) or NEWLINE (\n).

       -m		       Move  the  role's home directory	to the new di-
			       rectory specified with the  -d option.  If  the
			       directory  already exists, it must have permis-
			       sions  read/write/execute  by	group,	 where
			       group is	the role's primary group.

       -o		       This  option allows the specified UID to	be du-
			       plicated	(non-unique).

       -P profile	       One or more comma-separated execution  profiles
			       defined in auth_attr(4).	 This replaces any ex-
			       isting profile setting. If no profile  list  is
			       specified, the existing setting is removed.

       -s shell		       Specify	the  full pathname of the program that
			       is used as the role's shell on login. The value
			       of  shell must be a valid executable file.

       -u uid		       Specify	a  new	UID for	the role. It must be a
			       non-negative decimal integer less  than	MAXUID
			       as  defined  in	 <param.h>. The	UID associated
			       with the	role's home directory is not  modified
			       with  this  option; a role will not have	access
			       to their	home directory until the UID is	 manu-
			       ally reassigned using chown(1).

       The following operands are supported:

       login	An existing login name to be modified.

       In  case	 of  an	error,	rolemod	prints an error	message	and exits with
       one of the following values:

       2	The command syntax was invalid.	A usage	message	for the	 role-
		mod command is displayed.

       3	An invalid argument was	provided to an option.

       4	The  uid given with the	 -u option is already in use.

       5	The password files contain an error. pwconv(1M)	can be used to
		correct	possible errors. See passwd(4).

       6	The login to be	modified does not exist, the  group  does  not
		exist, or the login shell does not exist.

       8	The login to be	modified is in use.

       9	The  new_logname is already in use.

       10	Cannot	update	the   /etc/group or /etc/user_attr file. Other
		update requests	will be	implemented.

       11	Insufficient space to move the	home  directory	 (-m  option).
		Other update requests will be implemented.

       12	Unable	to  complete the move of the home directory to the new
		home directory.

       /etc/group	       system file containing group definitions

       /etc/datemsk	       system file of date formats

       /etc/passwd	       system password file

       /etc/shadow	       system file containing users'  and  roles'  en-
			       crypted passwords and related information

       /etc/usr_attr	       system  file  containing	 additional   user and
			       role attributes

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWcsu			   |
       |Interface Stability	     |Evolving			   |

       chown(1),  passwd(1),  users(1B),  groupadd(1M),	 groupdel(1M),	group-
       mod(1M),	logins(1M), pwconv(1M),	roleadd(1M), roledel(1M), useradd(1M),
       userdel(1M), usermod(1M),  getdate(3C),	auth_attr(4),  passwd(4),  at-

SunOS 5.10			  1 Jul	2004			   rolemod(1M)


Want to link to this manual page? Use this URL:

home | help